Inproceedings
Forensic Analysis of Epic Privacy Browser on Windows Operating Systems
Contribution Summary
This paper presents a comprehensive forensic analysis of Epic Privacy Browser on Windows operating systems, with a focus on the identification and analysis of artefact evidence left on Windows 10 compared to Windows 7. The study aims to establish if the introduction of Windows 10 has had an adverse effect on the browser's claim of clearing all user activity traces upon closure. The authors employed a range of forensic tools, including Process Monitor, Regshot, and FTK Imager, to capture live RAM data and examine post-mortem data on both Windows 7 and Windows 10 systems. The results of the analysis provide valuable insights into the types of artefact evidence left behind by Epic Privacy Browser, including cache, temporary internet files, cookie information, search history, and registry changes. The study also examines the effectiveness of the browser's claim of clearing all user activity traces upon closure, and discusses the implications of the findings for forensic investigators and digital evidence analysis.
Keywords: Web Browser Forensics; Epic Privacy Browser; Live Data Forensics; Post-Mortem Browser Forensics; Windows 10; Windows 7; Digital Forensics; Cybersecurity
Abstract
Internet security can be compromised not only through the threat of Malware, fraud, system intrusion or damage, but also via the tracking of internet activity. Criminals are using numerous methods to access data in the highly lucrative cybercrime business. Organized crime, as well as individual users, are benefiting from the protection of Virtual Private Networks (VPN) and private browsers, such as Tor, Epic Privacy, to carry out illegal activity such as money laundering, drug dealing and the trade of child pornography. News articles advising on internet privacy assisted in educating the public and a new era of private browsing arose. Although these measures were designed to protect legitimate browsing privacy, they also provided a means to conceal illegal activity. One such tool released for private browsing was Epic Privacy Browser. It is currently used in approximately 180 countries worldwide. Epic Privacy Browser is promoted as a chromium powered browser, specifically engineered to protect users' privacy. It only operates in private browser mode and, upon close of the browsing session, deletes all browsing data. The Epic Privacy Browser claims that all traces of user activity will be cleared upon close of the application and will establish if the introduction of Windows 10 has had an adverse effect on this claim. However, there is no forensic acquisition and analysis of Epic Privacy Browser in literature. In this paper, we aim to contribute towards the goal of assisting forensic examiners with the locations and types of evidence available through live and post-mortem state analysis of the Epic Privacy Browser on Windows 10 and Windows 7, identify how the browser functions during use, where data can be recovered once the browser is closed and the necessary tools that will assist in the forensics discovery and effective presentation of the material.
BibTeX
@inproceedings{reed2017epic,
author={Reed, Alan and Scanlon, Mark and Le-Khac, Nhien-An},
title="{Forensic Analysis of Epic Privacy Browser on Windows Operating Systems}",
booktitle="{Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS 2017)}",
year=2017,
month=06,
address={Dublin, Ireland},
publisher={ACPI},
pages="341-350",
abstract="Internet security can be compromised not only through the threat of Malware, fraud, system intrusion or damage, but also via the tracking of internet activity. Criminals are using numerous methods to access data in the highly lucrative cybercrime business. Organized crime, as well as individual users, are benefiting from the protection of Virtual Private Networks (VPN) and private browsers, such as Tor, Epic Privacy, to carry out illegal activity such as money laundering, drug dealing and the trade of child pornography. News articles advising on internet privacy assisted in educating the public and a new era of private browsing arose. Although these measures were designed to protect legitimate browsing privacy, they also provided a means to conceal illegal activity. One such tool released for private browsing was Epic Privacy Browser. It is currently used in approximately 180 countries worldwide. Epic Privacy Browser is promoted as a chromium powered browser, specifically engineered to protect users' privacy. It only operates in private browser mode and, upon close of the browsing session, deletes all browsing data. The Epic Privacy Browser claims that all traces of user activity will be cleared upon close of the application and will establish if the introduction of Windows 10 has had an adverse effect on this claim. However, there is no forensic acquisition and analysis of Epic Privacy Browser in literature. In this paper, we aim to contribute towards the goal of assisting forensic examiners with the locations and types of evidence available through live and post-mortem state analysis of the Epic Privacy Browser on Windows 10 and Windows 7, identify how the browser functions during use, where data can be recovered once the browser is closed and the necessary tools that will assist in the forensics discovery and effective presentation of the material."
}