Facilitating Forensics in the Mobile Millennium through Proactive Enterprise Security

This work explores the impact of the emerging mobile communication device paradigm on the security-conscious enterprise, with regard to providing insights for proactive Information Assurance and facilitation of eventual Forensic analysis. Attention is given to technology evolution in the areas of best practices, attack vectors, software and hardware performance, access and activity monitoring, and architectural models. Keywords: Forensics, enterprise security, mobile communication, best practices, attack vectors

Simulasi Analisis Bukti Digital Aplikasi Skype Berbasis Android menggunakan NIST SP 800-101 R1

Penggunaan aplikasi Skype terus meningkat, menyetujui penambahan kriminal berdasarkan pengiriman pesan instan. Fitur keamanan data dalam aplikasi skype yang dirancang untuk melindungi privasi pengguna, dapat disalahgunakan oleh perlindungan untuk kepemilikan bukti digital dari aktivitas kriminal. Hasil percobaan dalam penelitian ini mengumumkan skenario, setelah skenario 1 - 9, bukti digital masih dapat ditemukan dan dilengkapi dengan data pendukung yang disimpan pada basis data aplikasi Skype. Setelah skenario 10, informasi kontak yang diblokir masih ditemukan, dan skenario 11 (hapus kontak) masih ditemukan bukti digital yang ditemukan dalam basis data aplikasi Skype. Skenario 11-12 adalah kegiatan yang dapat menghilangkan bukti digital.Penelitian ini mendukung untuk menganalisa bukti digital dari aplikasi skype pada smartphone berbasis android. Proses analisis dilakukan pada bukti digital dari 14 skenario simulasi menggunakan fitur aplikasi yang disarankan disalahgunakan menjadi kejahatan. Teknik perolehan data menggunakan metode pencitraan fisik untuk mendapatkan akses memori yang dipenuhi smartphone.Informasi pesan dan log panggilan yang dibatalkan pada aplikasi Skype memiliki peluang kecil untuk dipulihkan. Sementara skenario 14, masih menyisakan file media seperti video, pesan suara, gambar, dan document.pdf, sementara topik pesan dan penelusuran tidak ditemukan

Privacy Risks in Mobile Dating Apps

Dating apps for mobile devices, one popular GeoSocial app category, are growing increasingly popular. These apps encourage the sharing of more personal information than conventional social media apps, including continuous location data. However, recent high profile incidents have highlighted the privacy risks inherent in using these apps. In this paper, we present a case study utilizing forensic techniques on nine popular proximity-based dating apps in order to determine the types of data that can be recovered from user devices. We recover a number of data types from these apps that raise concerns about user privacy. For example, we determine that chat messages could be recovered in at least half of the apps examined and, in some cases, the details of any users that had been discovered nearby could also be extracted

Integrated examination and analysis model for improving mobile cloud forensic investigation

Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the casespecific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud Investigation (MCI) encounters many research issues in tracing and fine-tuning the relevant evidential artifacts from the MCC environment. This research proposes an integrated Examination and Analysis (EA) model for a generalised application architecture of CMA deployable on the public cloud to trace the case-specific evidential artifacts. The proposed model effectively validates MCI and enhances the accuracy and speed of the investigation. In this context, proposing Forensic Examination and Analysis Methodology using Data mining (FED) and Forensic Examination and analysis methodology using Data mining and Optimization (FEDO) models address these issues. The FED incorporates key sub-phases such as timeline analysis, hash filtering, data carving, and data transformation to filter out case-specific artifacts. The Long Short-Term Memory (LSTM) assisted forensic methodology decides the amount of potential information to be retained for further investigation and categorizes the forensic evidential artifacts for the relevancy of the crime event. Finally, the FED model constructs the forensic evidence taxonomy and maintains the precision and recall above 85% for effective decision-making. FEDO facilitates cloud evidence by examining the key features and indexing the evidence. The FEDO incorporates several sub-phases to precisely handle the evidence, such as evidence indexing, crossreferencing, and keyword searching. It analyses the temporal and geographic information and performs cross-referencing to fine-tune the evidence towards the casespecific evidence. FEDO models the Linearly Decreasing Weight (LDW) strategy based Particle Swarm Optimization (PSO) algorithm on the case-specific evidence to improve the searching capability of the investigation across the massive MCC environment. FEDO delivers the evidence tracing rate at 90%, and thus the integrated EA ensures improved MCI performance

Forensic analysis of open-source XMPP multi-client social networking apps on iOS devices

In this paper, we present forensic analysis of Monal and Siskin IM, two decentralized open-source XMPP multi-client social networking apps on iOS devices that provide anonymity and privacy using OMEMO end-to-end encryption. We identified databases maintained by each app and storage locations within the iOS file system that stores the local copies of user information and metadata. We analyzed the databases and storage locations for evidential data of forensic value. The results in this paper show a detailed analysis and correlation of data stored in each app's database to identify the local user's multiple IM accounts and contact list, contents of messages exchanged with contacts, and chronology of conversations. The focus and main contributions of this study include a detailed description of artifacts of forensic interest that can be used to aid mobile forensic investigations