Title: Google chrome forensics
Authors: Hitesh Sanghvi; Digvijaysinh Rathod; Salem Yahya Altaleedi; Abdulaziz Saleh AlThani; Mohammed Abd Alrhman Alkhawaldeh; Abdulrazaq Almorjan; Ramya Shah; Tanveer Zia
Addresses: Directorate of Forensic Science, Gujarat, India ' School of Cybersecurity and Digital Forensics, National Forensic Sciences University, Gujarat, India ' Center of Excellence in Cybercrimes and Digital Forensics, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia ' Center of Excellence in Cybercrimes and Digital Forensics, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia ' Center of Excellence in Cybercrimes and Digital Forensics, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia ' Center of Excellence in Cybercrimes and Digital Forensics, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia ' School of Cybersecurity and Digital Forensics, National Forensic Sciences University, Gujarat, India ' Center of Excellence in Cybercrimes and Digital Forensics, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia
Abstract: Google Chrome is used to explore the internet and navigate websites. Users prefer incognito mode because it claims that it does not keep crucial information in the computer, ensuring privacy and security of browsing data. While offenders employ incognito mode browsing to perpetrate a crime, digital forensics investigators face new technical obstacles in recovering evidence. We have presented the evidence obtained in Google Chrome while it is open in normal and incognito mode. We performed 78 activities and hard drive and RAM forensics were performed using FTK and autopsy. We unearthed artefacts in the cases of deleted bookmarks and history, Gmail and Yahoo mail, Facebook chat, and web WhatsApp chat while Google Chrome is open in normal and incognito mode, the credentials of Google and Outlook while it is open in incognito mode. Results show that the FTK gives better results than autopsy in terms of evidence extraction using hard-disk forensics.
Keywords: browser artefacts; digital forensics; internet privacy; incognito mode; normal mode; FTK; autopsy.
DOI: 10.1504/IJESDF.2023.133968
International Journal of Electronic Security and Digital Forensics, 2023 Vol.15 No.6, pp.591 - 619
Received: 07 Jan 2022
Accepted: 05 Oct 2022
Published online: 06 Oct 2023 *