Investigasi Bukti Digital Aplikasi We Chat Menggunakan Framework Integrated Digital Forensics Proses Model (IDFPM) Berbasis Sni 27037:2014

Social media is an alternative means of communication on smartphones, as many as 28% of the WeChat instant messenger application is used as a social interaction for the delivery of messages by senders and recipients, Cyberbullying on the WeChat application results in intimidation by users, so to deal with the crime of Cyberbullying applications WeChat on Smartphones requires a Mobile Forensic technique to identify digital evidence of verbal conversations on the WeChat ap-plication using the Framework In- tegrated Digital Forensics Process Model (IDFPM) method based on SNI 27037: 2014 which is carried out on Smartphones. WeChat application which was previously encrypted and hashing values of md5 and  sha1 are authentic, as well as metadata or timestamp in the WeChat application conversation mes- sages using the Mobileedit Forensic Express Tools, and successfully implemented Frame Work Inte- grated Digital Forensic Process Model (IDFPM) based on SNI 27037: 2014 on the forensic investiga- tion process using Android Smartphone media. Keywords: Cyberbullying, WeChat, Mobile Forensics, Framework, SNI 27037: 201

Multimedia Distribution Process Tracking for Android and iOS

The crime of illegally filming and distributing images or videos worldwide is increasing day by day. With the increasing penetration rate of smartphones, there has been a rise in crimes involving secretly taking pictures of people's bodies and distributing them through messengers. However, little research has been done on these related issue. The crime of distributing media using the world's popular messengers, WhatsApp and Telegram, is continuously increasing. It is also common to see criminals distributing illegal footage through various messengers to avoid being caught in the investigation network. As these crimes increase, there will continue to be a need for professional investigative personnel, and the time required for criminal investigations will continue to increase. In this paper, we propose a multimedia forensic method for tracking footprints by checking the media information that changes when images and videos shot with a smartphone are transmitted through instant messengers. We have selected 11 of the world's most popular instant messengers and two secure messengers. In addition, we selected the most widely used Android and iOS operating systems for smartphones. Through this study, we were able to confirm that it is possible to trace footprints related to the distribution of instant messengers by analyzing transmitted images and videos. Thus, it was possible to determine which messengers were used to distribute the video when it was transmitted through multiple messengers.Comment: 10 page

Map My Murder: A Digital Forensic Study of Mobile Health and Fitness Applications

The ongoing popularity of health and fitness applications catalyzes the need for exploring forensic artifacts produced by them. Sensitive Personal Identifiable Information (PII) is requested by the applications during account creation. Augmenting that with ongoing user activities, such as the user’s walking paths, could potentially create exculpatory or inculpatory digital evidence. We conducted extensive manual analysis and explored forensic artifacts produced by (n = 13) popular Android mobile health and fitness applications. We also developed and implemented a tool that aided in the timely acquisition and identification of artifacts from the examined applications. Additionally, our work explored the type of data that may be collected from health and fitness web platforms, and Web Scraping mechanisms for data aggregation. The results clearly show that numerous artifacts may be recoverable, and that the tested web platforms pose serious privacy threats

EviHunter: Identifying Digital Evidence in the Permanent Storage of Android Devices via Static Analysis

Crimes, both physical and cyber, increasingly involve smartphones due to their ubiquity. Therefore, digital evidence on smartphones plays an increasingly important role in crime investigations. Digital evidence could reside in the memory and permanent storage of a smartphone. While we have witnessed significant progresses on memory forensics recently, identifying evidence in the permanent storage is still an underdeveloped research area. Most existing studies on permanent-storage forensics rely on manual analysis or keyword-based scanning of the permanent storage. Manual analysis is costly, while keyword matching often misses the evidentiary data that do not have interesting keywords. In this work, we develop a tool called EviHunter to automatically identify evidentiary data in the permanent storage of an Android device. There could be thousands of files on the permanent storage of a smartphone. A basic question a forensic investigator often faces is which files could store evidentiary data. EviHunter aims to answer this question. Our intuition is that the evidentiary data were produced by apps; and an app's code has rich information about the types of data the app may write to a permanent storage and the files the data are written to. Therefore, EviHunter first pre-computes an App Evidence Database (AED) via static analysis of a large number of apps. The AED includes the types of evidentiary data and files that store them for each app. Then, EviHunter matches the files on a smartphone's permanent storage against the AED to identify the files that could store evidentiary data. We evaluate EviHunter on benchmark apps and 8,690 real-world apps. Our results show that EviHunter can precisely identify both the types of evidentiary data and the files that store them

Forensic analysis of open-source XMPP multi-client social networking apps on iOS devices

In this paper, we present forensic analysis of Monal and Siskin IM, two decentralized open-source XMPP multi-client social networking apps on iOS devices that provide anonymity and privacy using OMEMO end-to-end encryption. We identified databases maintained by each app and storage locations within the iOS file system that stores the local copies of user information and metadata. We analyzed the databases and storage locations for evidential data of forensic value. The results in this paper show a detailed analysis and correlation of data stored in each app's database to identify the local user's multiple IM accounts and contact list, contents of messages exchanged with contacts, and chronology of conversations. The focus and main contributions of this study include a detailed description of artifacts of forensic interest that can be used to aid mobile forensic investigations

Integrated examination and analysis model for improving mobile cloud forensic investigation

Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the casespecific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud Investigation (MCI) encounters many research issues in tracing and fine-tuning the relevant evidential artifacts from the MCC environment. This research proposes an integrated Examination and Analysis (EA) model for a generalised application architecture of CMA deployable on the public cloud to trace the case-specific evidential artifacts. The proposed model effectively validates MCI and enhances the accuracy and speed of the investigation. In this context, proposing Forensic Examination and Analysis Methodology using Data mining (FED) and Forensic Examination and analysis methodology using Data mining and Optimization (FEDO) models address these issues. The FED incorporates key sub-phases such as timeline analysis, hash filtering, data carving, and data transformation to filter out case-specific artifacts. The Long Short-Term Memory (LSTM) assisted forensic methodology decides the amount of potential information to be retained for further investigation and categorizes the forensic evidential artifacts for the relevancy of the crime event. Finally, the FED model constructs the forensic evidence taxonomy and maintains the precision and recall above 85% for effective decision-making. FEDO facilitates cloud evidence by examining the key features and indexing the evidence. The FEDO incorporates several sub-phases to precisely handle the evidence, such as evidence indexing, crossreferencing, and keyword searching. It analyses the temporal and geographic information and performs cross-referencing to fine-tune the evidence towards the casespecific evidence. FEDO models the Linearly Decreasing Weight (LDW) strategy based Particle Swarm Optimization (PSO) algorithm on the case-specific evidence to improve the searching capability of the investigation across the massive MCC environment. FEDO delivers the evidence tracing rate at 90%, and thus the integrated EA ensures improved MCI performance

Contribuciones al análisis forense de evidencias digitales procedentes de aplicaciones de mensajería instantánea

La continua evolución de las Tecnologías de la Información y Comunicaciones está propiciando que cada vez más, nos encontremos ante una sociedad más interconectada, permitiendo el intercambio inmediato de información digital desde casi cualquier lugar del planeta. Desde el punto de vista de las ciencias forenses, como ciencia que estudia los elementos recolectados en la escena de un crimen, el nacimiento y la rápida evolución de las TICs implica que las ciencias forenses deban adaptarse continuamente a esta evolución, investigando nuevos métodos científicos de análisis que permitan la resolución de los hechos delictivos a través de medios digitales. El uso que se realiza en concreto de las aplicaciones de intercambio de información en la comisión de hechos delictivos implica que éstas deban ser objeto de un análisis forense minucioso, a partir del cual identificar, recuperar y extraer toda aquella información relativa con el hecho investigado, manteniendo en todo momento el valor probatorio de la misma. La Tesis con el título La Tesis con el título CONTRIBUCIONES AL ANÁLISIS FORENSE DE EVIDENCIAS DIGITALES PROCEDENTES DE APLICACIONES DE MENSAJERÍA INSTANTÁNEA lleva a cabo la investigación de la evolución de las aplicaciones de mensajería instantánea y su impacto en el ámbito de las ciencias forenses. La investigación realizada pretende reseñar la transformación de este tipo de aplicaciones en cuando a los diferentes métodos de acceso e infinidad de funcionalidades ofrecidas a sus usuarios. Así mismo se persigue contribuir de forma directa en los métodos científicos utilizados en el análisis forense que se vienen realizando sobre las aplicaciones de mensajería instantánea, medio de prueba principal en multitud de procesos judiciales. Esta Tesis expondrá el estado actual de los procesos utilizados tanto en el proceso de adquisición como en el proceso de análisis de las aplicaciones de mensajería instantánea, así como las diferentes problemáticas a las que se enfrenta el especialista forense digital en el análisis forense de este tipo de aplicaciones. Se desarrollará una metodología específica para el análisis forense de las aplicaciones de mensajería instantánea, suma de diversos métodos de estudios, la cual permitirá identificar, decodificar e interpretar la información generada por este tipo de aplicaciones con independencia del dispositivo electrónico, sistema operativo o aplicación analizada. A partir de los tres métodos de estudio incluidos en la metodología propuesta, se pretende verificar y validar la integridad de la información extraída más allá del uso generalizado de soluciones forenses comerciales. Por último, se expondrán los resultados y conclusiones obtenidas de aplicar la metodología de análisis forense propuesta en esta investigación sobre alguno de los clientes de las principales aplicaciones de mensajería instantánea que existen en la actualidad

Introductory Computer Forensics

INTERPOL (International Police) built cybercrime programs to keep up with emerging cyber threats, and aims to coordinate and assist international operations for ?ghting crimes involving computers. Although signi?cant international efforts are being made in dealing with cybercrime and cyber-terrorism, ?nding effective, cooperative, and collaborative ways to deal with complicated cases that span multiple jurisdictions has proven dif?cult in practic