Forensics Outfoxed: A Forensic Examination of Firefox Focus

Researched and prepared by Aaron Pickett and Kieran Maher


Firefox Focus, Mozilla’s private browsing offering in the Android and iOS markets claims to hold no artefacts relating to internet browsing, including cookies and cache. Utilising mobile imaging techniques and a direct comparison between the extractions through the testing, this paper aims to discover what artefacts can be found on an Android device that utilises Firefox Focus. The experiments cover extraction both before and after the ‘erase’ button has been pressed.


Firefox Focus, originally released in November 2016, was designed from the ground up to fulfil privacy aims by the Mozilla Foundation. Available for a wide range of mobile devices including Android and iOS platforms, Firefox Focus is quickly gaining momentum as a popular ‘second browser’, with over one million installs[1] on the Android platform alone.

The initial underlying ideas surrounding the application were to block websites’ usage of trackers, and to create a lightning-fast browser that was not slowed down by storage of any large databases of history, caches or cookies[2]. In an additional move to combat issues of privacy, Mozilla stated in the original announcement that the application was ‘designed for the times when you don’t want to leave a record on your phone[3]. Combining these two different elements of privacy has allowed Mozilla to create a mobile web browser that is built from the ground up with personal security and privacy in mind.

To continue reading, download the full whitepaper by clicking the button below.


[1] “Firefox Focus: The privacy browser – Android Apps on Google Play.” Accessed 08 Oct. 2017.

[2] “Privacy made simple with Firefox Focus – The Mozilla Blog.” 17 Nov. 2016, Accessed 13 Oct. 2017.

[3] “Introducing Firefox Focus – A Free, Fast Private … – The Mozilla Blog.” 17 Nov. 2016, Accessed 27 Sep. 2017.