Forensic Tools Performance Analysis on Android-based Blackberry Messenger using NIST Measurements

Blackberry Messenger is one of the popularly used instant messaging applications on Android with user’s amount that increase significantly each year. The increase off Blackberry Messenger users might lead to application misuse, such as for commiting digital crimes. To conduct investigation involving smartphone devices, the investigators need to use forensic tools. Therefore, a research on current forensic tool’s performance in order to handle digital crime cases involving Android smartphones and Blackberry Messenger in particular need to be done. This research focuses on evaluating and comparing three forensic tools to obtain digital evidence from Blackberry Messenger on Android smartphones using parameter from National Institute of Standard Technology and Blackberry Messenger’s acquired digital evidences. The result shows that from comparative analysis conducted, Andriller gives 25% performance value, Oxygen Forensic Suite gives 100% performance value, and Autopsy 4.1.1 gives 0% performance value. Related to National Institute of Standard Technology parameter criterias, Andriller has performance value of 47.61%. Oxygen Forensic Suite has performance value of 61.90%. Autopsy 4.1.1 has performance value of 9.52%

Forensic investigation of small-scale digital devices: a futuristic view

Small-scale digital devices like smartphones, smart toys, drones, gaming consoles, tablets, and other personal data assistants have now become ingrained constituents in our daily lives. These devices store massive amounts of data related to individual traits of users, their routine operations, medical histories, and financial information. At the same time, with continuously evolving technology, the diversity in operating systems, client storage localities, remote/cloud storages and backups, and encryption practices renders the forensic analysis task multi-faceted. This makes forensic investigators having to deal with an array of novel challenges. This study reviews the forensic frameworks and procedures used in investigating small-scale digital devices. While highlighting the challenges faced by digital forensics, we explore how cutting-edge technologies like Blockchain, Artificial Intelligence, Machine Learning, and Data Science may play a role in remedying concerns. The review aims to accumulate state-of-the-art and identify a futuristic approach for investigating SSDDs

The Comparison Performance of Digital Forensic Tools Using Additional Root Access Options

This research used MiChat and SayHi as materials for forensic investigations using three different tools, namely MOBILedit, Magnet Axiom, and Belkasoft. These three tools will show each performance in the forensic process. We also added a rooting process as an option if data cannot be extracted optimally even when using these three applications. The result of this study shows that the cases studied with processes without root access and with root access have the aim of complementing each other in obtaining evidence. So that these two processes complement each other's shortcomings. The main contribution of this research is a recommendation of a tool based on the best performance shown during the forensic process with rooting access and without rooting access. Based on the comparison, Magnet Axiom is superior with a total of 34 items of data found without root access, while MOBILedit is 30 items and 30 items for Belkasoft. While comparison using root access, Magnet Axiom and MOBILedit are superiors with a total of 36 items found in Magnet Axiom without root access, while MOBILedit is 36 items and 33 items for Belkasoft. Based on the test results, it can be concluded that the recommended tool according to the used scenario is Magnet Axiom

Mobile forensics : analysis of the messaging application Signal.

This study reviewed if there are ways to recover messages, image, videos, and call logs within the mobile application Signal, developed by Open Whisper Systems. The purpose of this study was to research the data recovery as fact or fiction, while providing which tools and extraction methods produced more accurate results. Further research was needed to explore data recovered from an Android mobile device compared to an iOS mobile device. The forensic tools used to conduct this research included UFED 4PC (Universal Forensic Extraction Device), version 6.3.1.477 with an internal build version 4.7.1.477 and UFED Physical Analyzer version 6.3.11.36, developed by Cellebrite. The study also compared the results using Cellebrite to three different open source tools, iPhone Analyzer, iExplorer, and Autopsy. The meaning of open source can be a tool or program that is designed for specific tasks, yet the source code is openly published to the public. These tools or programs are free of charge unless the user opts to pay for the expanded versions. Overall, the results were dependent on the make and model of the mobile devices. Out of four different types of mobile devices, only one device produced viable results when it came to the Signal Application. The physical extraction from UFED 4PC and Physical Analyzer on the Android ZTE Z993 device was able to recover an abundant amount of data. The other three devices produced minimal results only showing the installation of the application, but no real message data using the UFED 4PC version 6.3.1.477 and UFED Physical Analyzer version 6.3.11.36 software. The three open source software, iPhone Analyzer, iExplorer, and Autopsy also produced minimal results with the exception of the Android ZTE Z993 device. Autopsy free version was able to parse the data missed by the Cellebrite commercial tools and recover some of the missing images within messages sent inside of the Signal Application

The InfoSec Handbook

Computer scienc

The InfoSec Handbook

Computer scienc

The Practice of Basic Informatics 2020

Version 2020/04/02Kyoto University provides courses on 'The Practice of Basic Informatics' as part of its Liberal Arts and Sciences Program. The course is taught at many schools and departments, and course contents vary to meet the requirements of these schools and departments. This textbook is made open to the students of all schools that teach these courses. As stated in Chapter 1, this book is written with the aim of building ICT skills for study at university, that is, ICT skills for academic activities. Some topics may not be taught in class. However, the book is written for self-study by students. We include many exercises in this textbook so that instructors can select some of them for their classes, to accompany their teaching plans. The courses are given at the computer laboratories of the university, and the contents of this textbook assume that Windows 10 and Microsoft Office 2016 are available in these laboratories. In Chapter 13, we include an introduction to computer programming; we chose Python as the programming language because on the one hand it is easy for beginners to learn, and on the other, it is widely used in academic research. To check the progress of students' self-study, we have attached assessment criteria (a 'rubric') of this course as an Appendix. Current ICT is a product of the endeavors of many people. The "Great Idea" columns are included to show appreciation for such work. Dr. Yumi Kitamura and Dr. Hirohisa Hioki wrote Chapters 4 and 13, respectively. The remaining chapters were written by Dr. Hajime Kita. In revision for 2018 edition and after, Dr. Hiroyuki Sakai has participated in the author group, and Dr. Donghui Lin has also joined for English edition 2019. The authors hope that this textbook helps you to improve your academic ICT skill set. The content included in this book is selected based on the reference course plan discussed in the course development team for informatics at the Institute for Liberal Arts and Sciences. In writing this textbook, we obtained advice and suggestions from staffs of the Network Section, Information Infrastructure Division, Department of Planning and Information Management Department, Kyoto University on Chapters 2 and 3, from Mr. Sosuke Suzuki, NTT Communications Corporation also on Chapter 3, Rumi Haratake, Machiko Sakurai and Taku Sakamoto of the User Support Division, Kyoto University Library on Chapter 4. Dr. Masako Okamoto of Center for the Promotion of Excellence in Higher Education, Kyoto University helped us in revision of 2018 Japanese Edition. The authors would like to express their sincere gratitude to the people who supported them

Nation-State Attackers and their Effects on Computer Security

Nation-state intelligence agencies have long attempted to operate in secret, but recent revelations have drawn the attention of security researchers as well as the general public to their operations. The scale, aggressiveness, and untargeted nature of many of these now public operations were not only alarming, but also baffling as many were thought impossible or at best infeasible at scale. The security community has since made many efforts to protect end-users by identifying, analyzing, and mitigating these now known operations. While much-needed, the security community's response has largely been reactionary to the oracled existence of vulnerabilities and the disclosure of specific operations. Nation-State Attackers, however, are dynamic, forward-thinking, and surprisingly agile adversaries who do not rest on their laurels and are continually advancing their efforts to obtain information. Without the ability to conceptualize their actions, understand their perspective, or account for their presence, the security community's advances will become antiquated and unable to defend against the progress of Nation-State Attackers. In this work, we present and discuss a model of Nation-State Attackers that can be used to represent their attributes, behavior patterns, and world view. We use this representation of Nation-State Attackers to show that real-world threat models do not account for such highly privileged attackers, to identify and support technical explanations of known but ambiguous operations, and to identify and analyze vulnerabilities in current systems that are favorable to Nation-State Attackers.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/143907/1/aaspring_1.pd