One of LCDI’s new projects for this semester is the exploration of The Pirate Bay’s new browser, which aims to circumvent internet censorship. The goal of our research is to find out what browser artifacts are left behind when using the Pirate Browser.
It was important to first understand as much as we could about the browser itself and what makes it unique. The official description of the browser onpiratebrowser.com reads as:
“PirateBrowser is a bundle package of the Tor client (Vidalia), FireFox Portable browser (with foxyproxy addon) and some custom configs that allows you to circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, The Netherlands, Belgium, Finland, Denmark, Italy and Ireland impose onto their citizens.”
PirateBrowser is not anonymous, and does not promise security to its users, which means that there is a good chance it leaves behind Internet artifacts that we will be able to see.
To do this, we will be using Internet Evidence Finder, FTK, EnCase, and the Bulk Extractor and Super Timeline features of MantaRay Forensics.
We are going to be comparing the results of PirateBrowser against the two browsers that it borrows features from. We start by making three identical Windows 7 Virtual Machines, and then we use each one for a different browser. The browsers we are researching and using are Mozilla FireFox 23, Mozilla FireFox Portable, and PirateBrowser. The VMs are then populated with data that is the same across all three, so we have a good idea of what artifacts we are looking for.
Once the VM’s are done we will image them, as well as the flash drive that FireFox portable was run off of, and all four images will be examined with IEF and MantaRay.
Stay tuned for a more in depth look at how our new project advances!