Can computer forensic tools be trusted in digital investigations?

Bhat, Wasim Ahmad; Alzahrani, Ali; Wani, Mohamad Ahtisham

doi:10.1016/j.scijus.2020.10.002

Cited by 26 publications

(19 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Twitch is a proprietary and closed-source software, which means knowledge of its implementation (such as source code, programming language used, and engineering design employed) is not publicly available. Therefore, we developed a methodology based on blackbox testing principles for this study [46,47]. This methodology aims to identify forensically relevant streaming functions of Twitch, prepare test-cases for their execution, and list possible evidences of execution of each test-case that are expected to be identified and extracted during forensic analysis.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Forensic analysis of Twitch video streaming activities on Android

Alzahrani

Wani

Bhat

2021

Journal of Forensic Sciences

Self Cite

View full text Add to dashboard Cite

Video streaming abuses range from copyright infringement and piracy to child sexual abuse and murder. This paper performs proactive forensics of Twitch video streaming activities on Android devices. We designed our experiments using a methodology based on black-box testing principles and conducted them on Android devices using a forensic framework. The results of our experiments suggest that forensic investigators can extract evidences of streams broadcast, shared, and watched by the user, and associate them with the Twitch account of the user. We detail all the recoverable artifacts of forensic significance, provide mechanisms to extract them based on the identified anchors, and interpret their significance in forensic investigations.

show abstract

Section: Methodsmentioning

confidence: 99%

“…Twitch is a proprietary and closed‐source software, which means knowledge of its implementation (such as source code, programming language used, and engineering design employed) is not publicly available. Therefore, we developed a methodology based on black‐box testing principles for this study [46,47].…”

Section: Methodsmentioning

confidence: 99%

Forensic analysis of Twitch video streaming activities on Android

Alzahrani

Wani

Bhat

2021

Journal of Forensic Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

“…VigoVideo is a proprietary and closed source software, which means the knowledge of its implementation (such as source code, programming language, engineering design and so on) is unknown. As a result, white-box testing principles are not appropriate, and therefore, we developed a methodology based on black-box testing principles (Bhat et al, 2021), which is listed below: 1. Acquisition of application (a) In this step, the application is acquired from Google Playstore and a unique signature that identifies it is created so that any subsequent versions are not misinterpreted as already analysed.…”

Section: Methodsmentioning

confidence: 99%

To sell, or not to sell: social media data-breach in second-hand Android devices

Benrhouma

Alzahrani

Alkhodre

et al. 2021

ICS

Self Cite

View full text Add to dashboard Cite

Purpose The purpose of this paper is to investigate the private-data pertaining to the interaction of users with social media applications that can be recovered from second-hand Android devices. Design/methodology/approach This study uses a black-box testing-principles based methodology to develop use-cases that simulate real-world case-scenarios of the activities performed by the users on the social media application. The authors executed these use-cases in a controlled experiment and examined the Android smartphone to recover the private-data pertaining to these use-cases. Findings The results suggest that the social media data recovered from Android devices can reveal a complete timeline of activities performed by the user, identify all the videos watched, uploaded, shared and deleted by the user, disclose the username and user-id of the user, unveil the email addresses used by the user to download the application and share the videos with other users and expose the social network of the user on the platform. Forensic investigators may find this data helpful in investigating crimes such as cyber bullying, racism, blasphemy, vehicle thefts, road accidents and so on. However, this data-breach in Android devices is a threat to user's privacy, identity and profiling in second-hand market. Practical implications Perceived notion of data sanitisation as a result of application removal and factory-reset can have serious implications. Though being helpful to forensic investigators, it leaves the user vulnerable to privacy breach, identity theft, profiling and social network revealing in second-hand market. At the same time, users' sensitivity towards data-breach might compel users to refrain from selling their Android devices in second-hand market and hamper device recycling. Originality/value This study attempts to bridge the literature gap in social media data-breach in second-hand Android devices by experimentally determining the extent of the breach. The findings of this study can help digital forensic investigators in solving crimes such as vehicle theft, road accidents, cybercrimes and so on. It can assist smartphone users to decide whether to sell their smartphones in a second-hand market, and at the same time encourage developers and researchers to design methods of social media data sanitisation.

show abstract

“…With time and in the era of intelligent devices and technologies, the nature of cybercrimes has diversified. Identify theft and espionage [55], [111], [112], [113], intellectual property theft, information leakage, harassment, phishing, denial of services (DoS), and cyber defamation are some of the most common attacks nowadays [114].…”

Section: State-of-the-art Computer Forensic Toolsmentioning

confidence: 99%

A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future Directions

et al. 2022

View full text Add to dashboard Cite

With the alarmingly increasing rate of cybercrimes worldwide, there is a dire need to combat cybercrimes timely and effectively. Cyberattacks on computing machines leave certain artifacts on target device storage that can reveal the identity and behavior of cyber-criminals if processed and analyzed intelligently. Forensic agencies and law enforcement departments use several digital forensic toolkits, both commercial and open-source, to examine digital evidence. The proposed research survey focuses on identifying the current state-of-the-art digital forensics concepts in existing research, sheds light on research gaps, presents a detailed introduction of different computer forensic domains and forensic toolkits used for computer forensics in the current era. The proposed survey also presents a comparative analysis based on the tool's characteristics to facilitate investigators in tool selection during the forensics process. Finally, the proposed survey identifies and derives current challenges and future research directions in computer forensics.

show abstract

Can computer forensic tools be trusted in digital investigations?

Cited by 26 publications

References 14 publications

Forensic analysis of Twitch video streaming activities on Android

Forensic analysis of Twitch video streaming activities on Android

To sell, or not to sell: social media data-breach in second-hand Android devices

A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future Directions

Contact Info

Product

Resources

About