Advancing web browser forensics: Critical evaluation of emerging tools and techniques

As the use of web browsers continues to grow, the potential for cybercrime and web-related criminal activities also increases. Digital forensic investigators must understand how different browsers function and the critical areas to consider during web forensic analysis. Web forensics, a subfield of digital forensics, involves collecting and analyzing browser artifacts, such as browser history, search keywords, and downloads, which serve as potential evidence. While existing research has provided valuable insights, many studies focus on individual browsing modes or limited forensic scenarios, leaving gaps in understanding the full scope of data retention and recovery across different modes and browsers. This paper addresses these gaps by defining four browsing scenarios and critically analyzing browser artifacts across normal, private, and portable modes using various forensic tools. We define four browsing scenarios to perform a comprehensive evaluation of popular browsers—Google Chrome, Mozilla Firefox, Brave, Tor, and Microsoft Edge—by monitoring changes in key data storage areas such as cache files, cookies, browsing history, and local storage across different browsing modes. Overall, this paper contributes to a deeper understanding of browser forensic analysis and identifies key areas for enhancing privacy protection and forensic methodologies.