A main topic regarding modern web browsers is user privacy. When surfing on the Internet, web browsers typically store user-related browsing data, such as cookies, browsing history and web site banners, on the local computer system. Saving that data locally may pose a security risk to Internet users, as it can be recovered from a computer's hard disk by means of various forensic tools. To tackle this privacy issue, web browser vendors introduced the private browsing mode, which promises not to store sensitive user data to the local system, in order to preserve user privacy. As there exists no guarantee that the private browsing mode of modern web browsers has been implemented and tested thoroughly from a forensically standpoint of view, in this work a proof-of-concept is provided which examines this mode by means of a new forensic analysis approach. This approach takes advantage of two frameworks. One framework has been used for performing automated web browser tests, whereas the other one has been implemented for forensic analysis purposes. The key feature of the analysis framework is based on the concept of process monitoring, which offers the possibility to log file system events that have been induced by a web browser during a private browsing session. The collected file system event log files have been used for file recovery purposes in conjunction with Digital Forensics XML (DFMXL) files. Generally, DFXMLs provide digital examiners with valuable information about file objects (e.g. last access time, file size, allocation status). The experimental evaluation of this work is based upon this information, in order to retrieve those Internet artefacts which have been accessed when surfing the Internet in private mode. The evaluation of the results has shown that the private modes of the tested web browsers have been implemented differently. The amount of recovered Internet artefacts has varied depending on the web sites as well as on the web browsers that have been used for testing. From forensically standpoint of view, it has been found that private browsing artefacts can be recovered effectively by using process monitor log files.