Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of a Third-Party Application for Mobile Forensic Investigation

  • Ryu, Jung Hyun (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech)) ;
  • Kim, Nam Yong (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech)) ;
  • Kwon, Byoung Wook (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech)) ;
  • Suk, Sang Ki (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech)) ;
  • Park, Jin Ho (Dept. of Computer Science, School of Software, Soongsil University) ;
  • Park, Jong Hyuk (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech))
  • Received : 2018.04.16
  • Accepted : 2018.05.21
  • Published : 2018.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Nowadays, third-party applications form an important part of the mobile environment, and social networking applications in particular can leave a variety of user footprints compared to other applications. Digital forensics of mobile third-party applications can provide important evidence to forensics investigators. However, most mobile operating systems are now updated on a frequent basis, and developers are constantly releasing new versions of them. For these reasons, forensic investigators experience difficulties in finding the locations and meanings of data during digital investigations. Therefore, this paper presents scenario-based methods of forensic analysis for a specific third-party social networking service application on a specific mobile device. When applied to certain third-party applications, digital forensics can provide forensic investigators with useful data for the investigation process. The main purpose of the forensic analysis proposed in the present paper is to determine whether the general use of third-party applications leaves data in the mobile internal storage of mobile devices and whether such data are meaningful for forensic purposes.

Keywords

References

  1. App Annie, "App Annie 2015 retrospective: monetization open new frontiers," 2016 [Online]. Available https://www.appannie.com/en/insights/market-data/app-annie-2015-retrospective/.
  2. E. Thompson, "App Annie 2016 retrospective: mobile's continued momentum," 2017 [Online]. Available https://www.appannie.com/en/insights/market-data/app-annie-2015-retrospective/.
  3. F. Marturana, G. Me, R. Berte, and S. Tacconi, "A quantitative approach to triaging in mobile forensics," in Proceedings of 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Changsha, China, 2011, pp. 582-588.
  4. H. Kaur and K. R. Choudhary, "Digital forensics: implementation and analysis for google android framework," in Information Fusion for Cyber-Security Analytics. Cham: Springer International Publishing, 2017, pp. 307-331.
  5. S. Rajendran and N. P. Gopalan, "Mobile Forensic Investigation (MFI) life cycle process for digital data discovery (DDD)," in Proceedings of the International Conference on Soft Computing Systems. New Delhi: Springer, 2016, pp. 393-403.
  6. E. Benkhelifa, B. E. Thomas, and Y. Jararweh, "Framework for mobile devices analysis," Procedia Computer Science, vol. 83, pp. 1188-1193, 2016. https://doi.org/10.1016/j.procs.2016.04.246
  7. R. Al Mushcab and P. Gladyshev, "Forensic analysis of Instagram and path on an iPhone 5S mobile device," in Proceedings of 2015 IEEE Symposium on Computers and Communication, Larnaca, Cyprus, 2015, pp. 146-151.
  8. C. Carpene, "Looking to iPhone backup files for evidence extraction," 2011 [Online]. Available: Https://doi.org/10.4225/75/57b2b9e540ce9.
  9. P. Gubian, "Exploring the iPhone backup made by iTunes," The Journal of Digital Forensics, Security and Law, vol. 6, no. 3, pp. 31-62, 2011.
  10. T. Hone and R. Creutzburg, "iPhone forensics based on Macintosh open source and freeware tools," in Proceedings of SPIE 7881, Multimedia on Mobile Devices 2011. Bellingham, WA: International Society for Optics and Photonics, 2011.
  11. M. Bader and I. Baggili, "iPhone 3GS forensics: logical analysis using apple iTunes backup utility," Small Scale Digital Device Forensics Journal, vol. 4, no. 1, pp. 1-15. 2010. 4
  12. Y. C. Tso, S. J. Wang, C. T. Huang, and W. J. Wang, "iPhone social networking for evidence investigations using iTunes forensics," in Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication, Kuala Lumpur, Malaysia, 2012.5
  13. J. Zdziarski, Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It. Sebastopol, CA: O'Reolly, 2012. 6
  14. R. Ahmed and R. V. Dharaskar, "Mobile forensics: an overview, tools, future trends and challenges from law enforcement perspective," in Proceedings of the 6th International Conference on E-Governance (ICEG), New Delhi, India, 2008, pp. 312-323. 7
  15. S. Raghav and A. K. Saxena, "Mobile forensics: guidelines and challenges in data preservation and acquisition," in Proceedings of 2009 IEEE Student Conference on Research and Development (SCOReD), Serdang, Malaysia, 2009, pp. 5-8. 8
  16. P. Stirparo and I. Kounelis, "The mobileak project: forensics methodology for mobile application privacy assessment," in Proceedings of 2012 International Conference for Internet Technology and Secured Transactions, London, UK, 2012, pp. 297-303. 9
  17. I. D. Muraina, M. M. Alobaedy, and H. H. Ibrahim, "A framework for preserving data integrity during mobile device forensic in open source software environment," in Proceedings of the Free and Open Source Software Conference (FOSSC), Muscat, Oman, 2017, pp. 22-26. 10