Forensic Analysis of Secure Ephemeral Messaging Applications on Android Platforms

Azhar, M. A. Hannan Bin; Barton, Thomas

doi:10.1007/978-3-319-51064-4_3

Cited by 12 publications

(16 citation statements)

References 5 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several works have tackled recovery and digital forensics of specific messaging apps, like Telegram [9,18,24]. The techniques mainly utilise disk images to retrieve valuable evidence.…”

Section: Related Workmentioning

confidence: 99%

Real-Time Triggering of Android Memory Dumps for Stealthy Attack Investigation

et al. 2021

View full text Add to dashboard Cite

Attackers regularly target Android phones and come up with new ways to bypass detection mechanisms to achieve long-term stealth on a victim’s phone. One way attackers do this is by leveraging critical benign app functionality to carry out specific attacks.In this paper, we present a novel generalised framework, JIT-MF (Just-in-time Memory Forensics), which aims to address the problem of timely collection of short-lived evidence in volatile memory to solve the stealthiest of Android attacks. The main components of this framework are i) Identification of critical data objects in memory linked with critical benign application steps that may be misused by an attacker; and ii) Careful selection of trigger points, which identify when memory dumps should be taken during benign app execution.The effectiveness and cost of trigger point selection, a cornerstone of this framework, are evaluated in a preliminary qualitative study using Telegram and Pushbullet as the victim apps targeted by stealthy malware. Our study identifies that JIT-MF is successful in dumping critical data objects on time, providing evidence that eludes all other forensic sources. Experimentation offers insight into identifying categories of trigger points that can strike a balance between the effort required for selection and the resulting effectiveness and storage costs. Several optimisation measures for the JIT-MF tools are presented, considering the typical resource constraints of Android devices.

show abstract

“…Several works have tackled recovery and digital forensics of specific messaging apps, like Telegram [9,18,24]. The techniques mainly utilise disk images to retrieve valuable evidence.…”

Section: Related Workmentioning

confidence: 99%

Real-Time Triggering of Android Memory Dumps for Stealthy Attack Investigation

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Especially, many works have been done on Whatsapp Messenger [5]- [7]. Telegram [7]- [9], Facebook, Twitter, Instagram [10]- [13] and there are still many ongoing works.…”

Section: Related Workmentioning

confidence: 99%

Rating Of The Relationship Between Users Using The Data From The Implemented Mobile Forensic Software

Berber¹,

Küçüksille²

2020

Pamukkale J Eng Sci

View full text Add to dashboard Cite

ÖzDuring the digital forensic process, different software and hardware tools are used. The devices from which the digital evidences are collected have been varied in parallel with the developments in technology. The issue of identifying the mobile phone owner's friends and assessing his relationship with them with the help of digital evidences collected from the Android mobile phones has been studied in the literature and it is still under investigation. The software developed in this work enables accessing a variety of data that have evidential value in the court proceedings; these include physical and logical acquisition of images from mobile phones with Android operating system, extracting images for investigations, examining different file types in images, and databases. This software can collect and examine the evidences and then produce reports. At the same time, it can identify criminals or people with potentially have connections to those people whose accounts are under investigations by using developed analysis model which examines the relationships between social media applications` data, phone contacts and calling histories collected from the mobile devices. In this work, the evidences examined by using a novel software developed by the authors which performs multiple tasks using a single interface and the corresponding results are presented.Adli bilişim sürecinde çok çeşitli yazılımlar ve donanımlar kullanılmaktadır. Teknolojinin hızlı gelişimine paralel olarak dijital delillerin toplandığı cihazlar da hızla çeşitlenmektedir. Android mobil telefonlardan toplanan dijital deliller yardımı ile bu telefona sahip kişinin arkadaşlarının ve bu arkadaşları ile ilişkilerinin derecelendirilerek tespit edilmesi, literatürde çalışılmış ve üzerinde çalışılmaya devam eden konulardan biridir. Bu çalışmada geliştirilen yazılım, Android işletim sistemine sahip mobil cihazlardan fiziksel ve mantıksal imaj alma, imajın incelenmek üzere açılması, imaj içinde farklı dosya türlerinin incelenmesi, veri tabanı incelemeleri gibi dijital delil niteliği taşıyan birçok veriye erişilmesini sağlamaktadır. Delil elde etme, delilleri inceleme ve raporlama işlemlerini yapabilen bu yazılım aynı zamanda geliştirilen analiz modeliyle mobil cihazlardan elde edilen sosyal medya uygulama verileri, telefon rehberi ve görüşme kayıtları arasındaki ilişkileri inceleyerek suçlunun veya hesapları incelenen kişilerin, ilişkili olma ihtimali yüksek kişileri tespit edebilmektedir. Birçok işlemi tek bir ara yüzden yapabilmesi ve veri analiz yöntemi bakımından, özgün bir çalışma olarak gerçekleştirilen yazılımla incelenen deliller ve elde edilen bulgular bu çalışmada sunulmuştur.

show abstract

“…As mentioned in Section 3, a Motorola Moto G 3rd Generation running a customised version of Android, CyanogenMod (CM) version 12.1 ( CyanogenMod, 2017), was used as the test mobile platform. This operating system provide rooting, which is necessary to access portions of internal storage that are protected by the operating system's security (Azhar & Barton, 2016). With this customised operating system the root access was granted natively…”

Section: 1 Mobile Forensicsmentioning

confidence: 99%

Drone Forensic Analysis Using Open Source Tools

Azhar

Barton

Islam

2018

JDFSL

View full text Add to dashboard Cite

Carrying capabilities of drones and their easy accessibility to the public have led to an increase in crimes committed using drones in recent years. For this reason, the need for forensic analysis of drones captured from the crime scenes and the devices used for these drones is also paramount. This paper presents the extraction and identification of important artefacts from the recorded flight data as well as the associated mobile devices using open source tools and some basic scripts developed to aid the analysis of two popular drone systems-the DJI Phantom 3 Professional and Parrot AR. Drone 2.0. Although different drones vary in their operations, this paper extends the extraction and analysis of the data from the drones and associated devices using some generic methods which are forensically sound adhering to the guidelines of the Association of Chief Police Officers (ACPO).

show abstract

Forensic Analysis of Secure Ephemeral Messaging Applications on Android Platforms

Cited by 12 publications

References 5 publications

Real-Time Triggering of Android Memory Dumps for Stealthy Attack Investigation

Real-Time Triggering of Android Memory Dumps for Stealthy Attack Investigation

Rating Of The Relationship Between Users Using The Data From The Implemented Mobile Forensic Software

Drone Forensic Analysis Using Open Source Tools

Contact Info

Product

Resources

About