A Comparative Study of Digital Forensic Tools for Data Extraction From Electronic Devices

2021 ◽  
Vol 21 (1) ◽  
pp. 97-104
Author(s):  
Harshita Tara ◽  
Amarnath Mishra
Keyword(s):  
Comparative Study ◽  
Data Extraction ◽  
Electronic Devices ◽  
Digital Forensic ◽  
Forensic Tools

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

2017 ◽  
Vol 2 (11) ◽  
pp. 8-16
Author(s):  
Moses Ashawa ◽  
Innocent Ogwuche
Keyword(s):  
Mobile Phones ◽  
Instant Messaging ◽  
Data Extraction ◽  
Digital Evidence ◽  
Cyber Attack ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Proportional Increase ◽  
Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

scholarly journals An Australian Longitudinal Study Into Remnant Data Recovered From Second-Hand Memory Cards

2018 ◽  
Vol 12 (4) ◽  
pp. 82-97
Author(s):  
Patryk Szewczyk ◽  
Krishnun Sansurooah ◽  
Patricia A. H. Williams
Keyword(s):  
Electronic Devices ◽  
High Capacity ◽  
Financial Loss ◽  
The Public ◽  
Government Organizations ◽  
Digital Forensic ◽  
Memory Card ◽  
Longitudinal Comparison ◽  
Forensic Tools ◽  
The Impact

Consumers demand fast, high capacity, upgradeable memory cards for portable electronic devices, with secure digital (SD) and microSD the most popular. Despite this demand, secure erasure of data is still not a composite part of disposure practices. To investigate the extent of this problem, second-hand memory cards were procured from the Australian eBay site between 2011 and 2015. Digital forensic tools were used to acquire and analyze each memory card to determine the type and quantity of remnant data. This paper presents the results of the 2014 and 2015 studies and compares these findings to the 2011–2013 research studies. The longitudinal comparison indicates resold memory cards are disposed insecurely, with personal, confidential and business data undeleted or easily recoverable. The impact of such discoveries, where information is placed in the public domain, has the potential to cause embarrassment and financial loss to individuals, business, and government organizations.

Analysis of Skype Digital Evidence Recovery based on Android Smartphones Using the NIST Framework

2020 ◽  
Vol 4 (4) ◽  
pp. 682-690
Author(s):  
Anton Yudhana ◽  
Abdul Fadlil ◽  
Muhammad Rizki Setyawan
Keyword(s):  
Electronic Devices ◽  
Data Recovery ◽  
Digital Evidence ◽  
Network Technology ◽  
Removal Method ◽  
Manual Removal ◽  
Digital Forensic ◽  
Forensic Tools

Cybercrime is an activity utilizing electronic devices and network technology as tools or media to commit crimes. One of them uses the Skype application that is installed on the smartphone. In finding evidence from a cybercrime case, a forensic activity known as digital forensic must be carried out. This study aims to recover digital evidence that has been erased using the NIST framework and forensic tools such as Oxygen and Belkasoft. The results of digital evidence recovery from smartphone Samsung J2 in the removal scenario via the application manager, the Oxygen tool cannot recover deleted data and the percentage of success using Belkasoft is 26%. While the results of data recovery with the manual removal method the percentage of success using Oxygen was 63% and Belkasoft was 44%. Digital evidence recovery results from smartphones Andromax A on the erase scenario through the application manager, Oxygen and Belkasoft tools cannot recover deleted data. While manual removal of Oxygen by 61% and Belkasoft cannot restore data. It can be concluded the results of data recovery from both smartphones that are used according to the erasure method through the application manager, Belkasoft has better performance than Oxygen, and data recovery according to the method of erasing manually, Oxygen has better performance than Belkasoft.

scholarly journals A Dataset of Photos and Videos for Digital Forensics Analysis Using Machine Learning Processing

Data ◽  
2021 ◽  
Vol 6 (8) ◽  
pp. 87
Author(s):  
Sara Ferreira ◽  
Mário Antunes ◽  
Manuel E. Correia
Keyword(s):  
Machine Learning ◽  
Digital Forensics ◽  
State Of The Art ◽  
Forensic Analysis ◽  
Third Party ◽  
Support Vector ◽  
Multimedia Content ◽  
Digital Forensic ◽  
Video Frames ◽  
Forensic Tools

Deepfake and manipulated digital photos and videos are being increasingly used in a myriad of cybercrimes. Ransomware, the dissemination of fake news, and digital kidnapping-related crimes are the most recurrent, in which tampered multimedia content has been the primordial disseminating vehicle. Digital forensic analysis tools are being widely used by criminal investigations to automate the identification of digital evidence in seized electronic equipment. The number of files to be processed and the complexity of the crimes under analysis have highlighted the need to employ efficient digital forensics techniques grounded on state-of-the-art technologies. Machine Learning (ML) researchers have been challenged to apply techniques and methods to improve the automatic detection of manipulated multimedia content. However, the implementation of such methods have not yet been massively incorporated into digital forensic tools, mostly due to the lack of realistic and well-structured datasets of photos and videos. The diversity and richness of the datasets are crucial to benchmark the ML models and to evaluate their appropriateness to be applied in real-world digital forensics applications. An example is the development of third-party modules for the widely used Autopsy digital forensic application. This paper presents a dataset obtained by extracting a set of simple features from genuine and manipulated photos and videos, which are part of state-of-the-art existing datasets. The resulting dataset is balanced, and each entry comprises a label and a vector of numeric values corresponding to the features extracted through a Discrete Fourier Transform (DFT). The dataset is available in a GitHub repository, and the total amount of photos and video frames is 40,588 and 12,400, respectively. The dataset was validated and benchmarked with deep learning Convolutional Neural Networks (CNN) and Support Vector Machines (SVM) methods; however, a plethora of other existing ones can be applied. Generically, the results show a better F1-score for CNN when comparing with SVM, both for photos and videos processing. CNN achieved an F1-score of 0.9968 and 0.8415 for photos and videos, respectively. Regarding SVM, the results obtained with 5-fold cross-validation are 0.9953 and 0.7955, respectively, for photos and videos processing. A set of methods written in Python is available for the researchers, namely to preprocess and extract the features from the original photos and videos files and to build the training and testing sets. Additional methods are also available to convert the original PKL files into CSV and TXT, which gives more flexibility for the ML researchers to use the dataset on existing ML frameworks and tools.

Akuisisi Bukti Digital Viber Messenger Android Menggunakan Metode National Institute of Standards and Technology (NIST)

2021 ◽  
Vol 5 (1) ◽  
pp. 45-54
Author(s):  
Imam Riadi ◽  
Rusydi Umar ◽  
Muhammad Irwan Syahib
Keyword(s):  
Extraction Process ◽  
Text Messages ◽  
Digital Evidence ◽  
Digital Forensic ◽  
Digital Crime ◽  
The World ◽  
Instant Messenger ◽  
Negative Impacts ◽  
Forensic Tools ◽  
Voice Calls

Viber is one of the most popular social media in the Instant Messenger application category that can be used to send text messages, make voice calls, send picture messages and video messages to other users. As many as 260 million people around the world have used this application. Increasing the number of viber users certainly brings positive and negative impacts, one of the negative impacts of this application is the use of digital forensic crime. This research simulates and removes digital crime evidence from the viber application on Android smartphones using the National Institute of Standards Technology (NIST) method, which is a method that has work guidelines on forensic policy and process standards to ensure each investigator follows the workflow the same so that their work is documented and the results can be accounted for. This study uses three forensic tools, MOBILedit Forensic Express, Belkasoft and Autopsy. The results in this study show that MOBILedit Forensic Express gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. Belkasoft gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. For Autopsy does not give the expected results in the extraction process, in other words the Autopsy application gives zero results. It can be concluded that MOBILedit Forensic Express and Belkasoft have a good performance compared to Autopsy and thus this research has been completed and succeeded in accordance with the expected goals.

Digital Forensic Analysis of Cybercrimes

2017 ◽  
Vol 11 (2) ◽  
pp. 25-37 ◽  
Author(s):  
Regner Sabillon ◽  
Jordi Serra-Ruiz ◽  
Victor Cavaller ◽  
Jeimy J. Cano
Keyword(s):  
Best Practices ◽  
International Collaboration ◽  
Forensic Analysis ◽  
Lessons Learned ◽  
Digital Ecosystems ◽  
Cyber Forensics ◽  
Digital Forensic ◽  
Chain Of Custody ◽  
Technological Ecosystems ◽  
Forensic Tools

This paper reviews the existing methodologies and best practices for digital investigations phases like collecting, evaluating and preserving digital forensic evidence and chain of custody of cybercrimes. Cybercriminals are adopting new strategies to launch cyberattacks within modified and ever changing digital ecosystems, this article proposes that digital investigations must continually readapt to tackle cybercrimes and prosecute cybercriminals, working in international collaboration networks, sharing prevention knowledge and lessons learned. The authors also introduce a compact cyber forensics model for diverse technological ecosystems called Cyber Forensics Model in Digital Ecosystems (CFMDE). Transferring the knowledge, international collaboration, best practices and adopting new digital forensic tools, methodologies and techniques will be hereinafter paramount to obtain digital evidence, enforce organizational cybersecurity policies, mitigate security threats, fight anti-forensics practices and indict cybercriminals. The global Digital Forensics community ought to constantly update current practices to deal with cybercriminality and foreseeing how to prepare to new technological environments where change is always constant.

Sign in / Sign up

Export Citation Format

Share Document