Abstract
The TOR browser is the most popular browser for surfing the Internet while being anonymous. This paper studies the digital artifacts left behind by TOR browser over the network and within the host. These artifacts give the most crucial forensic evidence for digital investigators to prove any unauthorized or unlawful activities. The paper also presents methods for retrieving more useful artifacts when compared to previous works and also investigates on Firefox, Chrome Incognito, and Internet Explorer. The results show that even the much-acclaimed TOR browser also leaves evidence and traces behind.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
The TOR Project. https://www.torproject.org/
Anonymous remailer. https://en.wikipedia.org/wiki/Anonymous_remailer
Clarke I, Sandberg O, Wiley B, Hong TW (2001) Freenet: a distributed anonymous information storage and retrieval system. In: Federrath H (eds) Designing privacy enhancing technologies. Lecture Notes in Computer Science, vol 2009. Springer, Berlin, Heidelberg
Anderson R (1996) The Eternity Service. In: First international conference on theory and applications of cryptography, Prague. https://www.cl.cam.ac.uk/~rja14/Papers/eternity.pdf
Freehaven. https://www.freehaven.net. Last seen on 15 June (2020)
Waldman M, Rubin DA, Cranor LF (2000) Publius: a robust, tamper-evident, censorship-resistant, web publishing system. In: 9th USENIX security symposium
Hejazi SM, Talhi C, Debbabi M (2009) Extraction of Forensically sensitive data from windows physical memory. Comput Investig 6:121–131
Aggarwal G, Bursztien E, Jackson C, Boneh D (2010) An analysis of private browsing modes in modern browsers. In: Conference: 19th USENIX security symposium, Washington, DC, USA, 11–13 Aug (2010)
Mahendrakar A, Irving J, Patel S (2010) Measurable analysis of private browsing mode in popular browsers. http://mocktest.net/paper.pdf
Ohana DJ furthermore, Shashidhar N (2013) Do private and versatile internet browsers leave implicating evidence? A measurable examination of leftover relics from private and compact web browsing meetings. EURASIP J on Inf S 201, 6:1–13
Satvat K, Forshaw M, Hao F (2014) What’s more, Toreini E., On the privacy of private browsing—a forensic methodology. Diary Inf Secur Appl 19:88–100
20 sites to send anonymous emails. https://www.hongkiat.com/blog/anonymous-email-providers/. Last seen on 15 June (2020)
Unpredictability Foundation: accessible online at: http://www.volatilityfoundation.org/
Bulk Extractor, accessible online at: https://github.com/simsong/bulk_extractor/wiki
Dump it, accessible online at: https://github.com/thimbleweed/All-In-USB/tree/master/utilities/DumpIt
Autopsy, accessible online at: http://www.autopsy.com
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Vatsavayi, V.K., Varma, K.S. (2021). Retrieving TOR Browser Digital Artifacts for Forensic Evidence. In: Bhattacharyya, D., Thirupathi Rao, N. (eds) Machine Intelligence and Soft Computing. Advances in Intelligent Systems and Computing, vol 1280. Springer, Singapore. https://doi.org/10.1007/978-981-15-9516-5_23
Download citation
DOI: https://doi.org/10.1007/978-981-15-9516-5_23
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-9515-8
Online ISBN: 978-981-15-9516-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)