Performance measurement for mobile forensic data acquisition in Firefox OS

Mozilla Corporation has recently released a Linux-based open source operating system, namely Firefox OS. The arrival of this Firefox OS has created new challenges, concentrations and opportunities for digital investigators. Currently, Firefox OS is still not fully supported by most of the existing mobile forensic tools. Even when the phone is detected as Android, only pictures from removable memory was able to be captured. Furthermore, the internal data acquisition is still not working. Therefore, there are very huge opportunities to explore the Firefox OS on every stages of mobile forensic procedures. This paper will present an approach for mobile forensic data acquisition in a forensically sound manner from a Firefox OS running device. This approach will largely use the UNIX dd command to create a forensic image from the Firefox OS running device. Apart from that, performance measurement will be made to find the best block size for acquisition process in Firefox OS

Mobile forensic data acquisition in Firefox OS

Mozilla Corporation has recently released a Linux-based open source operating system, namely Firefox OS. The arrival of this Firefox OS has created new challenges, concentrations and opportunities for digital investigators. Currently, Firefox OS is still not fully supported by most of the existing mobile forensic tools. Even when the phone is detected as Android, only pictures from removable card was able to be captured. Furthermore, the internal data acquisition is still not working. Therefore, there are very huge opportunities to explore the Firefox OS on every stages of mobile forensic procedures. This paper will present an approach for mobile forensic data acquisition in a forensically sound manner from a Firefox OS running device. This approach will largely use the UNIX dd command to create a forensic image from the Firefox OS running device

Digital forensic analysis of the private mode of browsers on Android

The smartphone has become an essential electronic device in our daily lives. We carry our most precious and important data on it, from family videos of the last few years to credit card information so that we can pay with our phones. In addition, in recent years, mobile devices have become the preferred device for surfing the web, already representing more than 50% of Internet traffic. As one of the devices we spend the most time with throughout the day, it is not surprising that we are increasingly demanding a higher level of privacy. One of the measures introduced to help us protect our data by isolating certain activities on the Internet is the private mode integrated in most modern browsers. Of course, this feature is not new, and has been available on desktop platforms for more than a decade. Reviewing the literature, one can find several studies that test the correct functioning of the private mode on the desktop. However, the number of studies conducted on mobile devices is incredibly small. And not only is it small, but also most of them perform the tests using various emulators or virtual machines running obsolete versions of Android. Therefore, in this paper we apply the methodology we presented in a previous work to Google Chrome, Brave, Mozilla Firefox, and Tor Browser running on a tablet with Android 13 and on two virtual devices created with Android Emulator. The results confirm that these browsers do not store information about the browsing performed in private mode in the file system. However, the analysis of the volatile memory made it possible to recover the username and password used to log in to a website or the keywords typed in a search engine, even after the devices had been rebootedThis work has received financial support from the Consellería de Cultura, Educación e Ordenación Universitaria of the Xunta de Galicia (accreditation 2019- 2022 ED431G-2019/04, reference competitive group 2022-2024, ED431C 2022/16) and the European Regional Development Fund (ERDF), which acknowledges the CiTIUS-Research Center in Intelligent Technologies of the University of Santiago de Compostela as a Research Center of the Galician University System. This work was also supported by the Ministry of Economy and Competitiveness, Government of Spain (Grant No. PID2019-104834 GB-I00). X. Fernández-Fuentes is supported by the Ministerio de Universidades, Spain under the FPU national plan (FPU18/04605)S

Forensic investigation of cooperative storage cloud service: Symform as a case study

Researchers envisioned Storage as a Service (StaaS) as an effective solution to the distributed management of digital data. Cooperative storage cloud forensic is relatively new and is an under-explored area of research. Using Symform as a case study, we seek to determine the data remnants from the use of cooperative cloud storage services. In particular, we consider both mobile devices and personal computers running various popular operating systems, namely Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04.1 LTS, iOS 7.1.2, and Android KitKat 4.4.4. Potential artefacts recovered during the research include data relating to the installation and uninstallation of the cloud applications, log-in to and log-out from Symform account using the client application, file synchronization as well as their time stamp information. This research contributes to an in-depth understanding of the types of terrestrial artifacts that are likely to remain after the use of cooperative storage cloud on client devices

Investigating and analyzing the web-based contents on Chinese Shanzhai mobile phones

Chinese Shanzhai mobile phone has had a huge commercial market in China and overseas and was found to be involved in criminal cases. In this paper, a MTK-based Shanzhai phone with private web browser was investigated to extract user's web browsing data in the form of sites visited, received emails, attempted Internet searches and etc. Based on the findings, extracting Internet search conducted and web email received from the binary image was demonstrated. Besides, deleted browsing history can be recovered from snapshots in memory help reconstruct user's browsing activity and timeline analysis.postprintThe 7th International Workshop on Systematic Approaches to Digital Forensic Engineering (IEEE/SADFE 2012), Vancouver, BC., 26-28 September 2012, p. 1297-130

Web Browser Private Mode Forensics Analysis

To maintain privacy of the end consumers the browser vendors provide a very good feature on the browser called the Private Mode . As per the browser vendors, the Private Mode ensures Cookies, Temporary Internet Files, Webpage history, Form data and passwords, Anti-phishing cache, Address bar and search AutoComplete, Automatic Crash Restore (ACR) and Document Object Model (DOM) storage information is not stored on the system [45]. To put to test the browser vendors claim, I had setup a test to confirm the claims. During the first test the file system was monitored for all reads and writes. On the second test the image of the RAM was taken after the browser was used in private mode. The image was analyzed to check if the RAM contained any data related to the user browsing. The browsers chosen to perform this test were: Internet Explorer, Firefox, Google Chrome and Safari. During the file system monitoring analysis for the browsers in private mode it was found that Google Chrome and Firefox didn\u27t write any data on the file system. Safari wrote data on just a single file called WebpageIcons.db . Internet Explorer wrote browsing data on the file system and then deleted it. This data can be recovered using any recovery tool such as Recuva. During the memory dump based analysis for the browsers in private mode, it was found that browser data was recoverable for all the browsers. Therefore from data privacy perspective Google Chrome and Firefox are safer to use than Safari and Internet Explorer

Secure portable execution and storage environments: A capability to improve security for remote working

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing security risks are researched. This research explores the use of secure portable execution and storage environments (secure PESEs) to improve information security for the remote work categories of telework, and mobile and deployed working. This thesis with publication makes an original contribution to improving remote work information security through the development of a body of knowledge (consisting of design models and design instantiations) and the assertion of a nascent design theory. The research was conducted using design science research (DSR), a paradigm where the research philosophies are grounded in design and construction. Following an assessment of both the remote work information security issues and threats, and preparation of a set of functional requirements, a secure PESE concept was defined. The concept is represented by a set of attributes that encompass the security properties of preserving the confidentiality, integrity and availability of the computing environment and data. A computing environment that conforms to the concept is considered to be a secure PESE, the implementation of which consists of a highly portable device utilising secure storage and an up-loadable (on to a PC) secure execution environment. The secure storage and execution environment combine to address the information security risks in the remote work location. A research gap was identified as no existing ‘secure PESE like’ device fully conformed to the concept, enabling a research problem and objectives to be defined. Novel secure storage and execution environments were developed and used to construct a secure PESE suitable for commercial remote work and a high assurance secure PESE suitable for security critical remote work. The commercial secure PESE was trialled with an existing telework team looking to improve security and the high assurance secure PESE was trialled within an organisation that had previously vetoed remote working due to the sensitivity of the data it processed. An evaluation of the research findings found that the objectives had been satisfied. Using DSR evaluation frameworks it was determined that the body of knowledge had improved an area of study with sufficient evidence generated to assert a nascent design theory for secure PESEs. The thesis highlights the limitations of the research while opportunities for future work are also identified. This thesis presents ten published papers coupled with additional doctoral research (that was not published) which postulates the research argument that ‘secure PESEs can be used to manage information security risks within the remote work environment’

Overcoming Forensic Implications with Enhancing Security in iOS

As the decades passed, smartphones have come to their greatest inventions. But their history has more than 2500 years starting from a basic thing of strings and beads, i.e. from the Abacus to the latest of our present iPhone. With every special invention in this area brought people together socially over the internet. This, in turn, raised the alarm for having secured communication. With these devices getting popular, development in the technology to enhance the security features in those devices has also been increasing. These advancements have brought Apple operating system (IOS) into light. These devices are one step ahead of all other smartphones regarding storage by having space for storing emails, GPS data and many more. This feature of storage has a major advantage in conducting forensics for investigation purposes. In this research, I performed data acquisition on iPhones with two different OS versions using various forensic tools and then compare the forensic implications with variant security features. I analyzed the forensic implications with enhancements in security and iPhone operating systems over the years. I also used to software to break the iPhone passcode which is the major forensic implication caused

Insight:an application of information visualisation techniques to digital forensics investigations

As digital devices are becoming ever more ubiquitous in our day to day lives, more of our personal information and behavioural patterns are recorded on these devices. The volume of data held on these devices is substantial, and people investigating these datasets are facing growing backlog as a result. This is worsened by the fact that many software tools used in this area are text based and do not lend themselves to rapid processing by humans.This body of work looks at several case studies in which these datasets were visualised in attempt to expedite processing by humans. A number of different 2D and 3D visualisation methods were trialled, and the results from these case studies fed into the design of a final tool which was tested with the assistance of a group of individuals studying Digital Forensics.The results of this research show some encouraging results which indicate visualisation may assist analysis in some aspects, and indicates useful paths for future work