RECONSTRUCTING USER ACTIVITY THROUGH BROWSER FORENSICS BY EXAMINING TECHNIQUES AND ETHICAL CONSIDERATIONS

Priya Kumari; Kapil Shukla; Krishna Modi

doi:10.29121/digisecforensics.v2.i2.2025.67

Authors

Priya Kumari National Forensic Sciences University
Dr. Kapil Shukla Assistant Professor at School of Forensic Science, National Forensic Sciences University, Gandhinagar, Gujarat.
Dr. Krishna Modi Ph. D. in the field of Machine Learning, Database management Systems, Machine learning, and Data Structure, National Forensic Sciences University.

DOI:

https://doi.org/10.29121/digisecforensics.v2.i2.2025.67

Keywords:

Browser Forensics, Memory Forensics, Browsing Modes, Artifact Recovery, Volatile Data, Saas Platforms

Abstract

It is a study based on the importance of web browsers as we use it in everyday life and primary sources of online evidence for investigation. This perspective extends beyond the technical, including the human and investment aspects that create the constant evolution of browser forensics over recent years. By examining research that utilizes a range of forensic tools and methodologies and also the study identifies how investigators extract and analyze these artifacts to reconstruct timelines, track user actions, and recover deleted and hidden information. As with the time browsers continue to integrate advanced privacy features with synchronization across devices and stronger encryption forensic methods must evolve accordingly. This review highlights how advancements in technology compel ongoing improvements in forensic strategies and emphasizes the need for adaptive, ethical, and well-validated approaches. By the advancements of browser usage, the potential for cybercrime is also increasing and by that it is very crucial for investigators to understand browser forensics to retrieve the essential evidences. Researchers have to work ethically and balancing rigorous forensic analysis with concerns about preserving user’s privacy, and most of the research reviewed in this paper discussed about this dilemma. This study analyses and examines browsers artifacts e.g. cache, cookies, and history in normal, private, and portable modes in different commonly used browsers by using different multiple tools and methodologies.it also helps to recover meeting data, user details, and encrypted content by memory and browser forensics in SaaS platforms. The paper discussed how technological development compels forensic methods to evolve continuously.

References

Adesina, A., Adebiyi, A. A., and Ayo, C. (2022). Detection and Extraction of Digital Footprints from the iDrive Cloud Storage Using Web Browser Forensics Analysis. International Journal of Electrical Engineering and Computer Science, 26(1), 550–559. https://doi.org/10.11591/ijeecs.v26.i1.pp550-559 DOI: https://doi.org/10.11591/ijeecs.v26.i1.pp550-559

Akintola, G. B. (2024). Performance Evaluation of Four Different Forensic Tools for Web Browser Analysis. International Journal of Scientific Research in Multidisciplinary Studies, 10(10), 68–82.

Alotibi, A. M., Altaleedi, S. Y., Zia, T., and Qazi, E. U. H. (2024). Examining the Behavior of Web Browsers Using Popular Forensic Tools. International Journal of Digital Crime and Forensics, 16(4). https://doi.org/10.4018/IJDCF.349218 DOI: https://doi.org/10.4018/IJDCF.349218

Amran, M. F. M., Kathiravan, Y., Razali, N. A. M., Ahmad, R. M. T. R. L., Adnan, Z., Rauf, M. F. A., and Shukran, M. A. M. (2020). Secure User Browser Activity Using Hybrid Data Hiding Techniques. International Journal of Recent Technology and Engineering, 9(1), 595–598. https://doi.org/10.35940/ijrte.A2015.059120 DOI: https://doi.org/10.35940/ijrte.A2015.059120

Chand, R. R., Sharma, N. A., and Kabir, M. A. (2025). Advancing Web Browser Forensics: Critical Evaluation of Emerging Tools and Techniques. SN Computer Science, 6(4), 1–28. https://doi.org/10.1007/s42979-025-03921-6 DOI: https://doi.org/10.1007/s42979-025-03921-6

David Mugisha. (2018). Web Browser Forensics: Evidence Collection and Analysis for Most Popular Web Browsers Usage in Windows 10. International Journal of Cyber Criminology, 54(Cyber Investigation), 12. https://doi.org/10.13140/RG.2.2.25857.51049

Fayyad-Kazan, H., Kassem-Moussa, S., Hejase, H. J., and Hejase, A. J. (2021). Forensic Analysis of Private Browsing Mechanisms: Tracing Internet Activities. Journal of Forensic Science and Research. https://doi.org/10.29328/journal.jfsr.1001022 DOI: https://doi.org/10.29328/journal.jfsr.1001022

Fernández-Fuentes, X., Pena, T. F., and Cabaleiro, J. C. (2022). Digital Forensic Analysis Methodology for Private Browsing: Firefox and Chrome on Linux as a Case Study. Computers and Security, 115, Article 102626. https://doi.org/10.1016/j.cose.2022.102626 DOI: https://doi.org/10.1016/j.cose.2022.102626

Flowers, C., Mansour, A., and Al-Khateeb, H. M. (2016). Web Browser Artefacts in Private and Portable Modes: A Forensic Investigation. International Journal of Electronic Security and Digital Forensics, 8(2), 99–117. https://doi.org/10.1504/IJESDF.2016.075583 DOI: https://doi.org/10.1504/IJESDF.2016.075583

Iqbal, F., Khalid, Z., Marrington, A., Shah, B., and Hung, P. C. K. (2022). Forensic Investigation of Google Meet for Memory and Browser Artifacts. Forensic Science International: Digital Investigation, 41, Article 301448. https://doi.org/10.1016/j.fsidi.2022.301448 DOI: https://doi.org/10.1016/j.fsidi.2022.301448

Iqbal, F., MacDermott, A., Motyliński, M., and Hussain, M. (2020). Digital Forensic Acquisition and Analysis of Discord Applications. In 2020 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI). https://doi.org/10.1109/CCCI49893.2020.9256668

Kathiravan, Y., Amran, M. F. M., Razali, N. A. M., Shukran, M. A. M., Wahab, N. A., Khairuddin, M. A., Ismail, M. N., Adnan, Z., and Rauf, M. F. A. (2020). A Study on Private Browsing in Windows Environment. Journal of Defence Science Engineering and Technology, 3(1). https://doi.org/10.58247/jdset-2020-0301-03 DOI: https://doi.org/10.58247/jdset-2020-0301-03

Kauser, S., Malik, T. S., Hasan, M. H., Akhir, E. A. P., and Kazmi, S. M. H. (2022). Windows 10’s Browser Forensic Analysis for Tracing P2P Networks’ Anonymous Attacks. Computers, Materials and Continua, 72(2). https://doi.org/10.32604/cmc.2022.022475 DOI: https://doi.org/10.32604/cmc.2022.022475

Khalid, Z., Iqbal, F., Al-Hussaeni, K., MacDermott, A., and Hussain, M. (2022). Forensic Analysis of Microsoft Teams Investigating Memory, Disk, and Network. In Digital forensics and cybersecurity (xx–xx). https://doi.org/10.1007/978-3-03106371-8_37 DOI: https://doi.org/10.1007/978-3-031-06371-8_37

Leith, D. J. (2021). Web Browser Privacy: What Do Browsers Say When They Phone Home? IEEE Access, 9, 41615–41627. https://doi.org/10.1109/ACCESS.2021.3065243 DOI: https://doi.org/10.1109/ACCESS.2021.3065243

Liou, J.-C., Logapriyan, M., Lai, T. W., Pareja, D., and Sewell, S. (2016). A Study of the Internet Privacy in Private Browsing Mode. In Proceedings of the 3rd Multidisciplinary International Social Networks Conference (xx–xx). https://doi.org/10.1145/2955129.2955153 DOI: https://doi.org/10.1145/2955129.2955153

Mahaju, S., and Atkison, T. (2017). Evaluation of Firefox Browser Forensics Tools. In Proceedings of the Southeast Conference (xx–xx). https://doi.org/10.1145/3077286.3077310 DOI: https://doi.org/10.1145/3077286.3077310

Mahlous, A. R., and Mahlous, H. (2020). Private Browsing Forensic Analysis: A Case study of Privacy Preservation in the Brave Browser. International Journal of Intelligent Engineering and Systems, 13(2), 306–315. https://doi.org/10.22266/ijies2020.1231.26 DOI: https://doi.org/10.22266/ijies2020.1231.26

Motyliński, M., MacDermott, A. M., Iqbal, F., Hussain, M., and Aleem, S. (2020). Digital Forensic Acquisition and Analysis of Discord Applications. In Proceedings of the IEEE Conference on Communications and Cybersecurity (Vol. 10, 1–8). https://doi.org/10.1109/CCCI49893.2020.9256668 DOI: https://doi.org/10.1109/CCCI49893.2020.9256668

Nalawade, A., Bharne, S., and Mane, V. (2016). Forensic Analysis and Evidence Collection for Web Browser Activity. In 2016 International Conference on Automatic Control and Dynamic Optimization Techniques (ICACDOT) (xx–xx). https://doi.org/10.1109/ICACDOT.2016.7877639 DOI: https://doi.org/10.1109/ICACDOT.2016.7877639

Ntonja, M., and Ashawa, M. A. (2018). Investigating Google Chrome 6603359 Artefact: Internet Forensics Approach. Journal of Computer Science and IT.

Qureshi, S., He, J., Qureshi, S. S., Zhu, N., Rajputt, F. A., Ullah, F., Nazir, A., and Wajahat, A. (2022). Browser Forensics Extracting Evidence from Browser Using Kali Linux and Parrot OS Forensics Tools. International Journal of Scientific Research in Computer Science and Engineering, 10(5).

Rasool, A., and Jalil, Z. (2020). A Review of Web Browser Forensic Analysis Tools and Techniques. International Journal of Computer Applications, 182(20), 1–15.

Rathod, D. M. (2017). MAC OSX Forensics. International Journal of Advanced Research in Computer Engineering and Technology.

Rathod, D. M. (2017). Web Browser Forensic: Google Chrome. International Journal of Advanced Research in Computer Science, 8(7). https://doi.org/10.26483/ijarcs.v8i7.4433

Ruiz, R., Winter, R., Winter, K., Park, F., and Amatte, F. (2015). Overconfidence and Personal Behaviours Regarding Privacy that Allows the Leakage of Information in Private Browsing Mode. International Journal of Cyber-Security and Digital Forensics, 4(3), 404–416. DOI: https://doi.org/10.17781/P001619

Saidi, R. M., Udin, F. F. S., Zolkeplay, A. F., Arshad, M. A., and Sappar, F. (2018). Analysis of private browsing activities. In A. R. Abdullah et al. (Eds.), Regional Conference on Science, Technology and Social Sciences (RCSTSS 2016) (217–228). Springer. https://doi.org/10.1007/978-981-13-00745_20 DOI: https://doi.org/10.1007/978-981-13-0074-5_20

Sanghvi, H., Rathod, D. M., Altaleedi, S. Y., AlThani, A. S., Alkhawaldeh, M. A. A., Almorjan, A., Shah, R., and Zia, T. (2023). Google Chrome Forensics. International Journal of Electronic Security and Digital Forensics, 15(6), 591–619. https://doi.org/10.1504/IJESDF.2023.133968 DOI: https://doi.org/10.1504/IJESDF.2023.133968

Sanghvi, H., Rathod, D., Shukla, P., Shah, R., and Zala, Y. (2024). Web browser Forensics: Mozilla Firefox. International Journal of Electronic Security and Digital Forensics, 16(4). https://doi.org/10.1504/IJESDF.2024.10055704 DOI: https://doi.org/10.1504/IJESDF.2024.139645

Satvat, K., Forshaw, M., Hao, F., and Toreini, E. (2014). On the Privacy of Private Browsing—A Forensic Approach. Journal of Information Security and Applications, 19(1), 1–10. https://doi.org/10.1016/j.jisa.2014.02.002 DOI: https://doi.org/10.1016/j.jisa.2014.02.002

Tiwari, S. K. P., and Kashyap, N. (2025). Forensics Analysis of Browser-Based Gotomeeting Clients: Uncovering Memory and Browser Artefacts. Journal of Information Systems Engineering and Management, 10(20s). https://doi.org/10.52783/jisem.v10i20s.3172 DOI: https://doi.org/10.52783/jisem.v10i20s.3172

Tsalis, N., Mylonas, A., Nisioti, A., Gritzalis, D., and Katos, V. (2017). Exploring the Protection of Private Browsing in Desktop Browsers. Journal of Privacy and Confidentiality, 9(2), 45–66. DOI: https://doi.org/10.1016/j.cose.2017.03.006

Zhao, B., and Liu, P. (2015). Private Browsing Mode: Not Really that Private? Dealing with Privacy Breach Caused by Browser Extensions. In 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (xx–xx). https://doi.org/10.1109/DSN.2015.18 DOI: https://doi.org/10.1109/DSN.2015.18