The challenge of identifying historic ‘private browsing’ sessions on suspect devices

Graeme Horsman

Research output: Contribution to journalArticlepeer-review


Those subject to supervision orders requiring the lawful regulation of their Internet activity provide an investigatory challenge to law enforcement practitioners. Where a defendant's Internet history must be retained and made accessible for review at defined intervals, investigators must apply principles of digital triage to quickly evaluate existing content in order to identify any potential breaching activity. Such processes are often undertaken ‘on-scene’ and under time constraints. Whilst in some cases detecting offending actions may be simple, particularly if illegal history records are retained, it may be the case that some techniques such as private browsing functions leave minimal trace of usage post-event. As a result, live monitoring and activity capture may provide the only viable solution with regards to the effective regulation of Internet usage for those under supervision. This work examines the use of AppLocker and a bespoke developed solution ‘Private-Spy’ for the purpose of private browsing session detection. Both solutions are evaluated and findings are offered.
Original languageEnglish
Article number300980
JournalForensic Science International: Digital Investigation
Early online date17 Jun 2020
Publication statusE-pub ahead of print - 17 Jun 2020


Dive into the research topics of 'The challenge of identifying historic ‘private browsing’ sessions on suspect devices'. Together they form a unique fingerprint.

Cite this