Forensic investigations of popular ephemeral messaging applications on Android and iOS platforms

Journal article


Azhar, H., Cox, R. and Chamberlain, A. 2020. Forensic investigations of popular ephemeral messaging applications on Android and iOS platforms. International Journal on Advances in Security. 13 (1 & 2), pp. 41 - 53.
AuthorsAzhar, H., Cox, R. and Chamberlain, A.
Abstract

Ephemeral messaging applications are growing increasingly popular on the digital mobile market. However, they are not always used with good intentions. Criminals may see a gateway into private communication with each other through this transient application data. This could negatively impact criminal court cases for evidence, or civil matters. To find out if messages from such applications can indeed be recovered or not, a forensic examination of the device would be required by the law enforcement authority. This paper reports mobile forensic investigations of ephemeral data from a wide
range of applications using both proprietary and freeware forensic tools. Both Android and iOS platforms were used in the investigation.

The results from the investigation uncovered various artefacts from the iOS device including account information, contacts, and evidence of communication between users. The Android device uncovered evidence of communications, and several media files assumed to be deleted within a storage cache in the Android file system. The forensic tools used within the investigations were evaluated using parameters from the National Institute of Standards and Technology’s (NIST) mobile tool test assertions and test plan.

KeywordsMobile forensics; Digital forensics; NIST measurements; Oxygen Forensics; Ephemeral messaging apps; EMAs
Year2020
JournalInternational Journal on Advances in Security
Journal citation13 (1 & 2), pp. 41 - 53
PublisherIARIA
ISSN1942-2636
Official URLhttp://www.iariajournals.org/security/sec_v13_n12_2020_paged.pdf
Publication dates
Print02 Jul 2020
Publication process dates
Accepted04 May 2020
Deposited06 Jul 2020
Accepted author manuscript
File Access Level
Open
Output statusPublished
References

[1] A. Chamberlain and M.A.H.B. Azhar, “Comparisons of
Forensic Tools to Recover Ephemeral Data from iOS Apps
Used for Cyberbullying”, The Fourth International Conference
on Cyber-Technologies and Cyber-Systems, CYBER 2019,
Porto, Portugal.
[2] R. Graham, “How Terrorists Use Encryption”, Combating
Terrorism Center at West Point. Available from:
https://ctc.usma.edu/how-terrorists-use-encryption/ [Accessed:
01- June- 2020].
[3] C. Cotta, A.J. Fernandez-Lelva, F. Fernandez de Vega and F.
Chavez, “Application Areas of Ephemeral Computing: A
Survey”, in Transactions on Computational Collective
Intelligence: David Camacho, University of Malaga, pp. 155-
157, 2016.
[4] I. Barker, “Cyber criminals turn to messaging apps following
dark web crackdown”, Betanews, 2017. [Online]. Available
from: https://betanews.com/2017/10/25/criminals-turn-tomessaging/ [Accessed: 01- June- 2020].
[5] T. Alyaha and F. Kausar, “Snapchat Analysis to Discover
Digital Forensic Artefacts on Android Smartphone”, in 8th
International Conference on Ambient Systems, Networks and
Technologies, ANT-2017 and the 7th International Conference
on Sustainable Energy Information Technology, SEIT 2017,
16-19 May 2017, Madeira, Portugal, pp. 1035-1040, 2017.
[6] GSMA, “Number of Mobile Subscribers Worldwide Hits 5
Billion”, [Online]. Available from:
https://www.gsma.com/newsroom/press-release/numbermobile-subscribers... [Accessed: 01-
June- 2020].
[7] D. L. Fisher, M.J. Hamilton and J.K. Southwick, “When
Electronic Records Disappear But Legal Issues Linger”,
Law360, Portfolio Media, Inc., Available from:
https://www.pepperlaw.com/publications/when-electronicrecords-disapp...
[Accessed: 01- June- 2020].
[8] J. Graham, “WhatsApp, Wickr Seen by Justice Dept. as Tools
to Erase Evidence”, Available from:
https://biglawbusiness.com/whatsapp-wickr-seen-by-justicedept-as-too... [Accessed: 01- June- 2020].
[9] J. Constine, “Snapchat revives growth in Q1 beat with 190M
users”, Available from:
https://techcrunch.com/2019/04/23/snapchat-q1-2019-
earnings/ [Accessed: 01- June- 2020].
[10] D. Noyes, “The Top 20 Valuable Facebook Statistics”,
Available from: https://zephoria.com/top-15-valuablefacebook-statistics/ [Accessed: 01- June- 2020].
[11] National Institute of Standards and Technology, “Mobile
Device Tool Test Assertions and Test Plan”, 2016. [Online].
Available from:
https://www.nist.gov/system/files/documents/2017/05/09/mob
ile_device_tool_test_assertions_and_test_plan_v2.0.pdf
[Accessed: 01- June- 2020].
[12] K. M. Ovens and G. Morison, “Forensic analysis of kik
messenger on ios devices”, Digital Investigation, vol. 17, pp.
40-52, 2016.
[13] S. C. Sathe and N. M. Dongre, “Data acquisition techniques in
mobile forensics”, in 2018 2nd International Conference on
Inventive Systems and Control (ICISC), pp. 280–286. doi:
10.1109/ICISC.2018.8399079.
[14] M. A. H. B. Azhar and T. Barton, “Forensic Analysis of Secure
Ephemeral Messaging Applications on Android Platforms”,
Jan. 2017, doi: 10.1007/978-3-319-51064-4.
[15] M. Al-Hadadi and A. AlShidhani, “Smartphone Forensics
Analysis: A Case Study”, International Journal of Computer
and Electrical Engineering, vol. 5, pp. 577-579, 2013.
[16] R. Umar, I. Riadi and G. Zamroni, “Mobile Forensic Tools
Evaluation for Digital Crime Investigation”, International
Journal on Advanced Science, Engineering and Information
Technology, vol. 8, pp. 949-955, 2018.
[17] P. Naughton and M. A. H. B. Azhar, “An Investigation on
Forensic Opportunities to Recover Evidential Data from
Mobile Phones and Personal Computers. The Second
International Conference on Cyber-Technologies and CyberSystems”, CYBER 2017, Barcelona, Spain.
[18] ACPO, “ACPO Good Practice Guide for Digital Evidence”,
2012. [Online]. Available from: https://www.digitaldetective.net/digital-forensics
documents/ACPO_Good_Practice_Guide_for_Digital_Eviden
ce_v5.pdf [Accessed: 01- June- 2020].
[19] iPhone 6s, “Wikipedia for iPhone 6s”, [Online]. Available
from: https://en.wikipedia.org/wiki/IPhone_6S [Accessed: 01-
June- 2020].
[20] Vodafone VF695, “User manual of Vodafone VF695”,
[Online]. Available from:
https://www.vodafone.com/content/dam/vodcom/devices/sma
rt-first/User%20Manual%20-%20English.pdf [Accessed: 01-
June- 2020].
[21] Jkielty, “Android v iOS market share”, 2019, DeviceAtlas,
[Online]. Available at: https://deviceatlas.com/blog/android-vios-market-share [Accessed: 01- June- 2020].
[22] Snapchat, “Snapchat APP for mobile”, [Online]. Available
from: https://www.snapchat.com/l/en-gb/ [Accessed: 01- June2020].
[23] Dust, “The APP that protects your assests”, [Online].
Available from: https://usedust.com/ [Accessed: 01- June2020].
[24] Confide, “Your Confidential Messenger”, [Online]. Available
from: https://getconfide.com/ [Accessed: 01- June- 2020].
[25] Facebook Messenger, “Wikipedia for Facebook Messenger”,
[Online]. Available
https://en.wikipedia.org/wiki/Facebook_Messenger
[Accessed: 01- June- 2020].
[26] Signal Messenger, “Wikipedia for Signal Messenger”,
[Online]. Available
https://en.wikipedia.org/wiki/Signal_Messenger [Accessed:
01- June- 2020].
[27] Wire App, “Wikipedia for Wire App”, [Online]. Available
https://en.wikipedia.org/wiki/Wire_(software) [Accessed: 01-
June- 2020].
[28] Omnicore , “Snapchat by the Numbers: Stats, Demographics &
Fun Facts”, 2020. [Online]. Available from:
https://www.omnicoreagency.com/snapchat-statistics/
[Accessed: 01- June- 2020].
[29] Messenger, “Messenger - Android Apps on Google Play”,
[Online], Available at:
https://play.google.com/store/apps/details?id=com.facebook.o
rca [Accessed: 01- June- 2020].
[30] J. Evans, “WhatsApp Partners With Open WhisperSystems To
End-To-End Encrypt Billions Of Messages A Day.” [Online].
Available from https://techcrunch.com/2014/11/18/end-toend-for-everyone/ [Accessed: 01- June- 2020].
[31] Oxygen Forensics, Oxygen Forensic Detective Enterprise,
[Online]. Available from: https://www.oxygenforensic.com/en/products/oxygen-forensic-detective... [Accessed: 01- June- 2020].
[32] MOBILedit Forensic, MOBILedit Forensic Express, [Online].
Available from: https://www.mobiledit.com/onlinestore/forensic-express [Accessed: 01- June- 2020].
[33] Andriller, Android Forensic Tools, [Online]. Available from:
https://www.andriller.com/ [Accessed: 01- June- 2020].
[34] FTK Imager, AccessData. [Oniline], Available from:
https://accessdata.com/product-download [Accessed: 01-
June- 2020].
[35] Autopsy. [Online], Available from:
https://www.sleuthkit.org/autopsy/ [Accessed: 01- June2020].
[36] Andrioid Tools, “Android Forensics: imaging android
filesystem using ADB and DD”, [Online], Available from:
https://www.andreafortuna.org/2018/12/03/android-forensicsimaging-an... [Accessed:
01- June- 2020].
[37] M. Lohrum, “Live imaging an Android device”, [Online]
Available from:http://freeandroidforensics.blogspot.com/2014/08/liveimaging-android... [Accessed: 01- June- 2020].
[38] FireBase Messaging, “Firebase Cloud Messaging”, [Online].
Available from: https://firebase.google.com/docs/cloudmessaging [Accessed: 01- June- 2020].

Permalink -

https://repository.canterbury.ac.uk/item/8vx4w/forensic-investigations-of-popular-ephemeral-messaging-applications-on-android-and-ios-platforms

Download files


Accepted author manuscript
  • 1565
    total views
  • 1194
    total downloads
  • 23
    views this month
  • 29
    downloads this month

Export as

Related outputs

Metaverse application forensics: Unravelling the virtual truth
Azhar, H. and Rush-Gadsby, O. Metaverse application forensics: Unravelling the virtual truth. in: Cybersecurity Challenges in the Age of AI, Space Communications and Cyborgs Proceedings of the 15th International Conference on Global Security, Safety and Sustainability, London, October 2023 Cham Springer. pp. 399-414
Transformer-based Models for Enhanced Amur Tiger Re-Identification
Bai, Xufeng, Islam, Tasmina and Bin Azhar, M A Hannan 2024. Transformer-based Models for Enhanced Amur Tiger Re-Identification. in: 2024 IEEE 22nd World Symposium on Applied Machine Intelligence and Informatics (SAMI) IEEE.
Trustworthy Insights: A Novel Multi-Tier Explainable framework for ambient assisted living
Kasirajan, M., Azhar, H. and Turner, S. 2023. Trustworthy Insights: A Novel Multi-Tier Explainable framework for ambient assisted living . https://doi.org/10.1109/TrustCom60117.2023.00357
Assistive telehealth systems for neurorehabilitation
Azhar, H. 2023. Assistive telehealth systems for neurorehabilitation.
Optimal locations and computational frameworks of FSR and IMU sensors for measuring gait abnormalities
Manna, S., Azhar, H. and Greace, A. 2023. Optimal locations and computational frameworks of FSR and IMU sensors for measuring gait abnormalities. Heliyon. 9 (4), p. e15210. https://doi.org/10.1016/j.heliyon.2023.e15210
Spying on kids’ smart devices: Beware of security vulnerabilities!
Azhar, H., Smith, D. and Cain, A. 2023. Spying on kids’ smart devices: Beware of security vulnerabilities! in: Jahankhani, H. (ed.) Cybersecurity in the Age of Smart Societies Proceedings of the 14th International Conference on Global Security, Safety and Sustainability, London, September 2022 Springer. pp. 123-140
Cyber threats and exploits during the pandemic
Lo, J. and Azhar, H. Cyber threats and exploits during the pandemic. ASEAN Tech and Security, Singapore .
Z is for Zoombombing
Azhar, H. 2022. Z is for Zoombombing. Medium.
Progressive web app for real-time doctor-patient communication and searchable health conditions
Hannan Bin Azhar, M A and Mohan, Joseph Thomas 2022. Progressive web app for real-time doctor-patient communication and searchable health conditions. 2022 E-Health and Bioengineering Conference (EHB). https://doi.org/10.1109/EHB55594.2022.9991288
Forensic investigations of Google Meet and Microsoft Teams – two popular conferencing tools in the Pandemic
Azhar, H., Timms, J. and Tilley, B. 2022. Forensic investigations of Google Meet and Microsoft Teams – two popular conferencing tools in the Pandemic. in: Digital Forensics and Cyber Crime Springer Nature. pp. 20-34
Tele-tDCS: A Novel Tele-neuromodulation Framework using Internet of Medical Things
Herring, Samuel, Azhar, M. A. Hannan Bin and Sakel, Mohamed 2022. Tele-tDCS: A Novel Tele-neuromodulation Framework using Internet of Medical Things. in: Proceedings of the 15th International Joint Conference on Biomedical Engineering Systems and Technologies - BIODEVICES Setúbal, Portugal SCITEPRESS - Science and Technology Publications. pp. 84-93
Automatic identification of non-biting midges (Chironomidae) using object detection and deep learning techniques
Hollister, Jack, Vega, Rodrigo and Azhar, M. A. Hannan Bin 2022. Automatic identification of non-biting midges (Chironomidae) using object detection and deep learning techniques. in: Marsico, Maria D., Sanniti de Baja, Gabriella and Fred, Ana (ed.) Proceedings of the 11 International Conference on Pattern Recognition Applications and Methods SCITEPRESS - Science and Technology Publications.
A smart and secure IoMT tele-neurorehabilitation framework for post-stroke patients
Manna, S., Azhar, H. and Sakel, M. 2022. A smart and secure IoMT tele-neurorehabilitation framework for post-stroke patients. in: Bhaumik, S., Chattopadhyay, S., Chattopadhyay, T. and Bhattacharya, S. (ed.) Proceedings of International Conference on Industrial Instrumentation and Control ICI2C 2021 Singapore Springer. pp. 11-20
An inclusive student-led online class test during the pandemic
Manna, S. and Azhar, H. 2021. An inclusive student-led online class test during the pandemic . Assessment and Feedback Symposium 2021.
A forensic tool to acquire radio signals using software defined radio
Azhar, H. and Abadia, G. 2021. A forensic tool to acquire radio signals using software defined radio. in: Security and Privacy in Communication Networks : 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6-9, 2021, Proceedings, Part I Springer.
Post-pandemic digital education: Investigating smart workspaces within the higher education sector
Azhar, M A Hannan Bin, Lepore, Emily Louise and Islam, T. 2021. Post-pandemic digital education: Investigating smart workspaces within the higher education sector. Proceedings of the BCS 34th British HCI Conference 2021. 34, pp. 284-288. https://doi.org/10.14236/ewic/hci2021.30
A study of user experiences and network analysis on anonymity and traceability of bitcoin transactions
Azhar, M.A.H.B and Whitehead, R.V. 2021. A study of user experiences and network analysis on anonymity and traceability of bitcoin transactions. EAI Endorsed Transactions on Security and Safety. https://doi.org/10.4108/eai.30-4-2021.169577
BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients
Azhar, H. 2021. BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients.
Comparisons of forensic tools to recover ephemeral data from iOS apps used for cyberbullying
Chamberlain, A. and Azhar, H. 2019. Comparisons of forensic tools to recover ephemeral data from iOS apps used for cyberbullying. in: CYBER 2019, The Fourth International Conference on Cyber-Technologies and Cyber-Systems IARIA. pp. 88-93
Recovery of forensic artefacts from a smart home IoT ecosystem
Azhar, H. and Bate, S. 2019. Recovery of forensic artefacts from a smart home IoT ecosystem. in: CYBER 2019, The Fourth International Conference on Cyber-Technologies and Cyber-Systems IARIA. pp. 94-99
BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients
Casey, A., Azhar, H., Grzes, M. and Sakel, M. 2019. BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients. Disability and Rehabilitation: Assistive Technology. 16 (5), pp. 525-537. https://doi.org/10.1080/17483107.2019.1683239
Effects of students’ preferences in use of lighting and temperature on productivity in a university setting
Azhar, H., Islam, T. and Alfieri, M. 2019. Effects of students’ preferences in use of lighting and temperature on productivity in a university setting. in: Zheng, P., Callaghan, V., Crawford, D., Kymalainen, T. and Reyes-Munoz, A. (ed.) EAI International Conference on Technology, Innovation, Entrepreneurship and Education Springer.
Use of wearable technology to measure emotional responses amongst tennis players
Azhar, H., Nelson, T. and Casey, A. 2019. Use of wearable technology to measure emotional responses amongst tennis players. in: Zheng, P., Callaghan, V., Crawford, D., Kymalainen, T. and Reyes-Munoz, A. (ed.) EAI International Conference on Technology, Innovation, Entrepreneurship and Education Springer.
Drone forensic analysis using open source tools
Azhar, H., Barton, T. and Islam, T. 2018. Drone forensic analysis using open source tools. Journal of Digital Forensics, Security and Law. 13 (1), pp. 7-30.
A cost-effective BCI assisted technology framework for neurorehabilitation
Azhar, H., Casey, A. and Sakel, M. 2018. A cost-effective BCI assisted technology framework for neurorehabilitation.
An investigation on forensic opportunities to recover evidential data from mobile phones and personal computers
Naughton, P. and Azhar, H. 2017. An investigation on forensic opportunities to recover evidential data from mobile phones and personal computers.
BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients
Azhar, H., Barton, T., Casey, A. and Sakel, M. 2017. BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients. Research and Knowledge Exchange Conference 2017.
Open source forensics for a multi-platform drone system
Barton, T. and Azhar, H. 2018. Open source forensics for a multi-platform drone system. in: Matousek, P. and Schmiedecker, M. (ed.) 9th EAI International Conference on Digital Forensics & Cyber Crime Springer. pp. 83-96
Evaluation of the MPS Predictive Policing Trial (redacted)
Bryant, R., Azhar, H., Blackburn, B. and Falade, M. 2015. Evaluation of the MPS Predictive Policing Trial (redacted).
Forensic analysis of popular UAV systems
Barton, T. and Azhar, H. 2017. Forensic analysis of popular UAV systems. Emerging Security Technologies (EST), 2017 Seventh International Conference on. https://doi.org/10.1109/EST.2017.8090405
A wearable brain-computer interface controlled robot
Azhar, H., Badicioiu, A. and Barton, T. 2016. A wearable brain-computer interface controlled robot.
Forensic analysis of the recovery of Wickr’s ephemeral data on Android platforms
Barton, T. and Azhar, H. 2016. Forensic analysis of the recovery of Wickr’s ephemeral data on Android platforms. in: Klemas, T. and Falk, R. (ed.) CYBER 2016 : The First International Conference on Cyber-Technologies and Cyber-Systems IARIA. pp. 35-40
Forensic analysis of secure ephemeral messaging applications on Android platforms
Azhar, H. and Barton, T. 2017. Forensic analysis of secure ephemeral messaging applications on Android platforms. in: Global Security, Safety and Sustainability - The Security Challenges of the Connected World: 11th International Conference, ICGS3 2017, London, UK, January 18-20, 2017, Proceedings Springer.
Usability and performance measure of a consumer-grade brain computer interface system for environmental control by neurological patients
Deravi, F., Ang, C., Azhar, H., Al-Wabil, A., Philips, M. and Sakel, M. 2015. Usability and performance measure of a consumer-grade brain computer interface system for environmental control by neurological patients. International Journal of Engineering and Technology Innovation (IJETI). 5 (3), pp. 165-177.
Criticality dispersion in swarms to optimize n-tuples
Azhar, H., Deravi, F. and Dimond, K. 2008. Criticality dispersion in swarms to optimize n-tuples. in: GECCO '08: Proceedings of the 10th Annual Conference on Genetic and Evolutionary Computation New York Association for Computing Machinery. pp. 1-8
Particle swarm intelligence to optimize the learning of n-tuples
Azhar, H., Deravi, F. and Dimond, K. 2008. Particle swarm intelligence to optimize the learning of n-tuples. Journal of Intelligent Systems. 17 (S), pp. 169-196. https://doi.org/10.1515/JISYS.2008.17.S1.169
Automatic identification of wildlife using local binary patterns
Azhar, H., Hoque, S. and Deravi, F. 2012. Automatic identification of wildlife using local binary patterns. in: IET Conference on Image Processing (IPR 2012) Institute of Engineering and Technology. pp. 5-11
Zoometrics - biometric identification of wildlife using natural body marks
Hoque, S., Azhar, H. and Deravi, F. 2011. Zoometrics - biometric identification of wildlife using natural body marks. International Journal of Bio-Science and Bio-Technology. 3 (3), pp. 45-53.
Forensic acquisitions of WhatsApp data on popular mobile platforms
Shortall, A. and Azhar, H. 2015. Forensic acquisitions of WhatsApp data on popular mobile platforms. in: Proceedings of the Sixth International Conference on Emerging Security Technologies IEEE. pp. 13-17