Forensic analysis of web browsers lifecycle: A case study

The widespread integration of the internet into daily life across sectors such as healthcare, education, business, and entertainment has led to an increasing dependence on web applications. However, inherent technological vulnerabilities attract cybercriminals, necessitating robust security measures. While these security measures, including frequent updates/fixes to applications and operating systems, are essential, they also complicate forensic investigations. This research proposes a comprehensive approach to artifact identification and collection for examining browsing activities of Firefox, Chrome, and Edge on Windows 11. The methodology includes setting up and analyzing all stages of browser usage, such as installations, executions, uninstallations, and anomalous behaviors like crashes and restarts. Simulated cyber-criminal activities are used to collect artifacts at each stage, which are then analyzed using Windows 11 components such as the registry, memory, storage, and log locations. Experimental results reveal vulnerabilities, such as crashes, that can lead to the loss of sensitive information. This methodology provides a promising foundation for advancing browser forensic analysis and enhancing cybercrime investigations.