The Internet has brought invaluable advantages to society and has become a key component of our lives. Many things have been facilitated by this, for example, the ability to connect social to distant family members, ecommerce, business opportunities, or the possibility to learn through distance learning. However, it also raised concerns about user privacy and the issue of data harvesting during these online activities. Private Web Browsers aim to mitigate these concerns by reducing the amount of data that can be collected, yet a defined answer to what data artefacts can still be collected after a browsing session remains unclear, especially when digital forensics techniques are deployed. Data artefacts are residual information or traces that are left by using systems applications and devices.

This research aims to investigate these data artefacts by divining into the Computer Forensics branch and extracting data from Random Access Memory (RAM) and Hard Disk Drive (HDD). We note that these data artefacts may be affected by several variables which are the operating system, private web browser itself, state of the machine, and the state of the web browsing session. A series of experiments in a virtualized environment were conducted and the data collected was examined to determine what data artifacts were still recoverable and under which conditions.