Integrated examination and analysis model for improving mobile cloud forensic investigation

Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the casespecific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud Investigation (MCI) encounters many research issues in tracing and fine-tuning the relevant evidential artifacts from the MCC environment. This research proposes an integrated Examination and Analysis (EA) model for a generalised application architecture of CMA deployable on the public cloud to trace the case-specific evidential artifacts. The proposed model effectively validates MCI and enhances the accuracy and speed of the investigation. In this context, proposing Forensic Examination and Analysis Methodology using Data mining (FED) and Forensic Examination and analysis methodology using Data mining and Optimization (FEDO) models address these issues. The FED incorporates key sub-phases such as timeline analysis, hash filtering, data carving, and data transformation to filter out case-specific artifacts. The Long Short-Term Memory (LSTM) assisted forensic methodology decides the amount of potential information to be retained for further investigation and categorizes the forensic evidential artifacts for the relevancy of the crime event. Finally, the FED model constructs the forensic evidence taxonomy and maintains the precision and recall above 85% for effective decision-making. FEDO facilitates cloud evidence by examining the key features and indexing the evidence. The FEDO incorporates several sub-phases to precisely handle the evidence, such as evidence indexing, crossreferencing, and keyword searching. It analyses the temporal and geographic information and performs cross-referencing to fine-tune the evidence towards the casespecific evidence. FEDO models the Linearly Decreasing Weight (LDW) strategy based Particle Swarm Optimization (PSO) algorithm on the case-specific evidence to improve the searching capability of the investigation across the massive MCC environment. FEDO delivers the evidence tracing rate at 90%, and thus the integrated EA ensures improved MCI performance

An android cloud storage apps forensic taxonomy

Mobile phones have been playing a very significant role in our daily activities for the last decade. With the increase need for these devices, people are now more reliant on their smartphone applications for their daily tasks and many prefer to save their mobile data on a cloud platform to access them anywhere on any device. Cloud technology is the new way for better data storage, as it offers better security, more flexibility, and mobility. Many smartphones have been investigated as subjects, objects or tools of the crime. Many of these investigations include analysing data stored through cloud storage apps which contributes to importance of cloud apps forensics on mobile devices. In this paper, various cloud Android applications are analysed using the forensics tool XRY and a forensics taxonomy for investigation of these apps is suggested. The proposed taxonomy reflects residual artefacts retrievable from 31 different cloud applications. It is expected that the proposed taxonomy and the forensic findings in this paper will assist future forensic investigations involving cloud based storage applications