Mohd Najwadi Yusoff,Ali Dehghantanha,Ramlan Mahmod

DOI: https://doi.org/10.48550/arXiv.1706.08062

2017-06-25

Abstract:Mobile devices are increasingly utilized to access social media and instant messaging services, which allow users to communicate with others easily and quickly. However, the misuse of social media and instant messaging services facilitated conducting different cybercrimes such as cyber stalking, cyber bullying, slander spreading and sexual harassment. Therefore, mobile devices are an important evidentiary piece in digital investigation. In this chapter, we report the results of our investigation and analysis of social media and instant messaging services in Firefox OS. We examined three social media services (Facebook, Twitter and Google+) as well as three instant messaging services (Telegram, OpenWapp and Line). Our analysis may pave the way for future forensic investigators to trace and examine residual remnants of forensics value in FireFox OS.

Cryptography and Security

Abdullah Azfar,Kim-Kwang Raymond Choo,Lin Liu

DOI: https://doi.org/10.48550/arXiv.1505.02905

2015-05-12

Abstract:Mobile health applications (or mHealth apps, as they are commonly known) are increasingly popular with both individual end users and user groups such as physicians. Due to their ability to access, store and transmit personally identifiable and sensitive information (e.g. geolocation information and personal details), they are potentially an important source of evidentiary materials in digital investigations. In this paper, we examine 40 popular Android mHealth apps. Based on our findings, we propose a taxonomy incorporating artefacts of forensic interest to facilitate the timely collection and analysis of evidentiary materials from mobile devices involving the use of such apps. Artefacts of forensic interest recovered include user details and email addresses, chronology of user locations and food habits. We are also able to recover user credentials (e.g. user password and four-digit app login PIN number), locate user profile pictures and identify timestamp associated with the location of a user.

Computers and Society

Humaira Arshad,Saima Abdullah,Moatsum Alawida,Abdulatif Alabdulatif,Oludare Isaac Abiodun,Omer Riaz

DOI: https://doi.org/10.3390/s22031115

2022-02-01

Abstract:Currently, law enforcement and legal consultants are heavily utilizing social media platforms to easily access data associated with the preparators of illegitimate events. However, accessing this publicly available information for legal use is technically challenging and legally intricate due to heterogeneous and unstructured data and privacy laws, thus generating massive workloads of cognitively demanding cases for investigators. Therefore, it is critical to develop solutions and tools that can assist investigators in their work and decision making. Automating digital forensics is not exclusively a technical problem; the technical issues are always coupled with privacy and legal matters. Here, we introduce a multi-layer automation approach that addresses the automation issues from collection to evidence analysis in online social network forensics. Finally, we propose a set of analysis operators based on domain correlations. These operators can be embedded in software tools to help the investigators draw realistic conclusions. These operators are implemented using Twitter ontology and tested through a case study. This study describes a proof-of-concept approach for forensic automation on online social networks.

Nghi Hoang Khoa,Phan The Duy,Hien Do Hoang,Do Thi Thu Hien,Van-Hau Pham

DOI: https://doi.org/10.1109/rivf48685.2020.9140739

2020-10-01

Abstract:Emerging with highlight features as a global phenomenon, TikTok - the international version of Douyin application in China market, is a social media video app for creating and sharing short lip-syncing. This social video platform has seen astounding growth by reaching 1.5 billion users in 2019 by capturing the cultural zeitgeist among teenage smartphone owners in unprecedented fashion. However, criminals have been paid attention to this platform where young users become the target of abusers or predators. In this paper, we introduce the forensic analysis of the artifacts left on Android phones by TikTok application. In more detail, we indicate a complete description of all the artifacts obtained in TikTok. Furthermore, by using the results discussed in the paper, an investigator can rebuild the list of followers, searching keywords, favorites, messages that have been exchanged by users. It is helpful to examine and determine which artifacts could be considered as evidence for criminal investigation on popular social networking application.

Tooska Dargahi,Ali Dehghantanha,Mauro Conti

DOI: https://doi.org/10.1016/B978-0-12-805303-4.00002-2

2017-09-16

Abstract:Voice over Internet Protocol (VoIP) applications (apps) provide convenient and low cost means for users to communicate and share information with each other in real-time. Day by day, the popularity of such apps is increasing, and people produce and share a huge amount of data, including their personal and sensitive information. This might lead to several privacy issues, such as revealing user contacts, private messages or personal photos. Therefore, having an up-to-date forensic understanding of these apps is necessary. This chapter presents analysis of forensically valuable remnants of three popular Mobile VoIP (mVoIP) apps on Google Play store, namely: Viber, Skype, and WhatsApp Messenger, in order to figure out to what extent these apps reveal forensically valuable information about the users activities. We performed a thorough investigative study of these three mVoIP apps on smartphone devices. Our experimental results show that several artefacts, such as messages, contact details, phone numbers, images, and video files, are recoverable from the smartphone device that is equipped with these mVoIP apps.

Cryptography and Security

Zhendong Liao,Shunxiang Wu,Bin Xi,Fulin Wang,Daodong Ming,Baihua Chen

DOI: https://doi.org/10.1145/3341069.3341081

2019-01-01

Abstract:With the rapid popularization of mobile devices, mobile devices such as smart phones have become an indispensable tool in people's daily life. Mobile devices not only bring convenience to human beings, but also bring criminal activities based on mobile devices such as SMS fraud, dissemination of harmful information, virus software and so on. Therefore, digital forensics for mobile devices under IOS operating system is of great significance for combating crime, information security and other issues. This paper first expounds the background and significance of mobile terminal forensics. This paper presents a digital acquisition method based on usbmuxd and iTunes for IOS devices. The method of parsing and storing raw data and restoring file directory are also provided.

Adil Ahmad,Mehdi Hussain

DOI: https://doi.org/10.12928/mf.v4i1.5762

2022-03-31

Mobile and Forensics

Abstract:Mobile applications of video streaming platforms store a lot of information on mobile devices which can have both positive and negative impacts. Positive, in the sense that it could assist law enforcement agencies in solving crime, and the negative impact is that it could be accessed by malicious actors. In this study, we forensically investigate the Netflix, Amazon Prime Video, and iFlix android applications. The major focus is on identifying stored artifacts on the mobile devices left behind by the android video streaming applications. It will give law enforcement agencies and forensic investigators a clear direction when it comes to extracting evidence to solve a crime. On the other hand, it will notify the mobile application developers on how to further improve the security of their mobile applications.

Mohd Najwadi Yusoff,Ali Dehghantanha,Ramlan Mahmod

DOI: https://doi.org/10.48550/arXiv.1706.08056

2017-06-25

Abstract:Development of mobile web-centric OS such as Firefox OS has created new challenges, and opportunities for digital investigators. Network traffic forensic plays an important role in cybercrime investigation to detect subject(s) and object(s) of the crime. In this chapter, we detect and analyze residual network traffic artefacts of Firefox OS in relation to two popular social networking applications (Facebook and Twitter) and one instant messaging application (Telegram). We utilized a Firefox OS simulator to generate relevant traffic while all communication data were captured using network monitoring tools. Captured network packets were examined and remnants with forensic value were reported. This paper as the first focused study on mobile Firefox OS network traffic analysis should pave the way for the future research in this direction.

Cryptography and Security

Farkhund Iqbal,Aasia Jaffri,Zainab Khalid,Aine MacDermott,Qazi Ejaz Ali,Patrick C. K. Hung

DOI: https://doi.org/10.3389/frcmn.2023.1212743

2023-07-26

Frontiers in Communications and Networks

Abstract:Small-scale digital devices like smartphones, smart toys, drones, gaming consoles, tablets, and other personal data assistants have now become ingrained constituents in our daily lives. These devices store massive amounts of data related to individual traits of users, their routine operations, medical histories, and financial information. At the same time, with continuously evolving technology, the diversity in operating systems, client storage localities, remote/cloud storages and backups, and encryption practices renders the forensic analysis task multi-faceted. This makes forensic investigators having to deal with an array of novel challenges. This study reviews the forensic frameworks and procedures used in investigating small-scale digital devices. While highlighting the challenges faced by digital forensics, we explore how cutting-edge technologies like Blockchain, Artificial Intelligence, Machine Learning, and Data Science may play a role in remedying concerns. The review aims to accumulate state-of-the-art and identify a futuristic approach for investigating SSDDs.

Herschel Bowling,Kathryn Seigfried-Spellar,Umit Karabiyik,Marcus Rogers

DOI: https://doi.org/10.1111/1556-4029.15208

Abstract:Microsoft released a new communication platform, Microsoft Teams, in 2017. Due in part to COVID-19, the popularity of communication platforms, like Microsoft Teams, increased exponentially. Given its user base and increased popularity, it seems likely that digital forensic investigators will encounter cases where Microsoft Teams is a relevant component. However, because Microsoft Teams is a relatively new application, there is limited forensic research on the application particularly focusing on mobile operating systems. To address this gap, an analysis of data stored at rest by Microsoft Teams was conducted on the Windows 10 operating system as well as on Android and Apple iOS mobile operating systems. Basic functionalities, such as messaging, sharing files, participating in video conferences, and other functionalities that Teams provides, were performed in an isolated testing environment. Cellebrite UFED Physical Analyzer and Magnet AXIOM Examine tools were used to analyze the mobile devices and the Windows device, respectively. Manual or non-automated investigation recovered, at least partially, the majority of artifacts across all three operating systems. In this study, a total of 77.6% of the populated artifacts were partially or fully recovered in the manual investigation. On the other hand, forensic tools used did not automatically recover many of the artifacts found with the manual investigation. Only 13.8% of artifacts were partially or fully recovered by the forensic tools across all three devices. These discovered artifacts and the results of the investigations are presented in order to aid digital forensic investigations.

Hai-Cheng Chu,Gai-Ge Wang,Der-Jiunn Deng

DOI: https://doi.org/10.1002/sec.1729

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Digital forensics-related investigations have been a relative competitive research area by the computer specialists or law enforcement agency officers to confirm or refuse the assumptions with respect to the cybercrime scenes. WeChat is one of the most popular instant messaging application programs in contemporary age. While applying WeChat, there is precious information deposited in the computing devices that could be supportive evidences in a court of law. Hence, this research is focusing on the application of WeChat on the desktop PC under Windows 7 by means of the acquisition of volatile digital evidences in order to provide supporting information for some cybercrime cases. This paper provides generic investigation methods conducting forensic sound analysis on WeChat from the aspect of data volatility of the computing devices. By means of the proposed methodologies, the digital forensics specialists should be able to gather critical digital traces to confirm the previous actions of a WeChat user or even to reconstruct the crime scene to prove the suspect is guilty or innocent in a court of law. Copyright (C) 2017 John Wiley & Sons, Ltd.

Hudan Studiawan

DOI: https://doi.org/10.1111/1556-4029.15499

2024-03-07

Journal of Forensic Sciences

Abstract:iPhone operating system (iOS) devices utilize binary cookies as a data storage tool, encoding user‐specific information within an often‐neglected element of smartphone analysis. This binary format contains details such as cookie flags, expiration, and creation dates, domain, and value of the cookie. These data are invaluable for forensic investigations. This study presents a comprehensive methodology to decode and extract valuable data from these files, enhancing the ability to recover user activity information from iOS devices. This paper provides an in‐depth forensic investigation into the structure and function of iOS binary cookie files. Our proposed forensic technique includes a combination of reverse engineering and custom‐built Python scripts to decode the binary structure. The results of our research demonstrate that these cookie files can reveal an array of important digital traces, including user preferences, visited websites, and timestamps of online activities. It concludes that the forensic analysis of iOS binary cookie files can be a tool for forensic investigators and cybersecurity professionals. In the rapidly evolving domain of digital forensics, this research contributes to our understanding of less‐explored data sources within iOS devices and their potential value in investigative contexts.

medicine, legal

Rob Witteman,Arjen Meijer,M-T. Kechadi,Nhien-An Le-Khac

DOI: https://doi.org/10.48550/arXiv.1609.02953

2016-09-09

Cryptography and Security

Abstract:Today, a mobile phone is not just a phone but it is a computer that you can also use for calling someone. Besides, in criminal investigations the importance of evidence from the mobile phone is increasing as more and more phones are seized at the Digital Forensic Department of the police. Indeed, the amount of memory cards of these mobile phones that need to be investigated separately is also increasing. Possible reasons are that the mobile phone investigation software does not support the specific mobile phone or the specific, for that investigation, artefacts. Sometimes the software investigates just the internal memory of the mobile phone and not the data which is written on the memory card. Fact is also that although the mobile phone was investigated by the dedicated software, the possibility that the associated memory card contains additional important information is evident. The current procedure to get all of the usable information from a memory card of a mobile phone is very time-consuming process and not user friendly. In this paper, we present a new single tool to simplify the investigation of a memory card from a mobile phone. We also test our tool with WhatsApp application installed on the memory card from different mobile phones.

George Grispos,William Bradley Glisson,Tim Storer

DOI: https://doi.org/10.1016/B978-0-12-801595-7.00016-1

2015-06-07

Abstract:There is a growing demand for cloud storage services such as Dropbox, Box, Syncplicity and SugarSync. These public cloud storage services can store gigabytes of corporate and personal data in remote data centres around the world, which can then be synchronized to multiple devices. This creates an environment which is potentially conducive to security incidents, data breaches and other malicious activities. The forensic investigation of public cloud environments presents a number of new challenges for the digital forensics community. However, it is anticipated that end-devices such as smartphones, will retain data from these cloud storage services. This research investigates how forensic tools that are currently available to practitioners can be used to provide a practical solution for the problems related to investigating cloud storage environments. The research contribution is threefold. First, the findings from this research support the idea that end-devices which have been used to access cloud storage services can be used to provide a partial view of the evidence stored in the cloud service. Second, the research provides a comparison of the number of files which can be recovered from different versions of cloud storage applications. In doing so, it also supports the idea that amalgamating the files recovered from more than one device can result in the recovery of a more complete dataset. Third, the chapter contributes to the documentation and evidentiary discussion of the artefacts created from specific cloud storage applications and different versions of these applications on iOS and Android smartphones.

Cryptography and Security

Jason Bays,Umit Karabiyik

DOI: https://doi.org/10.48550/arXiv.1907.00074

2019-06-29

Abstract:Location sharing applications are becoming increasingly common. These applications allow users to share their own locations and view contacts' current locations on a map. Location applications are commonly used by friends and family members to view Global Positioning System (GPS) location of an individual, but valuable forensic evidence may exist in this data when stored locally on smartphones. This paper aims to discover forensic artifacts from two popular third-party location sharing applications on iOS and Android devices. Industry standard mobile forensic suites are utilized to discover if any locally stored data could be used to assist investigations reliant on knowing the past location of a suspect. Security issues raised regarding the artifacts found during our analysis is also discussed.

Cryptography and Security

Zainab Khalid,Farkhund Iqbal,Faouzi Kamoun,Liaqat Ali Khan,Babar Shah

DOI: https://doi.org/10.1007/s12243-022-00919-6

Abstract:Digital forensic analysis of videoconferencing applications has received considerable attention recently, owing to the wider adoption and diffusion of such applications following the recent COVID-19 pandemic. In this contribution, we present a detailed forensic analysis of Cisco WebEx which is among the top three videoconferencing applications available today. More precisely, we present the results of the forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications. We focus on three digital forensic areas, namely memory, disk space, and network forensics. From the extracted artifacts, it is evident that valuable user data can be retrieved from different data localities. These include user credentials, emails, user IDs, profile photos, chat messages, shared media, meeting information including meeting passwords, contacts, Advanced Encryption Standard (AES) keys, keyword searches, timestamps, and call logs. We develop a memory parsing tool for Cisco WebEx based on the extracted artifacts. Additionally, we identify anti-forensic artifacts such as deleted chat messages. Although network communications are encrypted, we successfully retrieve useful artifacts such as IPs of server domains and host devices along with message/event timestamps.

Bo JIN,Songyang WU,Xiong XIONG,Yong ZHANG

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.03.004

2016-01-01

Abstract:As the widespread application of mobile Internet, smart devices such as smartphones and pads also increas-ingly play an important roles in a wide variety of criminal activities. It has been proven that the extracted data from smartphone of suspects often critical clues and evidence of digital investigation. However, the improved security design of smartphones in recent years seriously hinders the evidence acquisition for mobile phone forensics and brings us new chal-lenges. This paper analyzed current security mechanisms of popular mobile devices of iOS, Android and Windows Phone, studied the major crack technologies of smartphones and their application in digital investigation. This paper also dis-cussed research directions of smartphone forensics technologies in the future.

Ben Martini,Quang Do,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/B978-0-12-801595-7.00015-X

2015-06-18

Abstract:Using the evidence collection and analysis methodology for Android devices proposed by Martini, Do and Choo, we examined and analyzed seven popular Android cloud-based apps. Firstly, we analyzed each app in order to see what information could be obtained from their private app storage and SD card directories. We collated the information and used it to aid our investigation of each app database files and AccountManager data. To complete our understanding of the forensic artefacts stored by apps we analyzed, we performed further analysis on the apps to determine if the user authentication credentials could be collected for each app based on the information gained in the initial analysis stages. The contributions of this research include a detailed description of artefacts, which are of general forensic interest, for each app analyzed.

Computers and Society,Cryptography and Security

Nurul Adhlina Hani Roslee,Nurul Hidayah bt Ab Rahman,Nurul Hidayah Bt Ab Rahman

DOI: https://doi.org/10.30630/joiv.2.3-2.137

2018-06-06

Abstract:This study aims to design and develop an interactive system that can visualize evidence collected from Android smartphone data. This project is developing to support forensic investigator in investigating the security incidents particularly involving Android smartphone forensic data. The used of smartphone in crime was widely recognized. Several types of personnel information are stored in their smartphones. When the investigator analyses the image data of the smartphone, the investigator can know the behaviour of the smartphone’s owner and his social relationship with other people. The analysis of smartphone forensic data is cover in mobile device forensic. Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence from a mobile device under forensically sound condition. The digital investigation model used in this project is the model proposed by United States National Institute of Justice (NIJ) which consists four phases, which are collection phase, examination phase, analysis phase and presentation phase. This project related with analysis phase and presentation phase only. This paper introduces Visroid, a new tool that provides a suite of visualization for Android smartphone data.

Farkhund Iqbal,Joseph Williams,Áine MacDermott,Kellyann Stamp

DOI: https://doi.org/10.1109/SPW53761.2021.00052

2021-05-01

Abstract:Fitbit Versa is the most popular of its predecessors and successors in the Fitbit faction. Increasingly data stored on these smart fitness devices, their linked applications and cloud datacenters are being used for criminal convictions. There is limited research for investigators on wearable devices and specifically exploring evidence identification and methods of extraction. In this paper we present our analysis of Fitbit Versa using Cellebrite UFED and MSAB XRY. We present a clear scope for investigation and data significance based on the findings from our experiments. The data recovery will include logical and physical extractions using devices running Android 9 and iOS 12, comparing between Cellebrite and XRY capabilities. This paper discusses databases and datatypes that can be recovered using different extraction and analysis techniques, providing a robust outlook of data availability. We also discuss the accuracy of recorded data compared to planned test instances, verifying the accuracy of individual data types. The verifiable accuracy of some datatypes could prove useful if such data was required during the evidentiary processes of a forensic investigation.

Computer Science,Law