Forensic investigations of popular ephemeral messaging applications on Android and iOS platforms

Journal article

Azhar, H., Cox, R. and Chamberlain, A. 2020. Forensic investigations of popular ephemeral messaging applications on Android and iOS platforms. International Journal on Advances in Security. 13 (1 & 2), pp. 41 - 53.

Publication dates
Authors	Azhar, H., Cox, R. and Chamberlain, A.
Abstract	Ephemeral messaging applications are growing increasingly popular on the digital mobile market. However, they are not always used with good intentions. Criminals may see a gateway into private communication with each other through this transient application data. This could negatively impact criminal court cases for evidence, or civil matters. To find out if messages from such applications can indeed be recovered or not, a forensic examination of the device would be required by the law enforcement authority. This paper reports mobile forensic investigations of ephemeral data from a wide range of applications using both proprietary and freeware forensic tools. Both Android and iOS platforms were used in the investigation. The results from the investigation uncovered various artefacts from the iOS device including account information, contacts, and evidence of communication between users. The Android device uncovered evidence of communications, and several media files assumed to be deleted within a storage cache in the Android file system. The forensic tools used within the investigations were evaluated using parameters from the National Institute of Standards and Technology’s (NIST) mobile tool test assertions and test plan.
Keywords	Mobile forensics; Digital forensics; NIST measurements; Oxygen Forensics; Ephemeral messaging apps; EMAs
Year	2020
Journal	International Journal on Advances in Security
Journal citation	13 (1 & 2), pp. 41 - 53
Publisher	IARIA
ISSN	1942-2636
Official URL	http://www.iariajournals.org/security/sec_v13_n12_2020_paged.pdf
Print	02 Jul 2020
Publication process dates
Accepted	04 May 2020
Deposited	06 Jul 2020
Accepted author manuscript	IARIA-journal-ephemeral-Camera-ReadyV4.pdf File Access Level Open
Output status	Published
References	[1] A. Chamberlain and M.A.H.B. Azhar, “Comparisons of Forensic Tools to Recover Ephemeral Data from iOS Apps Used for Cyberbullying”, The Fourth International Conference on Cyber-Technologies and Cyber-Systems, CYBER 2019, Porto, Portugal. [2] R. Graham, “How Terrorists Use Encryption”, Combating Terrorism Center at West Point. Available from: https://ctc.usma.edu/how-terrorists-use-encryption/ [Accessed: 01- June- 2020]. [3] C. Cotta, A.J. Fernandez-Lelva, F. Fernandez de Vega and F. Chavez, “Application Areas of Ephemeral Computing: A Survey”, in Transactions on Computational Collective Intelligence: David Camacho, University of Malaga, pp. 155- 157, 2016. [4] I. Barker, “Cyber criminals turn to messaging apps following dark web crackdown”, Betanews, 2017. [Online]. Available from: https://betanews.com/2017/10/25/criminals-turn-tomessaging/ [Accessed: 01- June- 2020]. [5] T. Alyaha and F. Kausar, “Snapchat Analysis to Discover Digital Forensic Artefacts on Android Smartphone”, in 8th International Conference on Ambient Systems, Networks and Technologies, ANT-2017 and the 7th International Conference on Sustainable Energy Information Technology, SEIT 2017, 16-19 May 2017, Madeira, Portugal, pp. 1035-1040, 2017. [6] GSMA, “Number of Mobile Subscribers Worldwide Hits 5 Billion”, [Online]. Available from: https://www.gsma.com/newsroom/press-release/numbermobile-subscribers... [Accessed: 01- June- 2020]. [7] D. L. Fisher, M.J. Hamilton and J.K. Southwick, “When Electronic Records Disappear But Legal Issues Linger”, Law360, Portfolio Media, Inc., Available from: https://www.pepperlaw.com/publications/when-electronicrecords-disapp... [Accessed: 01- June- 2020]. [8] J. Graham, “WhatsApp, Wickr Seen by Justice Dept. as Tools to Erase Evidence”, Available from: https://biglawbusiness.com/whatsapp-wickr-seen-by-justicedept-as-too... [Accessed: 01- June- 2020]. [9] J. Constine, “Snapchat revives growth in Q1 beat with 190M users”, Available from: https://techcrunch.com/2019/04/23/snapchat-q1-2019- earnings/ [Accessed: 01- June- 2020]. [10] D. Noyes, “The Top 20 Valuable Facebook Statistics”, Available from: https://zephoria.com/top-15-valuablefacebook-statistics/ [Accessed: 01- June- 2020]. [11] National Institute of Standards and Technology, “Mobile Device Tool Test Assertions and Test Plan”, 2016. [Online]. Available from: https://www.nist.gov/system/files/documents/2017/05/09/mob ile_device_tool_test_assertions_and_test_plan_v2.0.pdf [Accessed: 01- June- 2020]. [12] K. M. Ovens and G. Morison, “Forensic analysis of kik messenger on ios devices”, Digital Investigation, vol. 17, pp. 40-52, 2016. [13] S. C. Sathe and N. M. Dongre, “Data acquisition techniques in mobile forensics”, in 2018 2nd International Conference on Inventive Systems and Control (ICISC), pp. 280–286. doi: 10.1109/ICISC.2018.8399079. [14] M. A. H. B. Azhar and T. Barton, “Forensic Analysis of Secure Ephemeral Messaging Applications on Android Platforms”, Jan. 2017, doi: 10.1007/978-3-319-51064-4. [15] M. Al-Hadadi and A. AlShidhani, “Smartphone Forensics Analysis: A Case Study”, International Journal of Computer and Electrical Engineering, vol. 5, pp. 577-579, 2013. [16] R. Umar, I. Riadi and G. Zamroni, “Mobile Forensic Tools Evaluation for Digital Crime Investigation”, International Journal on Advanced Science, Engineering and Information Technology, vol. 8, pp. 949-955, 2018. [17] P. Naughton and M. A. H. B. Azhar, “An Investigation on Forensic Opportunities to Recover Evidential Data from Mobile Phones and Personal Computers. The Second International Conference on Cyber-Technologies and CyberSystems”, CYBER 2017, Barcelona, Spain. [18] ACPO, “ACPO Good Practice Guide for Digital Evidence”, 2012. [Online]. Available from: https://www.digitaldetective.net/digital-forensics documents/ACPO_Good_Practice_Guide_for_Digital_Eviden ce_v5.pdf [Accessed: 01- June- 2020]. [19] iPhone 6s, “Wikipedia for iPhone 6s”, [Online]. Available from: https://en.wikipedia.org/wiki/IPhone_6S [Accessed: 01- June- 2020]. [20] Vodafone VF695, “User manual of Vodafone VF695”, [Online]. Available from: https://www.vodafone.com/content/dam/vodcom/devices/sma rt-first/User%20Manual%20-%20English.pdf [Accessed: 01- June- 2020]. [21] Jkielty, “Android v iOS market share”, 2019, DeviceAtlas, [Online]. Available at: https://deviceatlas.com/blog/android-vios-market-share [Accessed: 01- June- 2020]. [22] Snapchat, “Snapchat APP for mobile”, [Online]. Available from: https://www.snapchat.com/l/en-gb/ [Accessed: 01- June2020]. [23] Dust, “The APP that protects your assests”, [Online]. Available from: https://usedust.com/ [Accessed: 01- June2020]. [24] Confide, “Your Confidential Messenger”, [Online]. Available from: https://getconfide.com/ [Accessed: 01- June- 2020]. [25] Facebook Messenger, “Wikipedia for Facebook Messenger”, [Online]. Available https://en.wikipedia.org/wiki/Facebook_Messenger [Accessed: 01- June- 2020]. [26] Signal Messenger, “Wikipedia for Signal Messenger”, [Online]. Available https://en.wikipedia.org/wiki/Signal_Messenger [Accessed: 01- June- 2020]. [27] Wire App, “Wikipedia for Wire App”, [Online]. Available https://en.wikipedia.org/wiki/Wire_(software) [Accessed: 01- June- 2020]. [28] Omnicore , “Snapchat by the Numbers: Stats, Demographics & Fun Facts”, 2020. [Online]. Available from: https://www.omnicoreagency.com/snapchat-statistics/ [Accessed: 01- June- 2020]. [29] Messenger, “Messenger - Android Apps on Google Play”, [Online], Available at: https://play.google.com/store/apps/details?id=com.facebook.o rca [Accessed: 01- June- 2020]. [30] J. Evans, “WhatsApp Partners With Open WhisperSystems To End-To-End Encrypt Billions Of Messages A Day.” [Online]. Available from https://techcrunch.com/2014/11/18/end-toend-for-everyone/ [Accessed: 01- June- 2020]. [31] Oxygen Forensics, Oxygen Forensic Detective Enterprise, [Online]. Available from: https://www.oxygenforensic.com/en/products/oxygen-forensic-detective... [Accessed: 01- June- 2020]. [32] MOBILedit Forensic, MOBILedit Forensic Express, [Online]. Available from: https://www.mobiledit.com/onlinestore/forensic-express [Accessed: 01- June- 2020]. [33] Andriller, Android Forensic Tools, [Online]. Available from: https://www.andriller.com/ [Accessed: 01- June- 2020]. [34] FTK Imager, AccessData. [Oniline], Available from: https://accessdata.com/product-download [Accessed: 01- June- 2020]. [35] Autopsy. [Online], Available from: https://www.sleuthkit.org/autopsy/ [Accessed: 01- June2020]. [36] Andrioid Tools, “Android Forensics: imaging android filesystem using ADB and DD”, [Online], Available from: https://www.andreafortuna.org/2018/12/03/android-forensicsimaging-an... [Accessed: 01- June- 2020]. [37] M. Lohrum, “Live imaging an Android device”, [Online] Available from:http://freeandroidforensics.blogspot.com/2014/08/liveimaging-android... [Accessed: 01- June- 2020]. [38] FireBase Messaging, “Firebase Cloud Messaging”, [Online]. Available from: https://firebase.google.com/docs/cloudmessaging [Accessed: 01- June- 2020].

Permalink -

https://repository.canterbury.ac.uk/item/8vx4w/forensic-investigations-of-popular-ephemeral-messaging-applications-on-android-and-ios-platforms

Download files

Accepted author manuscript

	IARIA-journal-ephemeral-Camera-ReadyV4.pdf
File access level: Open

1774
total views
1422
total downloads
13
views this month
7
downloads this month

Export as

Related outputs

Unveiling pollution peaks: Comparing swarm intelligence with Drone Hill Climber

Prior, Oliver J., Hannan Bin Azhar, M. A., Sahota, Vijay and Turner, Scott 2024. Unveiling pollution peaks: Comparing swarm intelligence with Drone Hill Climber. in: 2024 IEEE 22nd Jubilee International Symposium on Intelligent Systems and Informatics (SISY) IEEE. pp. 399-404

A qualitative review of educational robots for STEM: Technical features and impacts

Manna, Soumya Kanti, Azhar, M. A. Hannan Bin and Greace, Ann 2024. A qualitative review of educational robots for STEM: Technical features and impacts. in: Proceedings of the International Convention MIPRO IEEE.

Innovative assistive device to enhance wrist drop treatment in patients

Trainer, C., Manna, S. and Azhar, H. 2024. Innovative assistive device to enhance wrist drop treatment in patients. in: Costin, H-N., Magjarević, R. and Petroiu, G. G. (ed.) Advances in Digital Health and Medical Bioengineering: Proceedings of the 11th International Conference on E-Health and Bioengineering, EHB-2023, November 9–10, 2023, Bucharest, Romania – Volume 2: Health Technology Assessment, Biomedical Signal Processing, Medicine and Informatics Cham Springer. pp. 489-497

Tele-controlled upper arm exoskeleton for post-stroke recovery

Manna, S., Khan, A., Dilley, O. and Azhar, H. 2024. Tele-controlled upper arm exoskeleton for post-stroke recovery. in: Costin, H-N, Magjarević, R. and Petroiu, G. G. (ed.) Advances in Digital Health and Medical Bioengineering Cham Springer. pp. 478-488

Metaverse application forensics: Unravelling the virtual truth

Azhar, H. and Rush-Gadsby, O. Metaverse application forensics: Unravelling the virtual truth. in: Cybersecurity Challenges in the Age of AI, Space Communications and Cyborgs Proceedings of the 15th International Conference on Global Security, Safety and Sustainability, London, October 2023 Cham Springer. pp. 399-414

Transformer-based Models for Enhanced Amur Tiger Re-Identification

Bai, Xufeng, Islam, Tasmina and Bin Azhar, M A Hannan 2024. Transformer-based Models for Enhanced Amur Tiger Re-Identification. in: 2024 IEEE 22nd World Symposium on Applied Machine Intelligence and Informatics (SAMI) IEEE.

Breaking barriers: A novel framework to evaluate usability of accessibility applications

Azhar, H., Islam, T. and Marczak, J. 2023. Breaking barriers: A novel framework to evaluate usability of accessibility applications. in: 36th International BCS Human-Computer Interaction Conference British Computer Society. pp. 23-33

An interactive web portal for customised telerehabilitation in neurological care

Hannan Bin Azhar, M A, Mészáros, Zoltán, Islam, Tasmina and Manna, Soumya K. 2023. An interactive web portal for customised telerehabilitation in neurological care. in: 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) IEEE. pp. 1814-1821

Trustworthy insights: A novel multi-tier explainable framework for ambient assisted living

Kasirajan, Merlin, Bin Azhar, M A Hannan and Turner, Scott 2023. Trustworthy insights: A novel multi-tier explainable framework for ambient assisted living. in: 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) IEEE. pp. 2554-2561

Assistive telehealth systems for neurorehabilitation

Azhar, H. 2023. Assistive telehealth systems for neurorehabilitation.

Optimal locations and computational frameworks of FSR and IMU sensors for measuring gait abnormalities

Manna, S., Azhar, H. and Greace, A. 2023. Optimal locations and computational frameworks of FSR and IMU sensors for measuring gait abnormalities. Heliyon. 9 (4), p. e15210. https://doi.org/10.1016/j.heliyon.2023.e15210

Spying on kids’ smart devices: Beware of security vulnerabilities!

Azhar, H., Smith, D. and Cain, A. 2023. Spying on kids’ smart devices: Beware of security vulnerabilities! in: Jahankhani, H. (ed.) Cybersecurity in the Age of Smart Societies Proceedings of the 14th International Conference on Global Security, Safety and Sustainability, London, September 2022 Springer. pp. 123-140

Cyber threats and exploits during the pandemic

Lo, J. and Azhar, H. Cyber threats and exploits during the pandemic. ASEAN Tech and Security, Singapore .

Z is for Zoombombing

Azhar, H. 2022. Z is for Zoombombing. Medium.

Progressive web app for real-time doctor-patient communication and searchable health conditions

Hannan Bin Azhar, M A and Mohan, Joseph Thomas 2022. Progressive web app for real-time doctor-patient communication and searchable health conditions. 2022 E-Health and Bioengineering Conference (EHB). https://doi.org/10.1109/EHB55594.2022.9991288

Forensic investigations of Google Meet and Microsoft Teams – two popular conferencing tools in the Pandemic

Azhar, H., Timms, J. and Tilley, B. 2022. Forensic investigations of Google Meet and Microsoft Teams – two popular conferencing tools in the Pandemic. in: Digital Forensics and Cyber Crime Springer Nature. pp. 20-34

Tele-tDCS: A Novel Tele-neuromodulation Framework using Internet of Medical Things

Herring, Samuel, Azhar, M. A. Hannan Bin and Sakel, Mohamed 2022. Tele-tDCS: A Novel Tele-neuromodulation Framework using Internet of Medical Things. in: Proceedings of the 15th International Joint Conference on Biomedical Engineering Systems and Technologies - BIODEVICES Setúbal, Portugal SCITEPRESS - Science and Technology Publications. pp. 84-93

Automatic identification of non-biting midges (Chironomidae) using object detection and deep learning techniques

Hollister, Jack, Vega, Rodrigo and Azhar, M. A. Hannan Bin 2022. Automatic identification of non-biting midges (Chironomidae) using object detection and deep learning techniques. in: Marsico, Maria D., Sanniti de Baja, Gabriella and Fred, Ana (ed.) Proceedings of the 11 International Conference on Pattern Recognition Applications and Methods SCITEPRESS - Science and Technology Publications.

A smart and secure IoMT tele-neurorehabilitation framework for post-stroke patients

Manna, S., Azhar, H. and Sakel, M. 2022. A smart and secure IoMT tele-neurorehabilitation framework for post-stroke patients. in: Bhaumik, S., Chattopadhyay, S., Chattopadhyay, T. and Bhattacharya, S. (ed.) Proceedings of International Conference on Industrial Instrumentation and Control ICI2C 2021 Singapore Springer. pp. 11-20

An inclusive student-led online class test during the pandemic

Manna, S. and Azhar, H. 2021. An inclusive student-led online class test during the pandemic . Assessment and Feedback Symposium 2021.

A forensic tool to acquire radio signals using software defined radio

Azhar, H. and Abadia, G. 2021. A forensic tool to acquire radio signals using software defined radio. in: Security and Privacy in Communication Networks : 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6-9, 2021, Proceedings, Part I Springer.

Post-pandemic digital education: Investigating smart workspaces within the higher education sector

Azhar, M A Hannan Bin, Lepore, Emily Louise and Islam, T. 2021. Post-pandemic digital education: Investigating smart workspaces within the higher education sector. Proceedings of the BCS 34th British HCI Conference 2021. 34, pp. 284-288. https://doi.org/10.14236/ewic/hci2021.30

A study of user experiences and network analysis on anonymity and traceability of bitcoin transactions

Azhar, M.A.H.B and Whitehead, R.V. 2021. A study of user experiences and network analysis on anonymity and traceability of bitcoin transactions. EAI Endorsed Transactions on Security and Safety. https://doi.org/10.4108/eai.30-4-2021.169577

BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients

Azhar, H. 2021. BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients.

Comparisons of forensic tools to recover ephemeral data from iOS apps used for cyberbullying

Chamberlain, A. and Azhar, H. 2019. Comparisons of forensic tools to recover ephemeral data from iOS apps used for cyberbullying. in: CYBER 2019, The Fourth International Conference on Cyber-Technologies and Cyber-Systems IARIA. pp. 88-93

Recovery of forensic artefacts from a smart home IoT ecosystem

Azhar, H. and Bate, S. 2019. Recovery of forensic artefacts from a smart home IoT ecosystem. in: CYBER 2019, The Fourth International Conference on Cyber-Technologies and Cyber-Systems IARIA. pp. 94-99

BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients

Casey, A., Azhar, H., Grzes, M. and Sakel, M. 2019. BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients. Disability and Rehabilitation: Assistive Technology. 16 (5), pp. 525-537. https://doi.org/10.1080/17483107.2019.1683239

Effects of students’ preferences in use of lighting and temperature on productivity in a university setting

Azhar, H., Islam, T. and Alfieri, M. 2019. Effects of students’ preferences in use of lighting and temperature on productivity in a university setting. in: Zheng, P., Callaghan, V., Crawford, D., Kymalainen, T. and Reyes-Munoz, A. (ed.) EAI International Conference on Technology, Innovation, Entrepreneurship and Education Springer.

Use of wearable technology to measure emotional responses amongst tennis players

Azhar, H., Nelson, T. and Casey, A. 2019. Use of wearable technology to measure emotional responses amongst tennis players. in: Zheng, P., Callaghan, V., Crawford, D., Kymalainen, T. and Reyes-Munoz, A. (ed.) EAI International Conference on Technology, Innovation, Entrepreneurship and Education Springer.

Drone forensic analysis using open source tools

Azhar, H., Barton, T. and Islam, T. 2018. Drone forensic analysis using open source tools. Journal of Digital Forensics, Security and Law. 13 (1), pp. 7-30.

A cost-effective BCI assisted technology framework for neurorehabilitation

Azhar, H., Casey, A. and Sakel, M. 2018. A cost-effective BCI assisted technology framework for neurorehabilitation.

An investigation on forensic opportunities to recover evidential data from mobile phones and personal computers

Naughton, P. and Azhar, H. 2017. An investigation on forensic opportunities to recover evidential data from mobile phones and personal computers.

BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients

Azhar, H., Barton, T., Casey, A. and Sakel, M. 2017. BCI controlled robotic arm as assistance to the rehabilitation of neurologically disabled patients. Research and Knowledge Exchange Conference 2017.

Open source forensics for a multi-platform drone system

Barton, T. and Azhar, H. 2018. Open source forensics for a multi-platform drone system. in: Matousek, P. and Schmiedecker, M. (ed.) 9th EAI International Conference on Digital Forensics & Cyber Crime Springer. pp. 83-96

Evaluation of the MPS Predictive Policing Trial (redacted)

Bryant, R., Azhar, H., Blackburn, B. and Falade, M. 2015. Evaluation of the MPS Predictive Policing Trial (redacted).

Forensic analysis of popular UAV systems

Barton, T. and Azhar, H. 2017. Forensic analysis of popular UAV systems. Emerging Security Technologies (EST), 2017 Seventh International Conference on. https://doi.org/10.1109/EST.2017.8090405

A wearable brain-computer interface controlled robot

Azhar, H., Badicioiu, A. and Barton, T. 2016. A wearable brain-computer interface controlled robot.

Forensic analysis of the recovery of Wickr’s ephemeral data on Android platforms

Barton, T. and Azhar, H. 2016. Forensic analysis of the recovery of Wickr’s ephemeral data on Android platforms. in: Klemas, T. and Falk, R. (ed.) CYBER 2016 : The First International Conference on Cyber-Technologies and Cyber-Systems IARIA. pp. 35-40

Forensic analysis of secure ephemeral messaging applications on Android platforms

Azhar, H. and Barton, T. 2017. Forensic analysis of secure ephemeral messaging applications on Android platforms. in: Global Security, Safety and Sustainability - The Security Challenges of the Connected World: 11th International Conference, ICGS3 2017, London, UK, January 18-20, 2017, Proceedings Springer.

Usability and performance measure of a consumer-grade brain computer interface system for environmental control by neurological patients

Deravi, F., Ang, C., Azhar, H., Al-Wabil, A., Philips, M. and Sakel, M. 2015. Usability and performance measure of a consumer-grade brain computer interface system for environmental control by neurological patients. International Journal of Engineering and Technology Innovation (IJETI). 5 (3), pp. 165-177.

Forensic investigations of popular ephemeral messaging applications on Android and iOS platforms

Download files

Accepted author manuscript

1774

1422

13

7

Export as

Related outputs