Precognition: Automated Digital Forensic Readiness System for Mobile Computing Devices in Enterprises

Enterprises are facing an unprecedented risk of security incidents due to the influx of emerging technologies, like smartphones and wearables. Most of the current Mobile security systems are not maturing in pace with technological advances. They lack the ability to learn and adapt from the past knowledge base. In the case of a security incident, enterprises find themselves underprepared for the lack of evidence and data. The systems are not designed to be forensic ready. There is a need for automated security analysis and forensically ready solution, which can learn and continuously adapt to new challenges, improve efficiency and productivity of the system. In this research, the authors have designed a security analysis and digital forensic readiness system targeted at smartphones and wearables in an enterprise environment. The proposed system detects applications violating security policies, analyzes Android and iOS applications to identify possible vulnerabilities on the server, apply machine learning algorithms to improve the efficiency and accuracy of vulnerability prediction. The System continuously learns from past incidents, proactively collect required information from the devices which can help in digital forensics. Machine learning techniques are applied to the set of features extracted from the decompiled Mobile applications and applications classified based on consisting of one or more vulnerabilities. The system was evaluated in a real-world enterprise environment with 14151 mobile applications and vulnerabilities was predicted with an accuracy of 94.2%. The system can also work on virtual instances of the mobile devices

Android anti-forensics through a local paradigm

n/

Forensic Analysis of Smartphones: The Android Data Extractor Lite (ADEL)

Due to the ubiquitous use of smartphones, these devices become an increasingly important source of digital evidence in forensic investigations. Thus, the recovery of digital traces from smartphones often plays an essential role for the examination and clarification of the facts in a case. Although some tools already exist regarding the examination of smartphone data, there is still a strong demand to develop further methods and tools for forensic extraction and analysis of data that is stored on smartphones. In this paper we describe specifications of smartphones running Android. We further introduce a newly developed tool – called ADEL – that is able to forensically extract and analyze data from SQLite databases on Android devices. Finally, a detailed report containing the results of the examination is created by the tool. The whole process is fully automated and takes account of main forensic principles. Keywords: Android, Smartphones, Mobile devices, Forensics

Advancing Automation in Digital Forensic Investigations Using Machine Learning Forensics

In the last few years, most of the data such as books, videos, pictures, medical and even the genetic information of humans are moving toward digital formats. Laptops, tablets, smartphones and wearable devices are the major source of this digital data transformation and are becoming the core part of our daily life. As a result of this transformation, we are becoming the soft target of various types of cybercrimes. Digital forensic investigation provides the way to recover lost or purposefully deleted or hidden files from a suspect’s device. However, current man power and government resources are not enough to investigate the cybercrimes. Unfortunately, existing digital investigation procedures and practices require huge interaction with humans; as a result it slows down the process with the pace digital crimes are committed. Machine learning (ML) is the branch of science that has governs from the field of AI. This advance technology uses the explicit programming to depict the human-like behaviour. Machine learning combined with automation in digital investigation process at different stages of investigation has significant potential to aid digital investigators. This chapter aims at providing the research in machine learning-based digital forensic investigation, identifies the gaps, addresses the challenges and open issues in this field

Android Chat Application Forensic Process Improvement and XRY Support

Tänapäeval seisab maailma silmitsi kiire mobiilseadmete arenguganing see nõuab digimaailmas kohtuekspertiisi valdkonda. Eriti on see seotudmobiiltelefonide ja kaasaskantavate seadmetega, millel on erinevad platvormid javiisid andmete salvestamiseks. See nõuab konkreetseid teadmisi, kuidas neid andmeideraldada ja töödelda. Andmete eraldamine, analüüsimine ja esitamine inimeseleloetaval kujul on kolm põhilist väljakutset, millega ekspertiisitöötajad puutuvadkokku igapäevaselt. Kõigil neist on kogum küsimusi ja takistusi. Teiseks jakolmandaks on osad, mis on esitatud käesoleva väitekirjaga. Isegi kui valdkonnason kogum äratuntavat (spetsialistide poolt) tarkvara, ei toeta need alati hilisemaidandmete formaate ja seetõttu ei saa pakkuda igal ajal inimestele loetavat varianti.Probleemide lahendamiseks on loodud ekspertide teenus, selle vestluserakenduseanalüüs on tehtud nii käsitsi kui ka automaatselt.Selle töö peamine tulemus lubab mitte vaid otsingut toestada, vaid kirjutadamooduleid ka Python'is, mis kitsendab otsingut ning iga moodul mõistab vajaduselesitatud failiformaati. Tulemused näitavad automaatotsingu ja -eraldamisehäid ja halbu külgi ning võrdlevad analüüsitulemusi manuaalse lähenemisega (kuieksperdid analüüsivad faile käsitsi). Kommertsvahendit XRY toetab hulk vestlusrakendusi,mida võrreldakse peamise tulemuste tabeliga. Vähesel hulgal analüüsitakseavatud lähtekoodiga tarkvara (nende andmebaasi skeemi läbi erinevate versioonide),näitamaks et vestlusrakenduse andmete salvestamise vorm võib muutuda,mis vajaks kommertstarkvara uuendusi või käsitsi kogu andmete lugemist jatöötlemist.Võtmesõnad: digitaalne kohtuekspertiis, android, suhtlemistarkvara, sqlite andmebaas,andmete analüüsCERCS: P170, Arvutiteadus, arvutusmeetodid, süsteemid, juhtimine (automaatjuhtimisteooria)Nowadays world faces rapid mobile devices development and so requires forensic Field in digital world. This is especially related to mobile phones and wearable devices, with various platforms and different ways of storing data. Thisrequires certain knowledge on how to extract and process that data. Extracting,analyzing and presenting data in human readable way are three challenges, thateach forensic specialist face in the working Field. Each one of listed, have a set ofissues and obstacles. Second and third are the parts, which are presented in thisthesis. Even if there is a set of recognizable (by specialists) software in the Field, itis not always support the latest data formats and therefore cannot provide humanreadable variant all the time. To solve a set of problems a forensic utility has beencreated, both manual and automated analysis of chat application data has been done.Main result in this work allows not only to perform a search, but to write amodules in Python, which can make search narrower and each of modules canunderstand particular file format, if needed. Result shows, good and bad sides ofautomated way of searching and extracting results and compare analysis resultswith manual approach (as when forensic specialist do analyze files manually). Acommercial tool - XRY, have a list of supported chat applications, which will becompared to the main results table. Few open source applications code will be analyzed(their database schema throughout different versions), to show, that chatapplication data storage format might change, which would require commercialsoftware update or manually read and process all data.Keywords: computer forensics, android, chat application, sqlite database, dataanalysisCERCS: P170, Computer science, numerical analysis, systems, contro