Does TorBrowser save Sessions?

Ok guys I got a serious question hoping someone with more knowledge can answer.

Lets say the police raid my house and my laptop has Tor Browser open. I close the laptop and the laptop goes into sleep mode. At the station they let me browse the laptop and I quickly close Tor Browser which is logged into a DNM site.

Would a IT forensic be able to recreate that session where I was logged into the DNM site? Would that be possible even if I changed the password of the login to the DNM site?

Thx guys hope someone can answer these questions


Comments


[2 Points] f0rthelulz:

I would assume yes, due at least to things like swap files/partitions and hibernation. If you are vending, absolutely use tails and understand why you are doing so. Any filesystem you use absolutely must be encrypted at the file system level, and not using anything stupid like Windows' Bitlocker or with passphrase recovery enabled on a Mac.


[1 Points] f0rthelulz:

btw, the complexity of what can actually be forensically recovered and when is why "Use Tails" is such common advice - explaining how to be secure without using Tails is hard and requires fiddly knowledge attention to detail that most people won't bother with. Tails protects you from basically all attacks aside from them catching your computer unlocked and live system imaging.


[1 Points] tom_team:

They will recover the session-cookie, but probably the session on the server is expired by that time.

So they cannot recreate your session, since the session is server side stored and not on the browser.

However the browser might store images you have seen, store messages you've typed etc.

I'm pretty sure they cannot login on your account again. If that would be possible it would be exploited by hackers...