Google and Facebook Data Retention and Location Tracking through Forensic Cloud Analysis

Mobile devices have hardware and software components that record large amounts of data. Some of the data is apparent to the device owner, some is discarded quickly, and some is hidden from the person using the device. For this study, the researchers used an Android smartphone as a typical user, carrying the device throughout the day, using Facebook and Google applications. Then the smartphone was analyzed using mobile forensic techniques and software. The investigation revealed security and privacy concerns. The researchers were able to retrieve social interactions, pictures, documents, and other personal attributes stored on the device. The most interesting find was location tracking information. This Android phone logged and stored location data when the researcher had location services enabled, but it also continued to collect and store location information after turning location services off. Within Google Maps, the sub-feature called Google Timeline, tracked location, date, and time as long as the phone was powered on. These findings will increase awareness for mobile devices users and may lead to more consumer-centric privacy settings in mobile operating systems

Network and device forensic analysis of Android social-messaging applications

In this research we forensically acquire and analyze the device-stored data and network traffic of 20 popular instant messaging applications for Android. We were able to reconstruct some or the entire message content from 16 of the 20 applications tested, which reflects poorly on the security and privacy measures employed by these applications but may be construed positively for evidence collection purposes by digital forensic practitioners. This work shows which features of these instant messaging applications leave evidentiary traces allowing for suspect data to be reconstructed or partially reconstructed, and whether network forensics or device forensics permits the reconstruction of that activity. We show that in most cases we were able to reconstruct or intercept data such as: passwords, screenshots taken by applications, pictures, videos, audio sent, messages sent, sketches, profile pictures and more

Mobile Forensic of Vaccine Hoaxes on Signal Messenger using DFRWS Framework

The COVID-19 pandemic is one of the factors that has increased the use of social media. One of the negative impacts of using social media is the occurrence of cybercrime. The possibility of cybercrime can also happen on one of the social media platforms, such as the Signal Messenger application. In the investigation process, law enforcement needs mobile forensic methods and appropriate forensic tools so that the digital evidence found on the perpetrator's smartphone can be accepted by the court. This research aims to get digital evidence from cases of spreading the COVID-19 vaccine hoaxes. The method used in this research is a mobile forensics method based on the Digital Forensic Research Workshop (DFRWS) framework. The DFRWS framework consists of identification, preservation, collection, examination, analysis, and preservation. The results showed that the MOBILedit tool could reveal digital evidence in the form of application information and contact information with a performance value of 22.22%. Meanwhile, Magnet AXIOM cannot reveal digital evidence at all. The research results were obtained following the expected research objectives

Digital Forensic Analysis of Telegram Messenger App in Android Virtual Environment

The paper provides an in-depth analysis of the artifacts generated by the Telegram Messenger application on Android OS which provides secure communications between individuals, groups, and channels. Since the past few years, the application went through major changes and updates and the latest version’s artifacts varied from the previous ones. Our methodology is based on the set of experiments designed to generate the artifacts from various use cases on the virtualized environment. The acquired artifacts such as messages, their location, and data structure how they relate to one another were studied and were then compared to the older versions. By correlating the artifacts of newer version with the older ones, it shows how the application have been upgraded behind the scenes and by incorporating those results can provide investigators better understanding and insight for the certain evidence in a potential cybercrime case

Data Extraction and Forensic Analysis for Smartphone Paired Wearables and IoT Devices

Wearable devices and Internet of Things (IoT) devices have marked the beginning of a new era in forensic science. Data from smart home gadgets and wearable devices can serve as an important witness in civil as well as criminal cases. Thus data extracted from these devices has started to impact and transform litigation. Data collected from wearable devices can help determine truths in witness testimony since these devices document several types of activities of an individual at all times. Increased use of smart home devices also opens a new window for investigators. The collective data extracted from wearables and smart home devices can help investigators view the detailed events that have happened in an environment in a larger context, and give them better perspectives in the case under investigation. Our work aims to provide a solution to the challenges faced by the investigators in both extracting and analyzing the sheer volume of extracted data, and illustrates techniques to automatically highlight anomalies and correlations in the time series data collected from these devices

Comparative Evaluation of Mobile Forensic Tools

The rapid rise in the technology today has brought to limelight mobile devices which are now being used as a tool to commit crime. Therefore, proper steps need to be ensured for Confidentiality, Integrity, Authenticity and legal acquisition of any form of digital evidence from the mobile devices. This study evaluates some mobile forensic tools that were developed mainly for mobile devices memory and SIM cards. An experiment was designed with five android phones with different Operating System. Four tools were used to find out the capability and efficiency of the tools when used on the sampled phones. This would help the forensic investigator to know the type of tools that will be suitable for each phone to be investigated for acquiring digital evidence. The evaluation result showed that AccessData FTK imager and Paraben device seizure performs better than Encase and Mobiledit. The experimental result shows that, Encase could detect the unallocated space on the mobile deice but could retrieve an deleted data