The Internet and its users are in continual growth. With it grows the number of organized crimes on the Internet and the potential for individuals to carry out illegal activities. These criminals have gained more awareness of private browsing facilities, and many have found a haven in privacy designed browsers that cover up their tracks and shield their nefarious actions. The development of these privacy features has proven to be a challenge for digital forensic investigators. They strive to perform a thorough analysis of web browsers to collect artefacts relating to illegal activity to be presented as evidence to the court of law and used to convict criminals. “Brave” browser is one of the most recent and fastest-growing private browsers that, up to this point, has not been studied in-depth, and its privacy preservation functionality remains unclear. In this paper, we studied Brave’s private browsing mode, examined its privacy-preserving and forensic data acquisition, and outlined the location and type of evidence available through live and post-mortem state analysis. The unique approach taken included a set of experiments that unveiled how the browser functions and showed the appropriate tools that could be utilized to extract leftover artefacts. Analysis of our results showed that despite Brave leaving no traces of browsing activity on the Hard Disk, visited URLs, images, keyword searches, and even cached videos were retrievable from the RAM, which shows that Brave is not entirely private.
Evaluating the End-User Experience of Private Browsing Mode
