Forensic investigations of popular ephemeral messaging applications on Android and iOS platforms

Journal article


Azhar, H., Cox, R. and Chamberlain, A. 2020. Forensic investigations of popular ephemeral messaging applications on Android and iOS platforms. International Journal on Advances in Security. 13 (1 & 2), pp. 41 - 53.
AuthorsAzhar, H., Cox, R. and Chamberlain, A.
Abstract

Ephemeral messaging applications are growing increasingly popular on the digital mobile market. However, they are not always used with good intentions. Criminals may see a gateway into private communication with each other through this transient application data. This could negatively impact criminal court cases for evidence, or civil matters. To find out if messages from such applications can indeed be recovered or not, a forensic examination of the device would be required by the law enforcement authority. This paper reports mobile forensic investigations of ephemeral data from a wide
range of applications using both proprietary and freeware forensic tools. Both Android and iOS platforms were used in the investigation.

The results from the investigation uncovered various artefacts from the iOS device including account information, contacts, and evidence of communication between users. The Android device uncovered evidence of communications, and several media files assumed to be deleted within a storage cache in the Android file system. The forensic tools used within the investigations were evaluated using parameters from the National Institute of Standards and Technology’s (NIST) mobile tool test assertions and test plan.

KeywordsMobile forensics; Digital forensics; NIST measurements; Oxygen Forensics; Ephemeral messaging apps; EMAs
Year2020
JournalInternational Journal on Advances in Security
Journal citation13 (1 & 2), pp. 41 - 53
PublisherIARIA
ISSN1942-2636
Official URLhttp://www.iariajournals.org/security/sec_v13_n12_2020_paged.pdf
Publication dates
Print02 Jul 2020
Publication process dates
Accepted04 May 2020
Deposited06 Jul 2020
Accepted author manuscript
File Access Level
Open
Output statusPublished
References

[1] A. Chamberlain and M.A.H.B. Azhar, “Comparisons of
Forensic Tools to Recover Ephemeral Data from iOS Apps
Used for Cyberbullying”, The Fourth International Conference
on Cyber-Technologies and Cyber-Systems, CYBER 2019,
Porto, Portugal.
[2] R. Graham, “How Terrorists Use Encryption”, Combating
Terrorism Center at West Point. Available from:
https://ctc.usma.edu/how-terrorists-use-encryption/ [Accessed:
01- June- 2020].
[3] C. Cotta, A.J. Fernandez-Lelva, F. Fernandez de Vega and F.
Chavez, “Application Areas of Ephemeral Computing: A
Survey”, in Transactions on Computational Collective
Intelligence: David Camacho, University of Malaga, pp. 155-
157, 2016.
[4] I. Barker, “Cyber criminals turn to messaging apps following
dark web crackdown”, Betanews, 2017. [Online]. Available
from: https://betanews.com/2017/10/25/criminals-turn-tomessaging/ [Accessed: 01- June- 2020].
[5] T. Alyaha and F. Kausar, “Snapchat Analysis to Discover
Digital Forensic Artefacts on Android Smartphone”, in 8th
International Conference on Ambient Systems, Networks and
Technologies, ANT-2017 and the 7th International Conference
on Sustainable Energy Information Technology, SEIT 2017,
16-19 May 2017, Madeira, Portugal, pp. 1035-1040, 2017.
[6] GSMA, “Number of Mobile Subscribers Worldwide Hits 5
Billion”, [Online]. Available from:
https://www.gsma.com/newsroom/press-release/numbermobile-subscribers... [Accessed: 01-
June- 2020].
[7] D. L. Fisher, M.J. Hamilton and J.K. Southwick, “When
Electronic Records Disappear But Legal Issues Linger”,
Law360, Portfolio Media, Inc., Available from:
https://www.pepperlaw.com/publications/when-electronicrecords-disapp...
[Accessed: 01- June- 2020].
[8] J. Graham, “WhatsApp, Wickr Seen by Justice Dept. as Tools
to Erase Evidence”, Available from:
https://biglawbusiness.com/whatsapp-wickr-seen-by-justicedept-as-too... [Accessed: 01- June- 2020].
[9] J. Constine, “Snapchat revives growth in Q1 beat with 190M
users”, Available from:
https://techcrunch.com/2019/04/23/snapchat-q1-2019-
earnings/ [Accessed: 01- June- 2020].
[10] D. Noyes, “The Top 20 Valuable Facebook Statistics”,
Available from: https://zephoria.com/top-15-valuablefacebook-statistics/ [Accessed: 01- June- 2020].
[11] National Institute of Standards and Technology, “Mobile
Device Tool Test Assertions and Test Plan”, 2016. [Online].
Available from:
https://www.nist.gov/system/files/documents/2017/05/09/mob
ile_device_tool_test_assertions_and_test_plan_v2.0.pdf
[Accessed: 01- June- 2020].
[12] K. M. Ovens and G. Morison, “Forensic analysis of kik
messenger on ios devices”, Digital Investigation, vol. 17, pp.
40-52, 2016.
[13] S. C. Sathe and N. M. Dongre, “Data acquisition techniques in
mobile forensics”, in 2018 2nd International Conference on
Inventive Systems and Control (ICISC), pp. 280–286. doi:
10.1109/ICISC.2018.8399079.
[14] M. A. H. B. Azhar and T. Barton, “Forensic Analysis of Secure
Ephemeral Messaging Applications on Android Platforms”,
Jan. 2017, doi: 10.1007/978-3-319-51064-4.
[15] M. Al-Hadadi and A. AlShidhani, “Smartphone Forensics
Analysis: A Case Study”, International Journal of Computer
and Electrical Engineering, vol. 5, pp. 577-579, 2013.
[16] R. Umar, I. Riadi and G. Zamroni, “Mobile Forensic Tools
Evaluation for Digital Crime Investigation”, International
Journal on Advanced Science, Engineering and Information
Technology, vol. 8, pp. 949-955, 2018.
[17] P. Naughton and M. A. H. B. Azhar, “An Investigation on
Forensic Opportunities to Recover Evidential Data from
Mobile Phones and Personal Computers. The Second
International Conference on Cyber-Technologies and CyberSystems”, CYBER 2017, Barcelona, Spain.
[18] ACPO, “ACPO Good Practice Guide for Digital Evidence”,
2012. [Online]. Available from: https://www.digitaldetective.net/digital-forensics
documents/ACPO_Good_Practice_Guide_for_Digital_Eviden
ce_v5.pdf [Accessed: 01- June- 2020].
[19] iPhone 6s, “Wikipedia for iPhone 6s”, [Online]. Available
from: https://en.wikipedia.org/wiki/IPhone_6S [Accessed: 01-
June- 2020].
[20] Vodafone VF695, “User manual of Vodafone VF695”,
[Online]. Available from:
https://www.vodafone.com/content/dam/vodcom/devices/sma
rt-first/User%20Manual%20-%20English.pdf [Accessed: 01-
June- 2020].
[21] Jkielty, “Android v iOS market share”, 2019, DeviceAtlas,
[Online]. Available at: https://deviceatlas.com/blog/android-vios-market-share [Accessed: 01- June- 2020].
[22] Snapchat, “Snapchat APP for mobile”, [Online]. Available
from: https://www.snapchat.com/l/en-gb/ [Accessed: 01- June2020].
[23] Dust, “The APP that protects your assests”, [Online].
Available from: https://usedust.com/ [Accessed: 01- June2020].
[24] Confide, “Your Confidential Messenger”, [Online]. Available
from: https://getconfide.com/ [Accessed: 01- June- 2020].
[25] Facebook Messenger, “Wikipedia for Facebook Messenger”,
[Online]. Available
https://en.wikipedia.org/wiki/Facebook_Messenger
[Accessed: 01- June- 2020].
[26] Signal Messenger, “Wikipedia for Signal Messenger”,
[Online]. Available
https://en.wikipedia.org/wiki/Signal_Messenger [Accessed:
01- June- 2020].
[27] Wire App, “Wikipedia for Wire App”, [Online]. Available
https://en.wikipedia.org/wiki/Wire_(software) [Accessed: 01-
June- 2020].
[28] Omnicore , “Snapchat by the Numbers: Stats, Demographics &
Fun Facts”, 2020. [Online]. Available from:
https://www.omnicoreagency.com/snapchat-statistics/
[Accessed: 01- June- 2020].
[29] Messenger, “Messenger - Android Apps on Google Play”,
[Online], Available at:
https://play.google.com/store/apps/details?id=com.facebook.o
rca [Accessed: 01- June- 2020].
[30] J. Evans, “WhatsApp Partners With Open WhisperSystems To
End-To-End Encrypt Billions Of Messages A Day.” [Online].
Available from https://techcrunch.com/2014/11/18/end-toend-for-everyone/ [Accessed: 01- June- 2020].
[31] Oxygen Forensics, Oxygen Forensic Detective Enterprise,
[Online]. Available from: https://www.oxygenforensic.com/en/products/oxygen-forensic-detective... [Accessed: 01- June- 2020].
[32] MOBILedit Forensic, MOBILedit Forensic Express, [Online].
Available from: https://www.mobiledit.com/onlinestore/forensic-express [Accessed: 01- June- 2020].
[33] Andriller, Android Forensic Tools, [Online]. Available from:
https://www.andriller.com/ [Accessed: 01- June- 2020].
[34] FTK Imager, AccessData. [Oniline], Available from:
https://accessdata.com/product-download [Accessed: 01-
June- 2020].
[35] Autopsy. [Online], Available from:
https://www.sleuthkit.org/autopsy/ [Accessed: 01- June2020].
[36] Andrioid Tools, “Android Forensics: imaging android
filesystem using ADB and DD”, [Online], Available from:
https://www.andreafortuna.org/2018/12/03/android-forensicsimaging-an... [Accessed:
01- June- 2020].
[37] M. Lohrum, “Live imaging an Android device”, [Online]
Available from:http://freeandroidforensics.blogspot.com/2014/08/liveimaging-android... [Accessed: 01- June- 2020].
[38] FireBase Messaging, “Firebase Cloud Messaging”, [Online].
Available from: https://firebase.google.com/docs/cloudmessaging [Accessed: 01- June- 2020].

Permalink -

https://repository.canterbury.ac.uk/item/8vx4w/forensic-investigations-of-popular-ephemeral-messaging-applications-on-android-and-ios-platforms

Download files

Accepted author manuscript
  • 36
    total views
  • 36
    total downloads
  • 11
    views this month
  • 4
    downloads this month

Export as

Related outputs

Comparisons of forensic tools to recover ephemeral data from iOS apps used for cyberbullying
Chamberlain, A. and Azhar, H. 2019. Comparisons of forensic tools to recover ephemeral data from iOS apps used for cyberbullying. in: CYBER 2019, The Fourth International Conference on Cyber-Technologies and Cyber-Systems IARIA. pp. 88-93
Recovery of forensic artefacts from a smart home IoT ecosystem
Azhar, H. and Bate, S. 2019. Recovery of forensic artefacts from a smart home IoT ecosystem. in: CYBER 2019, The Fourth International Conference on Cyber-Technologies and Cyber-Systems IARIA. pp. 94-99
BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients
Casey, A., Azhar, H., Grzes, M. and Sakel, M. 2019. BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients. Disability and Rehabilitation: Assistive Technology.
A cost-effective BCI assisted technology framework for neurorehabilitation
Azhar, H., Casey, A. and Sakel, M. 2018. A cost-effective BCI assisted technology framework for neurorehabilitation.
Effects of students’ preferences in use of lighting and temperature on productivity in a university setting
Azhar, H., Islam, T. and Alfieri, M. 2019. Effects of students’ preferences in use of lighting and temperature on productivity in a university setting. in: Zheng, P., Callaghan, V., Crawford, D., Kymalainen, T. and Reyes-Munoz, A. (ed.) EAI International Conference on Technology, Innovation, Entrepreneurship and Education Springer.
Use of wearable technology to measure emotional responses amongst tennis players
Azhar, H., Nelson, T. and Casey, A. 2019. Use of wearable technology to measure emotional responses amongst tennis players. in: Zheng, P., Callaghan, V., Crawford, D., Kymalainen, T. and Reyes-Munoz, A. (ed.) EAI International Conference on Technology, Innovation, Entrepreneurship and Education Springer.
Drone forensic analysis using open source tools
Azhar, H., Barton, T. and Islam, T. 2018. Drone forensic analysis using open source tools. Journal of Digital Forensics, Security and Law. 13 (1), pp. 7-30.
An investigation on forensic opportunities to recover evidential data from mobile phones and personal computers
Naughton, P. and Azhar, H. 2017. An investigation on forensic opportunities to recover evidential data from mobile phones and personal computers.
BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients
Azhar, H., Barton, T., Casey, A. and Sakel, M. 2017. BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients. Research and Knowledge Exchange Conference 2017.
Open source forensics for a multi-platform drone system
Barton, T. and Azhar, H. 2018. Open source forensics for a multi-platform drone system. in: Matousek, P. and Schmiedecker, M. (ed.) 9th EAI International Conference on Digital Forensics & Cyber Crime Springer. pp. 83-96
Forensic analysis of popular UAV systems
Barton, T. and Azhar, H. 2017. Forensic analysis of popular UAV systems. Emerging Security Technologies (EST), 2017 Seventh International Conference on.
Evaluation of the MPS Predictive Policing Trial (redacted)
Bryant, R., Azhar, H., Blackburn, B. and Falade, M. 2015. Evaluation of the MPS Predictive Policing Trial (redacted).
A wearable brain-computer interface controlled robot
Azhar, H., Badicioiu, A. and Barton, T. 2016. A wearable brain-computer interface controlled robot.
Forensic analysis of the recovery of Wickr’s ephemeral data on Android platforms
Barton, T. and Azhar, H. 2016. Forensic analysis of the recovery of Wickr’s ephemeral data on Android platforms. in: Klemas, T. and Falk, R. (ed.) CYBER 2016 : The First International Conference on Cyber-Technologies and Cyber-Systems IARIA. pp. 35-40
Forensic analysis of secure ephemeral messaging applications on Android platforms
Azhar, H. and Barton, T. 2017. Forensic analysis of secure ephemeral messaging applications on Android platforms. in: Global Security, Safety and Sustainability - The Security Challenges of the Connected World: 11th International Conference, ICGS3 2017, London, UK, January 18-20, 2017, Proceedings Springer.
Forensic acquisitions of WhatsApp data on popular mobile platforms
Shortall, A. and Azhar, H. 2015. Forensic acquisitions of WhatsApp data on popular mobile platforms. in: Proceedings of the Sixth International Conference on Emerging Security Technologies IEEE Press. pp. 13-17
Usability and performance measure of a consumer-grade brain computer interface system for environmental control by neurological patients
Deravi, F., Ang, C., Azhar, H., Al-Wabil, A., Philips, M. and Sakel, M. 2015. Usability and performance measure of a consumer-grade brain computer interface system for environmental control by neurological patients. International Journal of Engineering and Technology Innovation (IJETI). 5 (3), pp. 165-177.
Criticality dispersion in swarms to optimize n-tuples
Azhar, H., Deravi, F. and Dimond, K. 2008. Criticality dispersion in swarms to optimize n-tuples. in: GECCO '08: Proceedings of the 10th Annual Conference on Genetic and Evolutionary Computation New York Association for Computing Machinery. pp. 1-8
Particle swarm intelligence to optimize the learning of n-tuples
Azhar, H., Deravi, F. and Dimond, K. 2008. Particle swarm intelligence to optimize the learning of n-tuples. Journal of Intelligent Systems. 17 (S), pp. 169-196.
Automatic identification of wildlife using local binary patterns
Azhar, H., Hoque, S. and Deravi, F. 2012. Automatic identification of wildlife using local binary patterns. in: IET Conference on Image Processing (IPR 2012) Institute of Engineering and Technology. pp. 5-11
Zoometrics - biometric identification of wildlife using natural body marks
Hoque, S., Azhar, H. and Deravi, F. 2011. Zoometrics - biometric identification of wildlife using natural body marks. International Journal of Bio-Science and Bio-Technology. 3 (3), pp. 45-53.