Imagine the following scenario: a hacker has physical access, the best forensic tools and as much time as he wants to pick deep into the operating system of a computer, he has the best technology for recovering deleted data but cannot in any way get information from your ISP or other people/organisations which were between you and the sites you visited. Can this hacker find out where you have been?
Lets assume he didn't put a keylogger or any other form of malware onto the computer while you were using it, the first time he ever knew of your existence was the day he got hold of your machine and began his attempts to find what you had been doing in the days, weeks months and years before he gained physical access to the machine.
Let's assume he can bypass the windows password and immediately get full admin rights on the computer, and that he is not restricted in any way by any security feature on the machine. He has full control and abilities, but the data he wants to find was stuff done when the browser (be it FF, chrome or even IE) was in private mode.
Do browsers in private mode leave any traces at all on YOUR system, ignoring the many traces they certainly leave on the machines between yours and the site you are visiting.
Lets consider that the secret browsing was done just by opening a "private mode" window within firefox, chrome or internet explorer and that although flash and all other plugins were disabled the system and browser were otherwise running in their utterly normal states.
Does private browsing leave enough fragments from this that the hacker could then find them by using data recovery methods on the machine? Or does it truly leave no traces on THE machine which is doing it? Are there things cached from time spent private browsing, deleted at the end of the session but not overwritten on the disc? Does windows itself store some sort of log of every page visited even if a browser other than IE was used to visit them? Do searches made when privately browsing get written into some sort of database on YOUR computer, this isn't concerning snooping by ISPs, just snooping by someone with your machine in their hands? Would things that might have been stored while you were private browsing and then erased, but not erased securely, remain readable on the disc days more browsing (both normal and private) later, what about weeks or years?
I would be interested to know how much security private browing offers against someone, of unlimited skill with virtually unlimited time, with physical access to your machine and anything they can discover on it. But so as not to start a discussion about things already well-known i will ignore the presence of private data being stored on OTHER (ISP's, websites, advertising agencies, search engines) people's computrs and servers.
Edited by rp88, 01 February 2015 - 09:09 PM.