9 research outputs found
Investigasi Bukti Digital Aplikasi We Chat Menggunakan Framework Integrated Digital Forensics Proses Model (IDFPM) Berbasis Sni 27037:2014
Social media is an alternative means of communication on smartphones, as many as 28% of the WeChat instant messenger application is used as a social interaction for the delivery of messages by senders and recipients, Cyberbullying on the WeChat application results in intimidation by users, so to deal with the
crime of Cyberbullying applications WeChat on Smartphones requires a Mobile Forensic technique to identify digital evidence of verbal conversations on the WeChat ap-plication using the Framework In-
tegrated Digital Forensics Process Model (IDFPM) method based on SNI 27037: 2014 which is carried out on Smartphones. WeChat application which was previously encrypted and hashing values of md5 and sha1 are authentic, as well as metadata or timestamp in the WeChat application conversation mes-
sages using the Mobileedit Forensic Express Tools, and successfully implemented Frame Work Inte- grated Digital Forensic Process Model (IDFPM) based on SNI 27037: 2014 on the forensic investiga-
tion process using Android Smartphone media.
Keywords: Cyberbullying, WeChat, Mobile Forensics, Framework, SNI 27037: 201
Multimedia Distribution Process Tracking for Android and iOS
The crime of illegally filming and distributing images or videos worldwide is
increasing day by day. With the increasing penetration rate of smartphones,
there has been a rise in crimes involving secretly taking pictures of people's
bodies and distributing them through messengers. However, little research has
been done on these related issue. The crime of distributing media using the
world's popular messengers, WhatsApp and Telegram, is continuously increasing.
It is also common to see criminals distributing illegal footage through various
messengers to avoid being caught in the investigation network. As these crimes
increase, there will continue to be a need for professional investigative
personnel, and the time required for criminal investigations will continue to
increase. In this paper, we propose a multimedia forensic method for tracking
footprints by checking the media information that changes when images and
videos shot with a smartphone are transmitted through instant messengers. We
have selected 11 of the world's most popular instant messengers and two secure
messengers. In addition, we selected the most widely used Android and iOS
operating systems for smartphones. Through this study, we were able to confirm
that it is possible to trace footprints related to the distribution of instant
messengers by analyzing transmitted images and videos. Thus, it was possible to
determine which messengers were used to distribute the video when it was
transmitted through multiple messengers.Comment: 10 page
Map My Murder: A Digital Forensic Study of Mobile Health and Fitness Applications
The ongoing popularity of health and fitness applications catalyzes
the need for exploring forensic artifacts produced by them. Sensitive
Personal Identifiable Information (PII) is requested by the applications
during account creation. Augmenting that with ongoing
user activities, such as the user’s walking paths, could potentially
create exculpatory or inculpatory digital evidence. We conducted
extensive manual analysis and explored forensic artifacts produced
by (n = 13) popular Android mobile health and fitness applications.
We also developed and implemented a tool that aided in the timely
acquisition and identification of artifacts from the examined applications.
Additionally, our work explored the type of data that
may be collected from health and fitness web platforms, and Web
Scraping mechanisms for data aggregation. The results clearly show
that numerous artifacts may be recoverable, and that the tested
web platforms pose serious privacy threats
EviHunter: Identifying Digital Evidence in the Permanent Storage of Android Devices via Static Analysis
Crimes, both physical and cyber, increasingly involve smartphones due to
their ubiquity. Therefore, digital evidence on smartphones plays an
increasingly important role in crime investigations. Digital evidence could
reside in the memory and permanent storage of a smartphone. While we have
witnessed significant progresses on memory forensics recently, identifying
evidence in the permanent storage is still an underdeveloped research area.
Most existing studies on permanent-storage forensics rely on manual analysis or
keyword-based scanning of the permanent storage. Manual analysis is costly,
while keyword matching often misses the evidentiary data that do not have
interesting keywords.
In this work, we develop a tool called EviHunter to automatically identify
evidentiary data in the permanent storage of an Android device. There could be
thousands of files on the permanent storage of a smartphone. A basic question a
forensic investigator often faces is which files could store evidentiary data.
EviHunter aims to answer this question. Our intuition is that the evidentiary
data were produced by apps; and an app's code has rich information about the
types of data the app may write to a permanent storage and the files the data
are written to. Therefore, EviHunter first pre-computes an App Evidence
Database (AED) via static analysis of a large number of apps. The AED includes
the types of evidentiary data and files that store them for each app. Then,
EviHunter matches the files on a smartphone's permanent storage against the AED
to identify the files that could store evidentiary data.
We evaluate EviHunter on benchmark apps and 8,690 real-world apps. Our
results show that EviHunter can precisely identify both the types of
evidentiary data and the files that store them
Forensic analysis of open-source XMPP multi-client social networking apps on iOS devices
In this paper, we present forensic analysis of Monal and Siskin IM, two decentralized open-source XMPP multi-client social networking apps on iOS devices that provide anonymity and privacy using OMEMO end-to-end encryption. We identified databases maintained by each app and storage locations within the iOS file system that stores the local copies of user information and metadata. We analyzed the databases and storage locations for evidential data of forensic value. The results in this paper show a detailed analysis and correlation of data stored in each app's database to identify the local user's multiple IM accounts and contact list, contents of messages exchanged with contacts, and chronology of conversations. The focus and main contributions of this study include a detailed description of artifacts of forensic interest that can be used to aid mobile forensic investigations
Integrated examination and analysis model for improving mobile cloud forensic investigation
Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the casespecific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud Investigation (MCI) encounters many research issues in tracing and fine-tuning the relevant evidential artifacts from the MCC environment. This research proposes an integrated Examination and Analysis (EA) model for a generalised application architecture of CMA deployable on the public cloud to trace the case-specific evidential artifacts. The proposed model effectively validates MCI and enhances the accuracy and speed of the investigation. In this context, proposing Forensic Examination and Analysis Methodology using Data mining (FED) and Forensic Examination and analysis methodology using Data mining and Optimization (FEDO) models address these issues. The FED incorporates key sub-phases such as timeline analysis, hash filtering,
data carving, and data transformation to filter out case-specific artifacts. The Long Short-Term Memory (LSTM) assisted forensic methodology decides the amount of potential information to be retained for further investigation and categorizes the forensic evidential artifacts for the relevancy of the crime event. Finally, the FED model constructs the forensic evidence taxonomy and maintains the precision and recall above 85% for effective decision-making. FEDO facilitates cloud evidence by examining the key features and indexing the evidence. The FEDO incorporates several sub-phases to precisely handle the evidence, such as evidence indexing, crossreferencing, and keyword searching. It analyses the temporal and geographic information and performs cross-referencing to fine-tune the evidence towards the casespecific evidence. FEDO models the Linearly Decreasing Weight (LDW) strategy based Particle Swarm Optimization (PSO) algorithm on the case-specific evidence to improve the searching capability of the investigation across the massive MCC environment. FEDO delivers the evidence tracing rate at 90%, and thus the integrated EA ensures improved MCI performance
Contribuciones al análisis forense de evidencias digitales procedentes de aplicaciones de mensajería instantánea
La continua evolución de las Tecnologías de la Información y Comunicaciones está propiciando que cada vez más, nos encontremos ante una sociedad más interconectada, permitiendo el intercambio inmediato de información digital desde casi cualquier lugar del planeta. Desde el punto de vista de las ciencias forenses, como ciencia que estudia los elementos recolectados en la escena de un crimen, el nacimiento y la rápida evolución de las TICs implica que las ciencias forenses deban adaptarse continuamente a esta evolución, investigando nuevos métodos científicos de análisis que permitan la resolución de los hechos delictivos a través de medios digitales. El uso que se realiza en concreto de las aplicaciones de intercambio de información en la comisión de hechos delictivos implica que éstas deban ser objeto de un análisis forense minucioso, a partir del cual identificar, recuperar y extraer toda aquella información relativa con el hecho investigado, manteniendo en todo momento el valor probatorio de la misma.
La Tesis con el título La Tesis con el título CONTRIBUCIONES AL ANÁLISIS FORENSE DE EVIDENCIAS DIGITALES PROCEDENTES DE APLICACIONES DE MENSAJERÍA INSTANTÁNEA lleva a cabo la investigación de la evolución de las aplicaciones de mensajería instantánea y su impacto en el ámbito de las ciencias forenses. La investigación realizada pretende reseñar la transformación de este tipo de aplicaciones en cuando a los diferentes métodos de acceso e infinidad de funcionalidades ofrecidas a sus usuarios. Así mismo se persigue contribuir de forma directa en los métodos científicos utilizados en el análisis forense que se vienen realizando sobre las aplicaciones de mensajería instantánea, medio de prueba principal en multitud de procesos judiciales. Esta Tesis expondrá el estado actual de los procesos utilizados tanto en el proceso de adquisición como en el proceso de análisis de las aplicaciones de mensajería instantánea, así como las diferentes problemáticas a las que se enfrenta el especialista forense digital en el análisis forense de este tipo de aplicaciones. Se desarrollará una metodología específica para el análisis forense de las aplicaciones de mensajería instantánea, suma de diversos métodos de estudios, la cual permitirá identificar, decodificar e interpretar la información generada por este tipo de aplicaciones con independencia del dispositivo electrónico, sistema operativo o aplicación analizada. A partir de los tres métodos de estudio incluidos en la metodología propuesta, se pretende verificar y validar la integridad de la información extraída más allá del uso generalizado de soluciones forenses comerciales. Por último, se expondrán los resultados y conclusiones obtenidas de aplicar la metodología de análisis forense propuesta en esta investigación sobre alguno de los clientes de las principales aplicaciones de mensajería instantánea que existen en la actualidad
Introductory Computer Forensics
INTERPOL (International Police) built cybercrime programs to keep up with emerging cyber threats, and aims to coordinate and assist international operations for ?ghting crimes involving computers. Although signi?cant international efforts are being made in dealing with cybercrime and cyber-terrorism, ?nding effective, cooperative, and collaborative ways to deal with complicated cases that span multiple jurisdictions has proven dif?cult in practic