apologies in advance if any mistakes are made with this post.
First this post is in relation to my academic piece of work. I am doing a forensic analysis of private browsing modes. This includes IE9, Chrome, Firefox and Safari. I am currently doing a literature review.
I have found that private browsers use techniques like PDE, PTE and overwriting all process memory. I believe these techniques are planted to be performed when a private browsing session ends. I wanted some advice on these techniques and wanted you to shed some light on any information towards 'How a private browser hides or eliminates any traces of browsing activity'
As you know in windows a deleted file is still residing on the hard drive but just hidden away from the common user. Well i was wondering, when a private browsing session ID is created and then deleted does this mean the session ID is still on the hardrive? If anyone can shed me some information on this would be very grateful.
I have tried to look into PDE and PTE (page descriptor table entries and page table entries), it seems like a difficult concept, again if anyone can shed some light on the two techniques and how they are used within private browsers.
The other technique i have found is a private browser overwrites all process memory, my question is does this leave any artifacts, is process memory relevant in a dead investigation?
Any questions, if i have caused confusion, feel free to ask.
Thank you in advance for any of you who assist me.
InPrivate 😉
First this post is in relation to my academic piece of work. I am doing a forensic analysis of private browsing modes. This includes IE9, Chrome, Firefox and Safari. I am currently doing a literature review.
Or is your post also an exercise for it?
lol okay, i am only making it abit more intresting for you to read.
Pretty sure I read a paper on this about a year ago, google scholar is your friend
Pretty sure I read a paper on this about a year ago, google scholar is your friend
Thank You, i will have a look later today )