File system anti-forensics – types, techniques and tools

Wani, Mohamad Ahtisham; Alzahrani, Ali; Bhat, Wasim Ahmad

doi:10.1016/s1361-3723(20)30030-0

Cited by 17 publications

(15 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Memory forensic techniques increase day by day from a string search to deep search, memory structural analysis, operating systems analysis, etc. Several researchers worked on different technologies of computer forensics such as: memory forensics [32], [33], [34], [35], [36], volatile memory [35], [37], [38], [39], [40], [41], log forensics [42], [43], [44], [45], [46], [47], operating system [48], [49], [50], [51], [52], [53] etc. Table 2 presents the literature review of current research work in the areas of memory forensics, computer forensics, IoT forensics, and log forensics.…”

Section: Research Backgroundmentioning

confidence: 99%

See 1 more Smart Citation

A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future Directions

et al. 2022

View full text Add to dashboard Cite

With the alarmingly increasing rate of cybercrimes worldwide, there is a dire need to combat cybercrimes timely and effectively. Cyberattacks on computing machines leave certain artifacts on target device storage that can reveal the identity and behavior of cyber-criminals if processed and analyzed intelligently. Forensic agencies and law enforcement departments use several digital forensic toolkits, both commercial and open-source, to examine digital evidence. The proposed research survey focuses on identifying the current state-of-the-art digital forensics concepts in existing research, sheds light on research gaps, presents a detailed introduction of different computer forensic domains and forensic toolkits used for computer forensics in the current era. The proposed survey also presents a comparative analysis based on the tool's characteristics to facilitate investigators in tool selection during the forensics process. Finally, the proposed survey identifies and derives current challenges and future research directions in computer forensics.

show abstract

Section: Research Backgroundmentioning

confidence: 99%

“…Storage disks have defined mechanisms, structures, and RAID configurations to store and retrieve data. The disk is divided into small units such as tracks and sectors to manage its operations efficiently [49], [120]. The operating system manages data in files, and each OS has a specific file system.…”

Section: ) File System and Disk Forensicsmentioning

confidence: 99%

A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future Directions

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Anti‐forensics can be used by users to intentionally make changes to smartphone data to hide their involvement in criminal activities and erase incriminating events [56]. Manipulation in the form of deletion is possible by simply removing the SQLite database files.…”

Section: Limitations and Future Scopementioning

confidence: 99%

Forensic analysis of Twitch video streaming activities on Android

Alzahrani

Wani

Bhat

2021

Journal of Forensic Sciences

Self Cite

View full text Add to dashboard Cite

Video streaming abuses range from copyright infringement and piracy to child sexual abuse and murder. This paper performs proactive forensics of Twitch video streaming activities on Android devices. We designed our experiments using a methodology based on black-box testing principles and conducted them on Android devices using a forensic framework. The results of our experiments suggest that forensic investigators can extract evidences of streams broadcast, shared, and watched by the user, and associate them with the Twitch account of the user. We detail all the recoverable artifacts of forensic significance, provide mechanisms to extract them based on the identified anchors, and interpret their significance in forensic investigations.

show abstract

“…However, it has become difficult to recover data from Apple devices in recent iOS versions that has the potential to thwart data recovery efforts. Finally, anti-forensics (Wani et al, 2020b) can intentionally make changes to the data residing in the Android device (Wani et al, 2020a), which can be explored to ensure sanitisation of data.…”

Section: Future Workmentioning

confidence: 99%

To sell, or not to sell: social media data-breach in second-hand Android devices

Benrhouma

Alzahrani

Alkhodre

et al. 2021

ICS

Self Cite

View full text Add to dashboard Cite

Purpose The purpose of this paper is to investigate the private-data pertaining to the interaction of users with social media applications that can be recovered from second-hand Android devices. Design/methodology/approach This study uses a black-box testing-principles based methodology to develop use-cases that simulate real-world case-scenarios of the activities performed by the users on the social media application. The authors executed these use-cases in a controlled experiment and examined the Android smartphone to recover the private-data pertaining to these use-cases. Findings The results suggest that the social media data recovered from Android devices can reveal a complete timeline of activities performed by the user, identify all the videos watched, uploaded, shared and deleted by the user, disclose the username and user-id of the user, unveil the email addresses used by the user to download the application and share the videos with other users and expose the social network of the user on the platform. Forensic investigators may find this data helpful in investigating crimes such as cyber bullying, racism, blasphemy, vehicle thefts, road accidents and so on. However, this data-breach in Android devices is a threat to user's privacy, identity and profiling in second-hand market. Practical implications Perceived notion of data sanitisation as a result of application removal and factory-reset can have serious implications. Though being helpful to forensic investigators, it leaves the user vulnerable to privacy breach, identity theft, profiling and social network revealing in second-hand market. At the same time, users' sensitivity towards data-breach might compel users to refrain from selling their Android devices in second-hand market and hamper device recycling. Originality/value This study attempts to bridge the literature gap in social media data-breach in second-hand Android devices by experimentally determining the extent of the breach. The findings of this study can help digital forensic investigators in solving crimes such as vehicle theft, road accidents, cybercrimes and so on. It can assist smartphone users to decide whether to sell their smartphones in a second-hand market, and at the same time encourage developers and researchers to design methods of social media data sanitisation.

show abstract

File system anti-forensics – types, techniques and tools

Cited by 17 publications

References 9 publications

A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future Directions

A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future Directions

Forensic analysis of Twitch video streaming activities on Android

To sell, or not to sell: social media data-breach in second-hand Android devices

Contact Info

Product

Resources

About