Forensic Acquisition of IMVU: A Case Study

There are many applications available for personal computers and mobile devices that facilitate users in meeting potential partners. There is, however, a risk associated with the level of anonymity on using instant message applications, because there exists the potential for predators to attract and lure vulnerable users. Today Instant Messaging within a Virtual Universe (IMVU) combines custom avatars, chat or instant message (IM), community, content creation, commerce, and anonymity. IMVU is also being exploited by criminals to commit a wide variety of offenses. However, there are very few researches on digital forensic acquisition of IMVU applications. In this paper, we discuss first of all on challenges of IMVU forensics. We present a forensic acquisition of an IMVU 3D application as a case study. We also describe and analyse our experiments with this application

Forensic Acquisition of IMVU: A Case Study

There are many applications available for personal computers and mobile devices that facilitate users in meeting potential partners. There is, however, a risk associated with the level of anonymity on using instant message applications, because there exists the potential for predators to attract and lure vulnerable users. Today Instant Messaging within a Virtual Universe (IMVU) combines custom avatars, chat or instant message (IM), community, content creation, commerce, and anonymity. IMVU is also being exploited by criminals to commit a wide variety of offenses. However, there are very few researches on digital forensic acquisition of IMVU applications. In this paper, we discuss first of all on challenges of IMVU forensics. We present a forensic acquisition of an IMVU 3D application as a case study. We also describe and analyse our experiments with this application

Simulasi Analisis Bukti Digital Aplikasi Skype Berbasis Android menggunakan NIST SP 800-101 R1

Penggunaan aplikasi Skype terus meningkat, menyetujui penambahan kriminal berdasarkan pengiriman pesan instan. Fitur keamanan data dalam aplikasi skype yang dirancang untuk melindungi privasi pengguna, dapat disalahgunakan oleh perlindungan untuk kepemilikan bukti digital dari aktivitas kriminal. Hasil percobaan dalam penelitian ini mengumumkan skenario, setelah skenario 1 - 9, bukti digital masih dapat ditemukan dan dilengkapi dengan data pendukung yang disimpan pada basis data aplikasi Skype. Setelah skenario 10, informasi kontak yang diblokir masih ditemukan, dan skenario 11 (hapus kontak) masih ditemukan bukti digital yang ditemukan dalam basis data aplikasi Skype. Skenario 11-12 adalah kegiatan yang dapat menghilangkan bukti digital.Penelitian ini mendukung untuk menganalisa bukti digital dari aplikasi skype pada smartphone berbasis android. Proses analisis dilakukan pada bukti digital dari 14 skenario simulasi menggunakan fitur aplikasi yang disarankan disalahgunakan menjadi kejahatan. Teknik perolehan data menggunakan metode pencitraan fisik untuk mendapatkan akses memori yang dipenuhi smartphone.Informasi pesan dan log panggilan yang dibatalkan pada aplikasi Skype memiliki peluang kecil untuk dipulihkan. Sementara skenario 14, masih menyisakan file media seperti video, pesan suara, gambar, dan document.pdf, sementara topik pesan dan penelusuran tidak ditemukan

Digital Forensic Acquisition and Analysis of Discord Applications

Digital forensic analyses are being applied to a variety of domains as the scope and potential of digital evidence available is vast. The importance of forensic analyses of web-based devices and tools is increasing, coinciding with the rise in online criminal activity. Discord - an application that allows text, image, video, and audio communication using VoIP - has become increasingly popular and is consequently subject to increased use by cybercriminals. While researching Discord servers and forensic artefacts, it is apparent that there is limited literature and experimentation in this domain. This paper presents our research into digital forensic analyses of Discord client-side artefacts and presents DiscFor, a novel tool designed for the extraction, analysis, and presentation of Discord data in a forensically sound manner. DiscFor creates a safe copy of said data, presenting the current cache state and converting data files into a readable format

Discord Server Forensics: Analysis and Extraction of Digital Evidence

In recent years we can observe that digital forensics is being applied to a variety of domains as nearly any data can become valuable forensic evidence. The sheer scope of web-based investigations provides a vast amount of information. Due to a rapid increase in the number of cybercrimes the importance of application-specific forensics is greater than ever. Criminals use the application not only to communicate but also to facilitate crimes. It came to our attention that the gaming chat application Discord is one of them. Discord allows its users to send text messages as well as exchange image, video, and audio files. While Discord’s community is not as large as that of the most popular messaging apps the stable growth of its userbase and recent incidents indicate that it is used by criminals. This paper presents our research into the digital forensic analysis of Discord client-side artefacts and presents experimental development of a tool for extraction, analysis, and presentation of the data from Discord application. The work then proposes a solution in form of a tool, ‘DiscFor’, that can retrieve information from the application’s local files and cache storage

Mobile forensics : analysis of the messaging application Signal.

This study reviewed if there are ways to recover messages, image, videos, and call logs within the mobile application Signal, developed by Open Whisper Systems. The purpose of this study was to research the data recovery as fact or fiction, while providing which tools and extraction methods produced more accurate results. Further research was needed to explore data recovered from an Android mobile device compared to an iOS mobile device. The forensic tools used to conduct this research included UFED 4PC (Universal Forensic Extraction Device), version 6.3.1.477 with an internal build version 4.7.1.477 and UFED Physical Analyzer version 6.3.11.36, developed by Cellebrite. The study also compared the results using Cellebrite to three different open source tools, iPhone Analyzer, iExplorer, and Autopsy. The meaning of open source can be a tool or program that is designed for specific tasks, yet the source code is openly published to the public. These tools or programs are free of charge unless the user opts to pay for the expanded versions. Overall, the results were dependent on the make and model of the mobile devices. Out of four different types of mobile devices, only one device produced viable results when it came to the Signal Application. The physical extraction from UFED 4PC and Physical Analyzer on the Android ZTE Z993 device was able to recover an abundant amount of data. The other three devices produced minimal results only showing the installation of the application, but no real message data using the UFED 4PC version 6.3.1.477 and UFED Physical Analyzer version 6.3.11.36 software. The three open source software, iPhone Analyzer, iExplorer, and Autopsy also produced minimal results with the exception of the Android ZTE Z993 device. Autopsy free version was able to parse the data missed by the Cellebrite commercial tools and recover some of the missing images within messages sent inside of the Signal Application