Forensics Analysis of Private Web Browsing Using Android Memory Acquisition

Modern smartphones can perform and display nearly as much of the internet as personal computers, including web browsing and video streaming. Nowadays, all users rely on web browsers to access, display, and manipulate information from Internet on their mobile devices. However, almost all of user browsing activities flow through a web browser, thereby threatening the privacy preservation by third-party trackers or browsers’ providers. Therefore, there is a demand to make web browsers private for users with the most intensive concentrate on keeping their data safe. In this paper, we perform a thorough digital forensics analysis on the smartphone’s volatile memory with the aim at investigating the data privacy on various web browsers. Memory acquisitions is methodically applied in private and non-private modes on Android platforms to examine which of the user artifacts are being protected or exposed from web history or email communications. Comprehensive experiments are conducted on the four popular browsers Google Chrome, Mozilla Firefox, Dolphin and Opera under various scenarios. The experimental results show that the Chrome web browser was the lowest secure browser in which all the inspected data have been retrieved even with a private mode enabled. The other browsers have shown a partial privacy preservation. Such findings emphasize the importance of conducting such forensics analysis and warning users to keep their browsing practices safe from prying eyes.