To maintain privacy of the end consumers the browser vendors
provide a very good feature on the browser called the "Private Mode". As
per the browser vendors, the Private Mode ensures Cookies, Temporary
Internet Files, Webpage history, Form data and passwords, Anti-phishing
cache, Address bar and search AutoComplete, Automatic Crash Restore
(ACR) and Document Object Model (DOM) storage information is not
stored on the system .
To put to test the browser vendors claim, I had setup a test to confirm the
claims. During the first test the file system was monitored for all reads
and writes. On the second test the image of the RAM was taken after the
browser was used in private mode. The image was analyzed to check if the
RAM contained any data related to the user browsing. The browsers chosen
to perform this test were: Internet Explorer, Firefox, Google Chrome and
During the file system monitoring analysis for the browsers in private mode
it was found that Google Chrome and Firefox didn't write any data on the
file system. Safari wrote data on just a single file called "WebpageIcons.db".
Internet Explorer wrote browsing data on the file system and then deleted
it. This data can be recovered using any recovery tool such as Recuva.
During the memory dump based analysis for the browsers in private mode,
it was found that browser data was recoverable for all the browsers.
Therefore from data privacy perspective Google Chrome and Firefox are
safer to use than Safari and Internet Explorer.
Library of Congress Subject Headings
Browsers (Computer programs)--Security measures; Computer networks--Security measures; Data encryption (Computer science)
Department, Program, or Center
Department of Computing Security (GCCIS)
Noorulla, Emad Sayed, "Web Browser Private Mode Forensics Analysis" (2014). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus