174 research outputs found

    Forensic investigations of popular ephemeral messaging applications on Android and iOS platforms

    Get PDF
    Ephemeral messaging applications are growing increasingly popular on the digital mobile market. However, they are not always used with good intentions. Criminals may see a gateway into private communication with each other through this transient application data. This could negatively impact criminal court cases for evidence, or civil matters. To find out if messages from such applications can indeed be recovered or not, a forensic examination of the device would be required by the law enforcement authority. This paper reports mobile forensic investigations of ephemeral data from a wide range of applications using both proprietary and freeware forensic tools. Both Android and iOS platforms were used in the investigation. The results from the investigation uncovered various artefacts from the iOS device including account information, contacts, and evidence of communication between users. The Android device uncovered evidence of communications, and several media files assumed to be deleted within a storage cache in the Android file system. The forensic tools used within the investigations were evaluated using parameters from the National Institute of Standards and Technology’s (NIST) mobile tool test assertions and test plan

    Whatsapp Forensics Pada Android Smartphone : a Survey

    Get PDF
    Salah satu applikasi jejaring sosial yang sangat populer saat ini adalah WhatsApp. Hampir seluruh pengguna smartphone menggunakan applikasi ini sebagai media komunikasi. Berbagai macam perkembangan atau fitur baru telah banyak ditambahkan pengembang sebagai fasilitas yang dapat memanjakan para pengguna. Peranan sistem keamanan tentunya sangat penting untuk menunjang keamanan privasi para pengguna agar kerahasiaan tetap terjaga. Beberapa peneliti telah banyak melakukan experimen mobile forensics untuk mendapatkan berbagai informasi dari para pengguna WhatsApp. Pada paper ini membahas survey berbagai metoda dari berbagai para peneliti WhatsApp forensics. Dalam sebuah proses mobile metoda yang digunakan dalam proses forensics antara lain menggunakan internet protocol dan live memory. Untuk proses mobile forensics khususnya pada applikasi WhatsApp dapat dilakukan dengan menggunakan metoda tersebut untuk memperoleh data informasi yang dibutuhkan

    Mobile forensics : analysis of the messaging application Signal.

    Get PDF
    This study reviewed if there are ways to recover messages, image, videos, and call logs within the mobile application Signal, developed by Open Whisper Systems. The purpose of this study was to research the data recovery as fact or fiction, while providing which tools and extraction methods produced more accurate results. Further research was needed to explore data recovered from an Android mobile device compared to an iOS mobile device. The forensic tools used to conduct this research included UFED 4PC (Universal Forensic Extraction Device), version 6.3.1.477 with an internal build version 4.7.1.477 and UFED Physical Analyzer version 6.3.11.36, developed by Cellebrite. The study also compared the results using Cellebrite to three different open source tools, iPhone Analyzer, iExplorer, and Autopsy. The meaning of open source can be a tool or program that is designed for specific tasks, yet the source code is openly published to the public. These tools or programs are free of charge unless the user opts to pay for the expanded versions. Overall, the results were dependent on the make and model of the mobile devices. Out of four different types of mobile devices, only one device produced viable results when it came to the Signal Application. The physical extraction from UFED 4PC and Physical Analyzer on the Android ZTE Z993 device was able to recover an abundant amount of data. The other three devices produced minimal results only showing the installation of the application, but no real message data using the UFED 4PC version 6.3.1.477 and UFED Physical Analyzer version 6.3.11.36 software. The three open source software, iPhone Analyzer, iExplorer, and Autopsy also produced minimal results with the exception of the Android ZTE Z993 device. Autopsy free version was able to parse the data missed by the Cellebrite commercial tools and recover some of the missing images within messages sent inside of the Signal Application

    VISION: a video and image dataset for source identification

    Get PDF
    Abstract Forensic research community keeps proposing new techniques to analyze digital images and videos. However, the performance of proposed tools are usually tested on data that are far from reality in terms of resolution, source device, and processing history. Remarkably, in the latest years, portable devices became the preferred means to capture images and videos, and contents are commonly shared through social media platforms (SMPs, for example, Facebook, YouTube, etc.). These facts pose new challenges to the forensic community: for example, most modern cameras feature digital stabilization, that is proved to severely hinder the performance of video source identification technologies; moreover, the strong re-compression enforced by SMPs during upload threatens the reliability of multimedia forensic tools. On the other hand, portable devices capture both images and videos with the same sensor, opening new forensic opportunities. The goal of this paper is to propose the VISION dataset as a contribution to the development of multimedia forensics. The VISION dataset is currently composed by 34,427 images and 1914 videos, both in the native format and in their social version (Facebook, YouTube, and WhatsApp are considered), from 35 portable devices of 11 major brands. VISION can be exploited as benchmark for the exhaustive evaluation of several image and video forensic tools

    Forensic analysis of secure ephemeral messaging applications on Android platforms

    Get PDF
    Secure messaging applications have been used for the purposes of major crime, creating the need for forensic research into the area. This paper forensically analyses two secure messaging applications, Wickr and Telegram, to recover artefacts from and then to compare them to reveal the differences between the applications. The artefacts were created on Android platforms by using the secure features of the applications, such as ephemeral messaging, the channel function and encrypted conversations. The results of the experiments documented in this paper give insight into the organisation of the data structures by both Wickr and Telegram, as well as the exploration of mobile digital forensics techniques to recover artefacts removed by the ephemeral functions

    Framework Design for the Retrieval of Instant Messaging in Social Media as Electronic Evidence

    Get PDF
    The rapid growth of social media features not only brings many advantages but also causes problems. Mainly related to digital evidence when cybercrime occurs. One of the social media features that are currently popular is the unsend message feature in instant messaging applications such as Instagram, Whatsapp, Facebook Messenger, Skype, Viber, and Telegram. In the case of cybercrime, the perpetrator can delete the messages and erase digital evidence, making it difficult to trace. Those artifact messages might be useful for law enforcement or forensic investigators to be used as digital evidence in court. Therefore, an effective and efficient framework is needed in the mobile forensic investigation process to guarantee the integrity of the data obtained. This paper will discuss the review of several international standards on mobile forensics, namely NIST SP 800-101, ISO/ IEC, and SWGDE. This paper also proposes a framework design to retrieve unsend data artifacts on social media according to official and widely used international mobile forensic standards

    Analysis of Autopsy Mobile Forensic Tools against Unsent Messages on WhatsApp Messaging Application

    Get PDF
    This paper discusses the new feature that is implemented in most social media messaging applications: the unsent feature, where the sender can delete the message he sent both in the sender and the recipient devices. This new feature poses a new challenge in mobile forensic, as it could potentially delete sent messages that can be used as evidence without the means to retrieves it. This paper aims to analyze how well the Autopsy open-source mobile forensics tools in extracting and identifying the deleted messages, both that are sent or received. The device used in this paper is a Redmi Xiaomi Note 4, which has its userdata block extracted using linux command, and the application we're using is WhatsApp. Autopsy will analyze the extracted image and see what information can be extracted from the unsent messages. From the result of our experiment, Autopsy is capable of obtaining substantial information, but due to how each vendor and mobile OS store files and databases differently, only WhatsApp data can be extracted from the device. And based on the WhatsApp data analysis, Autopsy is not capable of retrieving the deleted messages. However it can detect the deleted data that is sent from the device. And using sqlite3 database browser, the author can find remnants of received deleted messages from the extracted files by Autopsy

    Multimedia Forensic Analysis of TikTok Application Using National Institute of Justice (NIJ) Method

    Get PDF
    The advancement of technology, especially in mobile devices like smartphones, has had a significant impact on human life, particularly during the COVID-19 pandemic, leading to the growth of online activities, especially on social media platforms like TikTok. TikTok is a highly popular social media platform, primarily known for its focus on short videos and images often accompanied by music. However, this has also opened up opportunities for misuse, including the spread of false information and defamation. To address this issue, this research utilizes mobile forensic analysis with Error Level Analysis (ELA) to collect digital evidence related to crimes on TikTok. This research contributes by applying digital forensic techniques, specifically Error Level Analysis (ELA), to detect image manipulation on TikTok. By using forensic methods, this research helps uncover digital crimes occurring on TikTok and provides essential insights to combat misuse and criminal activities on this social media platform. The research aims to collect digital evidence from TikTok on mobile devices using MOBILedit Forensic Express Pro and authenticate it with ELA through tools like FotoForensics and Forensically, as well as manual examination. This research follows the National Institute of Justice (NIJ) methodology with ten stages of mobile forensic investigation, including scenario creation, identification, collection, investigation, and analysis. The research yields manipulated digital evidence from TikTok, primarily concerning upload times. Error Level Analysis (ELA) is used to assess the authenticity of images, revealing signs of manipulation in digital evidence. The research's contribution is to produce or collect manipulated digital evidence from TikTok, primarily concerning upload times, and to apply the Error Level Analysis (ELA) approach or technique to assess the authenticity of images, uncovering signs of manipulation in digital evidence

    WHATSAPP FORENSICS PADA ANDROID SMARTPHONE : A SURVEY

    Full text link

    Digital forensic analysis of the private mode of browsers on Android

    Get PDF
    The smartphone has become an essential electronic device in our daily lives. We carry our most precious and important data on it, from family videos of the last few years to credit card information so that we can pay with our phones. In addition, in recent years, mobile devices have become the preferred device for surfing the web, already representing more than 50% of Internet traffic. As one of the devices we spend the most time with throughout the day, it is not surprising that we are increasingly demanding a higher level of privacy. One of the measures introduced to help us protect our data by isolating certain activities on the Internet is the private mode integrated in most modern browsers. Of course, this feature is not new, and has been available on desktop platforms for more than a decade. Reviewing the literature, one can find several studies that test the correct functioning of the private mode on the desktop. However, the number of studies conducted on mobile devices is incredibly small. And not only is it small, but also most of them perform the tests using various emulators or virtual machines running obsolete versions of Android. Therefore, in this paper we apply the methodology we presented in a previous work to Google Chrome, Brave, Mozilla Firefox, and Tor Browser running on a tablet with Android 13 and on two virtual devices created with Android Emulator. The results confirm that these browsers do not store information about the browsing performed in private mode in the file system. However, the analysis of the volatile memory made it possible to recover the username and password used to log in to a website or the keywords typed in a search engine, even after the devices had been rebootedThis work has received financial support from the Consellería de Cultura, Educación e Ordenación Universitaria of the Xunta de Galicia (accreditation 2019- 2022 ED431G-2019/04, reference competitive group 2022-2024, ED431C 2022/16) and the European Regional Development Fund (ERDF), which acknowledges the CiTIUS-Research Center in Intelligent Technologies of the University of Santiago de Compostela as a Research Center of the Galician University System. This work was also supported by the Ministry of Economy and Competitiveness, Government of Spain (Grant No. PID2019-104834 GB-I00). X. Fernández-Fuentes is supported by the Ministerio de Universidades, Spain under the FPU national plan (FPU18/04605)S
    • …
    corecore