Daniel Spiekermann
ABSTRACT
The forensic investigation of data stored on mobile devices is a common option to analyze and solve cyber-crime cases. The analysis of the installed applications extracts and collects information to clarify unknown conditions and might provide additional details. Unfortunately, some applications store messages encrypted. So, the information is only readable in the app, which sometimes require online access to start and display these messages. The demanded online access is a predicament; whereas the start of the app or the download of these messages provides new information to solve the case, the danger of remote wiping during the online connection is high. Available environments to facilitate an online access and simultaneously block other connections are available, but they fail during a forensic investigation. In this paper a novel approach for a forensic access point (FAP) is proposed. The design of FAP focuses on the implementation of an isolated environment, which allows the connection of the device and specific online services considering current requirements. The architecture is evaluated by a proof-of-concept (PoC), which proves the usability in a forensically sound manner.
- Rizwan Ahmed and Rajiv V Dharaskar. 2008. Mobile forensics: an overview, tools, future trends and challenges from law enforcement perspective. In 6th International Conference on E-Governance, ICEG, Emerging Technologies in E-Government, M-Government. 312--323.Google Scholar
- Mennatallah Amer, Markus Goldstein, and Slim Abdennadher. 2013. Enhancing One-Class Support Vector Machines for Unsupervised Anomaly Detection. In Proceedings of the ACM SIGKDD Workshop on Outlier Detection and Description (Chicago, Illinois) (ODD 13). Association for Computing Machinery, New York, NY, USA, 815. https://doi.org/10.1145/2500853.2500857Google ScholarDigital Library
- Markus M Breunig, Hans-Peter Kriegel, Raymond T Ng, and Jörg Sander. 2000. LOF: identifying density-based local outliers. In ACM SIGMOD international conference on Management of data. 93--104.Google ScholarDigital Library
- Brian Carrier and Eugene H Spafford. 2004. An event-based digital forensic investigation framework. In Digital forensic research workshop. 11--13.Google Scholar
- Cellebrite. 2020. Online. https://www.cellebrite.com/en/ufed/Google Scholar
- Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly detection: A survey. ACM Computing Surveys (CSUR) 41, 3 (2009), 15.Google ScholarDigital Library
- Duncan Cook, Jacky Hartnett, Kevin Manderson, and Joel Scanlan. 2006. Catching spam before it arrives: domain specific dynamic blacklists. In Proceedings of the 2006 Australasian workshops on Grid computing and e-research-Volume 54. 193--202.Google Scholar
- Sarang Dharmapurikar, Praveen Krishnamurthy, Todd Sproull, and John Lockwood. 2003. Deep packet inspection using parallel bloom filters. In 11th Symposium on High Performance Interconnects, 2003. Proceedings. IEEE, 44--51.Google ScholarCross Ref
- S. Dogan and E. Akbal. 2017. Analysis of mobile phones in digital forensics. In 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). 1241--1244.Google Scholar
- Josiah Dykstra and Alan T Sherman. 2013. Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform. Digital Investigation 10 (2013), 87--95.Google ScholarDigital Library
- John Heidemann. 2017. Query Storage and Relay in Research Root (LACREND RR). Technical Report. University of Southern California.Google Scholar
- Soshi Hirono, Yukiko Yamaguchi, Hajime Shimada, and Hiroki Takakura. 2014. Development of a secure traffic analysis system to trace malicious activities on internal networks. In 2014 IEEE 38th Annual Computer Software and Applications Conference. IEEE, 305--310.Google ScholarDigital Library
- Instagram. 2020. About us. Online. https://about.instagram.com/about-usGoogle Scholar
- Wayne Jansen and Rick Ayers. 2007. Guidelines on cell phone forensics. NIST Special Publication 800, 101 (2007), 800--101.Google Scholar
- Wayne Jansen, Richard P. Ayers, and Sam Brothers. 2014. SP 800--101 Rev 1. Guidelines on Mobile Device Forensics. Technical Report. NIST, Gaithersburg, MD, USA.Google Scholar
- Marc Kührer, Christian Rossow, and Thorsten Holz. 2014. Paint it black: Evaluating the effectiveness of malware blacklists. In International Workshop on Recent Advances in Intrusion Detection. Springer, 1--21.Google ScholarCross Ref
- Linfeng Li, Marko Helenius, and Eleni Berki. 2012. A usability test of whitelist and blacklist-based anti-phishing application. In Proceeding of the 16th International Academic MindTrek Conference. 195--202.Google ScholarDigital Library
- Ying Lin. 2020. 10 WhatsApp Statistics Every Marketer Should Know in 2020. Online. https://www.oberlo.com/blog/whatsapp-statisticsGoogle Scholar
- Fei Tony Liu, Kai Ming Ting, and Zhi-Hua Zhou. 2008. Isolation forest. In 8th IEEE International Conference on Data Mining. IEEE, 413--422.Google ScholarDigital Library
- Tingwen Liu, Yong Sun, Alex X. Liu, Li Guo, and Binxing Fang. 2012. A Prefiltering Approach to Regular Expression Matching for Network Security Systems. In Applied Cryptography and Network Security, Feng Bao, Pierangela Samarati, and Jianying Zhou (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 363--380.Google Scholar
- Markos Markou and Sameer Singh. 2003. Novelty detection: a review - part 1: statistical approaches. Signal processing 83, 12 (2003), 2481--2497.Google Scholar
- Rodney McKemmish. 2008. When is Digital Evidence Forensically Sound?. In IFIP International Conference on Digital Forensics.Google ScholarCross Ref
- MSAB. 2020. XRY Physical. Online. https://www.msab.com/products/xry/xry-physical/Google Scholar
- National Institute for Standards and Technology. 2004. Digital Data Acquisition Tool Specification. Technical Report. NIST, Gaithersburg, MD, USA.Google Scholar
- Cameron Neylon. 2017. Blacklists are technically infeasible, practically unreliable and unethical. Impact of Social Sciences Blog (2017).Google Scholar
- Aafaf Ouaddah, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2016. FairAccess: a new Blockchain-based access control framework for the Internet of Things. Security and Communication Networks 9, 18 (2016), 5943--5964.Google Scholar
- Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Access control in the Internet of Things: Big challenges and new opportunities. Computer Networks 112 (2017), 237--262.Google ScholarDigital Library
- Lei Pan and Lynn Margaret Batten. 2005. Reproducibility of Digital Evidence in Forensic Investigations. In Proceedings of the 5th Annual Digital Forensic Research Workshop, DFRWS 2005, Astor Crowne Plaza, New Orleans, Louisiana, USA, August 17-19, 2005.Google Scholar
- Imam Riadi, Anton Yudhana, and Muhamad Putra. 2018. Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method. Scientific Journal of Informatics 5 (11 2018), 235--247.Google Scholar
- Vyas Sekar, Michael K Reiter, Walter Willinger, Hui Zhang, Ramana Rao Kompella, and David G Andersen. 2008. CSAMP: a system for network-wide flow monitoring. (2008).Google Scholar
- Haoyu Song, Sarang Dharmapurikar, Jonathan Turner, and John Lockwood. 2005. Fast Hash Table Lookup Using Extended Bloom Filter: An Aid to Network Processing. In Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (Philadelphia, Pennsylvania, USA) (SIGCOMM 05). Association for Computing Machinery, New York, NY, USA, 181--192. https://doi.org/10.1145/1080091.1080114Google ScholarDigital Library
- statcounter. 2020. Mobile Operating System Market Share Worldwide. Online. https://gs.statcounter.com/os-market-share/mobile/worldwideGoogle Scholar
- Brian Trapp. 2014. Monitoring android traffic with wireshark. Linux Journal 2014, 242 (2014), 1.Google ScholarDigital Library
- H.M.A. van Beek, E.J. van Eijk, R.B. van Baar, M. Ugen, J.N.C. Bodde, and A.J. Siemelink. 2015. Digital forensics as a service: Game on. Digital Investigation 15 (2015), 20--38. Special Issue: Big Data and Intelligent Data Analysis.Google ScholarDigital Library
- Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Jason Moore, and Frank Breitinger. 2015. Network and device forensic analysis of android social-messaging applications. Digital Investigation 14 (2015), 77--84.Google ScholarDigital Library
- Katsunari Yoshioka and Tsutomu Matsumoto. 2010. Multi-pass malware sandbox analysis with controlled internet connection. IEICE transactions on fundamentals of electronics, communications and computer sciences 93, 1 (2010), 210--218.Google Scholar
- Guntur Zamroni and Imam Riadi. 2019. Instant Messaging Forensic Tools Comparison on Android Operating System. KINETIK 4 (05 2019), 137--148.Google Scholar
- Yuanyu Zhang, Shoji Kasahara, Yulong Shen, Xiaohong Jiang, and Jianxiong Wan. 2018. Smart contract-based access control for the internet of things. IEEE Internet of Things Journal 6, 2 (2018), 1594--1605.Google ScholarCross Ref
Recommendations
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesRole-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
A Measurement-based Study on Application Popularity in Android and iOS App Stores
Mobidata '15: Proceedings of the 2015 Workshop on Mobile Big DataMobile application stores (appstores) are emerging digital distribution platforms with explosive growth. Although there have been some observations on the mobile application (app) popularity in Android appstores, there is no report on the app popularity ...
Comments