On the Memory Artifacts of the Tor Browser Bundle

Tor is one of the most famous privacy-preserving tools. It creates virtual encrypted tunnels to convey users' data. Tor users improve their privacy against people watching their activities or doing traffic analysis. They enjoy being anonymous while browsing the web or chatting with friends. Tor is being used by variety of people ranging from ordinary individuals to journalists or even governmental organizations. This paper investigates the memory artifacts of the Tor browser Bundle, which is specifically pre-configured to use the Tor network. Although it is hard to analyze Tor's data while being in transit, information is fully exposed in the clients' machines after delivery. That is all data must go through the memory before being processed. We use Tor browser in different experiments to check the possibility of recovering data remnants from the memory. This paper shows that Tor works pretty good in destroying the involved data prior getting closed.