User relationship classification of facebook messenger mobile data using WEKA

© Springer Nature Switzerland AG 2018. Mobile devices are a wealth of information about its user and their digital and physical activities (e.g. online browsing and physical location). Therefore, in any crime investigation artifacts obtained from a mobile device can be extremely crucial. However, the variety of mobile platforms, applications (apps) and the significant size of data compound existing challenges in forensic investigations. In this paper, we explore the potential of machine learning in mobile forensics, and specifically in the context of Facebook messenger artifact acquisition and analysis. Using Quick and Choo (2017)’s Digital Forensic Intelligence Analysis Cycle (DFIAC) as the guiding framework, we demonstrate how one can acquire Facebook messenger app artifacts from an Android device and an iOS device (the latter is, using existing forensic tools. Based on the acquired evidence, we create 199 data-instances to train WEKA classifiers (i.e. ZeroR, J48 and Random tree) with the aim of classifying the device owner’s contacts and determine their mutual relationship strength

Investigating social networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on android and iOS platforms

The rapid growth in usage and application of Social Networking (SN) platforms make them a potential target by cyber criminals to conduct malicious activities such as identity theft, piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. Many SN platforms are extending their services to mobile platforms, making them an important source of evidence in cyber investigation cases. Therefore, understanding the types of potential evidence of users’ SN activities available on mobile devices is crucial to forensic investigation and research. In this paper, we examine four popular SN applications: Facebook, Twitter, LinkedIn and Google+, on Android and iOS platforms, to detect remnants of users’ activities that are of forensic interest. We detect a variety of artefacts (e.g. usernames, passwords, login information, personal information, uploaded posts, exchanged messages and uploaded comments from SN applications) that could facilitate a criminal investigation