Investigating Web Browser Lifecycles: A Comparative Analysis of Firefox, Chrome, and Edge on Windows 11

Abstract

Today, the Internet has evolved into an indispensable piece of our daily lifestyles through its various applications such as healthcare to education, businesses to research, and entertainment. Nowadays, one of the paramount drawbacks of this technology is the lack or absence of security. An intruder can potentially tap into the digital systems through its communications which may lead to an inflated figure in cybercriminal activities. Web browsers are the to-go applications while using the internet and like every other application, internet browsers alike need to be kept in check for making sure that are doing the intended work and patch any insecurity regularly. However, these extensive updates to the applications and the operating systems may prove a hurdle for the investigators to perform the investigation process. This study provides an investigative methodology for obtaining and analyzing the updated browsers' artifacts from various regions of operating systems. For this, In this study, we have targeted the latest Microsoft Windows 11 Operating System with our proposed Browser Lifecycle investigation approach for the (three topmost browsers) Firefox, Chrome, and Edge. We have identified and collected the artifacts for analyzing the browsing activities that were performed through the complete stages of the browser's lifecycle. We examined installations, execution, and anomaly behaviors like crashes, restarting, and uninstallations with targeted evidence from the registry, memory, storage, and logs locations. Through experiments, we also highlighted the possibilities to fetch considerable details of the user’s internet browsing activities. Moreover, the experiments highlighted that the crashes and unexpected closures of the browser reveal sensitive information that might be lost during the usual closure of the applications. The proposed methodology with its promising identified results can provide a strong basis for expanding knowledge in the domain of browser forensic analysis. Further, the proposed methodology can also enhance the effectiveness of cybercriminal investigations in the forensics domain.