Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

2017 ◽  
Vol 2 (11) ◽  
pp. 8-16
Author(s):  
Moses Ashawa ◽  
Innocent Ogwuche
Keyword(s):  
Mobile Phones ◽  
Instant Messaging ◽  
Data Extraction ◽  
Digital Evidence ◽  
Cyber Attack ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Proportional Increase ◽  
Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

scholarly journals Comparative analysis of Forensic Tools on Twitter applications using the DFRWS method

2020 ◽  
Vol 4 (5) ◽  
pp. 829-836
Author(s):  
Ikhsan Zuhriyanto ◽  
Anton Yudhana ◽  
Imam Riadi
Keyword(s):  
Social Media ◽  
Hate Speech ◽  
Smartphone Application ◽  
Digital Evidence ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Research Workshop ◽  
The Social ◽  
Forensic Tools ◽  
Media Applications

Current crime is increasing, one of which is the crime of using social media, although no crime does not leave digital evidence. Twitter application is a social media that is widely used by its users. Acts of crime such as fraud, insults, hate speech, and other crimes lately use many social media applications, especially Twitter. This research was conducted to find forensic evidence on the social media Twitter application that is accessed using a smartphone application using the Digital Forensics Research Workshop (DFRWS) method. These digital forensic stages include identification, preservation, collection, examination, analysis, and presentation in finding digital evidence of crime using the MOBILedit Forensic Express software and Belkasoft Evidence Center. Digital evidence sought on smartphones can be found using case scenarios and 16 variables that have been created so that digital proof in the form of smartphone specifications, Twitter accounts, application versions, conversations in the way of messages and status. This study's results indicate that MOBILedit Forensic Express digital forensic software is better with an accuracy rate of 85.75% while Belkasoft Evidence Center is 43.75%.

Akuisisi Bukti Digital Viber Messenger Android Menggunakan Metode National Institute of Standards and Technology (NIST)

2021 ◽  
Vol 5 (1) ◽  
pp. 45-54
Author(s):  
Imam Riadi ◽  
Rusydi Umar ◽  
Muhammad Irwan Syahib
Keyword(s):  
Extraction Process ◽  
Text Messages ◽  
Digital Evidence ◽  
Digital Forensic ◽  
Digital Crime ◽  
The World ◽  
Instant Messenger ◽  
Negative Impacts ◽  
Forensic Tools ◽  
Voice Calls

Viber is one of the most popular social media in the Instant Messenger application category that can be used to send text messages, make voice calls, send picture messages and video messages to other users. As many as 260 million people around the world have used this application. Increasing the number of viber users certainly brings positive and negative impacts, one of the negative impacts of this application is the use of digital forensic crime. This research simulates and removes digital crime evidence from the viber application on Android smartphones using the National Institute of Standards Technology (NIST) method, which is a method that has work guidelines on forensic policy and process standards to ensure each investigator follows the workflow the same so that their work is documented and the results can be accounted for. This study uses three forensic tools, MOBILedit Forensic Express, Belkasoft and Autopsy. The results in this study show that MOBILedit Forensic Express gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. Belkasoft gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. For Autopsy does not give the expected results in the extraction process, in other words the Autopsy application gives zero results. It can be concluded that MOBILedit Forensic Express and Belkasoft have a good performance compared to Autopsy and thus this research has been completed and succeeded in accordance with the expected goals.

Forensic Analysis of Telegram Desktop-based Applications using the National Institute of Justice (NIJ) Method

2020 ◽  
Vol 8 (4) ◽  
pp. 381
Author(s):  
I Gusti Ngurah Guna Wicaksana ◽  
I Ketut Gede Suhartana
Keyword(s):  
Instant Messaging ◽  
Personal Information ◽  
Forensic Analysis ◽  
Criminal Cases ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
National Institute Of Justice ◽  
Evidence Analysis ◽  
The Media ◽  
Log File

Abstract The development of telecommunications has increased very rapidly since the internet-based instant messaging service has spread rapidly to Indonesia. Telegram application is one of the growing and well-known application services in Indonesia, Desktop or smartphone-based Telegram applications, it is very possible to use digital crimes by using services, user personal information, or by hacking the Telegram application. This study explains the stages of investigation of cybercrime cases that occurred in desktop-based telegram. The method used for this research refers to the stage of investigation that was carried out in previous studies, namely using the National Institute of Justice (NIJ) method with the stages of the preparation stage, the collection stage, the examination stage, the analysis stage, and the reporting stage. The media used in this study is a desktop-based Telegram application that is synchronized with an Android-based Telegram. In this process, the location of the log file, cache, and digital proof image file was obtained in the conversation of a desktop-based Telegram application. Digital forensic evidence obtained is expected to strengthen evidence of criminal cases in court in the form of digital evidence analysis results. Keywords: Telecommunications, Digital Forensic, Telegram, Investigation, Cybercrime

scholarly journals Live Forensics Analysis of Line App on Proprietary Operating System

2019 ◽  
pp. 305-314
Author(s):  
Imam Riadi ◽  
Sunardi Sunardi ◽  
Muhamad Ermansyah Rauli
Keyword(s):  
Operating System ◽  
Random Access ◽  
Digital Evidence ◽  
Negative Effects ◽  
Access Memory ◽  
Digital Forensic ◽  
Instant Messenger ◽  
Forensic Tools ◽  
Live Forensics ◽  
Analyze Data

 The development of computer technology is increasing rapidly. This has positive and negative effects. One of the negative effects that occurred was the use of Line applications to conduct online shop fraud. Line is one of the instant messenger applications that can be used on computers, especially on Windows 8.1 operating system computers. Applications that run on the computer leave traces of data on Random Access Memory (RAM). Data left in RAM can be obtained using digital forensic techniques, namely live forensics which is used when the computer is running and connected to the internet. This study aims to find digital evidence regarding cases of online shop fraud using the National Institute of Standards and Technology (NIST) method. Digital evidence can be obtained using forensic tools, namely RamCapturer, FTK Imager and Winhex. RamCapturer is used to acquire data in RAM, FTK Imager is used for imaging and Winhex is used to analyze data that has been taken. The results obtained in this study were conversational recordings consisting of conversation time, conversation content and conversation status which could be digital evidence in uncovering the online shop fraud crime that occurred.

Digital Forensic Investigation of Social Media, Acquisition and Analysis of Digital Evidence

2019 ◽  
Vol 2 (1) ◽  
pp. 52-60 ◽  
Author(s):  
Reza Montasari ◽  
Richard Hill ◽  
Victoria Carpenter ◽  
Farshad Montaseri
Keyword(s):  
Social Media ◽  
Social Interaction ◽  
Social Networking ◽  
Social Networking Sites ◽  
Instant Messaging ◽  
Digital Evidence ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Photo Sharing ◽  
Investigation Process

Various social networking sites (SNSs), widely referred to as social media, provide services such as email, blogging, instant messaging and photo sharing for social and commercial interactions. SNSs are facilitating new forms of social interaction, dialogue, exchange and collaboration. They allow millions of users and organisations worldwide to exchange ideas, post updates and comments or participate in activities and events, while sharing their wider interests. At the same time, such a phenomenon has led to an upsurge in significant criminal activities by perpetrators who are becoming increasingly sophisticated in their attempts to deploy technology to circumvent detection. Digital forensic Examiners (DFEs) often face serious challenges in relation to data acquisition. Therefore, this article aims to analyse the significance of SNSs in DFIs and challenges that DFEs often encounter when acquiring evidence from SNSs. Furthermore, this article describes the steps of the digital forensic investigation process that must be taken to acquire digital evidence that is both authentic and forensically sound.

scholarly journals RPAS Forensic Validation Analysis Towards a Technical Investigation Process: A Case Study of Yuneec Typhoon H

Sensors ◽  
2019 ◽  
Vol 19 (15) ◽  
pp. 3246
Author(s):  
Fahad E. Salamh ◽  
Umit Karabiyik ◽  
Marcus K. Rogers
Keyword(s):  
Digital Evidence ◽  
Digital Forensic ◽  
Forensic Validation ◽  
Aerial Vehicle ◽  
Rapid Pace ◽  
Forensic Artifacts ◽  
Aerial Systems ◽  
Admissible Evidence ◽  
Investigation Process

The rapid pace of invention in technology and the evolution of network communication has produced a new lifestyle with variety of opportunities and challenges. Remotely Piloted Aerial Systems (RPAS) technology, which includes drones, is one example of a recently invented technology that requires the collection of a solid body of defensible and admissible evidence to help eliminate potential real-world threats posed by their use. With the advent of smartphones, there has been an increase in digital forensic investigation processes developed to assist specialized digital forensic investigators in presenting forensically sound evidence in the courts of law. Therefore, it is necessary to apply digital forensic techniques and procedures to different types of RPASs in order to create a line of defense against new challenges, such as aerial-related incidents, introduced by the use of these technologies. Drone operations by bad actors are rapidly increasing and these actors are constantly developing new approaches. These criminal operations include invasion of privacy, drug smuggling, and terrorist activities. Additionally, drone crashes and incidents raise significant concerns. In this paper, we propose a technical forensic process consisting of ten technical phases for the analysis of RPAS forensic artifacts, which can reduce the complexity of the identification and investigation of drones. Using the proposed technical process, we analyze drone images using the Computer Forensics Reference Datasets (CFReDS) and present results for the Typhoon H aerial vehicle manufactured by Yuneec, Inc. Furthermore, this paper explores the availability and value of digital evidence that would allow a more practical digital investigation to be able to build an evidence-based experience. Therefore, we particularly focus on developing a technical drone investigation process that can be applied to various types of drones.

scholarly journals Recovering Evidentiary E-mail for Non-Repudiation Forensics

2019 ◽  
Vol 8 (11S2) ◽  
pp. 551-557
Keyword(s):  
Digital Content ◽  
Digital Evidence ◽  
Proof Of Concept ◽  
Legal Evidence ◽  
Whole Process ◽  
File Formats ◽  
Forensic Tools ◽  
Computer Forensic ◽  
E Mail

Computer Forensic, the upcoming branch of forensic science where acquiring, preserving, retrieving and presenting content processed electronically and stored digitally, is used for legal evidence in computer related crimes or any other unethical practice involving manipulation of digital content. Such digital content can take many forms which are manifested by different file formats and digital artifacts”. This paper concentrates on acquisition of deleted e-mail from mailbox of web servers satisfying two tier, three tier and n-tier technology. A detailed survey of several possibilities are included for non-repudiation forensic. A case study of a particular file type using suitable forensic tool is cited as a proof of concept towards this claimed inference to provide digital evidence in case of non-repudiation by sender and/or by receiver. This is simply conducted by using Encase a proprietary Digital forensic tools. The whole process is captured in step by step fashion to have a better understanding of the mechanism used. Recovery of files/emails have certain kinds of legal hurdles, the paper have addressed them as well. This paper contributes to the extend the recovered email can used as a ready digital evidence in any court of law.

scholarly journals Analisa Forensik Whatsapp Messanger Pada Smartphone Android

2020 ◽  
Vol 12 (1) ◽  
pp. 83
Author(s):  
Nenny Anggraini ◽  
Siti Ummi Masruroh ◽  
Hapsari Tiaraningtias
Keyword(s):  
Social Media ◽  
Instant Messaging ◽  
Simulation Method ◽  
Text Messages ◽  
Internet Technology ◽  
Cyber Crime ◽  
Forensic Evidence ◽  
Video File ◽  
Digital Forensic ◽  
Almost All

Abstract Internet technology and smartphones are increasingly rapidly followed by the rise of social media users, especially instant messaging that can be accessed using a smartphone, especially Android. One of the problems of social media is cyber crime that utilizes social media. Based on data from Instant Checkmate in 2014, 30,000 websites were hacked, and 12 casualties fell within a fraction of the crime from fraud to sex crimes, and it occurs in cyber crime involving social media, including instant media WhatsApp messenger. So it takes the forensic digital process to look for evidence of the crime, because basically there is no crime that does not leave a trace. This study was conducted to find the forensic evidence on the WhatsApp messenger application accessed on Android smartphones. WhatsApp messenger was chosen because it used to reach 1.5 billion users from over 2.7 billion users of social media worldwide. In this study, the simulation method used in the study to run 15 scenarios, including the return of the deleted files, the search for forensic evidence such as name and account number, a list of names and contact numbers, group chat, and text messages, pictures, video, and document files on personal chat, then text messages, pictures, videos, document files, voice notes, and location in group chat. The results of this study indicate that almost all forensic evidence traces in the WhatsApp messenger application are found, but the URL media can not be opened because it is encrypted by WhatsApp. Keyword: Digital Forensic, Forensic Evidence, Smartphone, WhatsApp Messenger.  Abstrak Perkembangan teknologi internet dan smartphone yang semakin pesat diikuti pula oleh meningkatnya pengguna media social pada instant messager yang diakses menggunakan smartphone khususnya Android. salah satu permasalahan yang tidak luput dari media sosial adalah tindak kejahatan dunia maya yang memanfaatkan media sosial. Berdasarkan data dari Instant Checkmate pada tahun 2014 sebanyak 30.000 website diretas, dan 12 korban perdetik berjatuhan dari berbagai aspek kejahatan dari penipuan hingga kejahatan seks, dan hal tersebut terjadi dalam praktek kejahatan internet (cyber crime) melibatkan media sosial, termasuk media instant messanger WhatsApp. Sehingga diperlukannya proses digital forensik untuk mencari bukti-bukti kejahatan tersebut, karena pada dasarnya tidak ada kejahatan yang tidak meninggalkan jejak. Penelitian ini dilakukan untuk menemukan bukti-bukti forensik tersebut pada aplikasi WhatsApp messanger yang diakses pada smartphone Android. WhatsApp messanger dipilih karena digunakan mencapai 1,5 tiliyun user dari lebih dari 2,7 triliyun pengguna media sosial seluruh dunia. Pada penelitian ini, metode simulasi digunakan dalam penelitian dengan menjalankan 15 skenario, diantaranya adalah pengembalian file yang dihapus, pencarian bukti forensik berupa nama dan nomor akun, daftar nama dan nomor kontak, group chat, kemudian pesan teks, gambar, video, dan file dokumen pada personal chat, kemudian pesan teks,  gambar, video, file dokumen, voice note, dan location pada group chat. Hasil dari penelitian ini menunjukkan bahwa hampir semua jejak bukti forensik pada aplikasi WhatsApp messanger berhasil ditemukan, namun media URL tidak dapat dibuka karena terenkripsi oleh WhatsApp.Keyword: Bukti Forensik, Digital Forensik, Smartphone, WhatsApp Messanger.

Sign in / Sign up

Export Citation Format

Share Document