DIGITAL FORENSIC RESEARCH CONFERENCE Network And Device Forensic Analysis Of Android Social-Messaging Applications By Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Frank Breitinger and Jason Moore Presented At The Digital Forensic Research Conference DFRWS 2015 USA Philadelphia, PA (Aug 9 th - 13 th ) DFRWS is dedicated to the sharing of knowledge and ideas about digital forensics research. Ever since it organized the first open workshop devoted to digital forensics in 2001, DFRWS continues to bring academics and practitioners together in an informal environment. As a non-profit, volunteer organization, DFRWS sponsors technical working groups, annual conferences and challenges to help drive the direction of research and development. http:/dfrws.org
30
Embed
Network And Device Forensic Analysis Of Android Social ...DIGITAL FORENSIC RESEARCH CONFERENCE Network And Device Forensic Analysis Of Android Social-Messaging Applications By Daniel
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DIGITAL FORENSIC RESEARCH CONFERENCE
Network And Device Forensic Analysis Of
Android Social-Messaging Applications
By
Daniel Walnycky, Ibrahim Baggili, Andrew Marrington,
Frank Breitinger and Jason Moore
Presented At
The Digital Forensic Research Conference
DFRWS 2015 USA Philadelphia, PA (Aug 9th - 13th)
DFRWS is dedicated to the sharing of knowledge and ideas about digital forensics research. Ever since it organized
the first open workshop devoted to digital forensics in 2001, DFRWS continues to bring academics and practitioners
together in an informal environment. As a non-profit, volunteer organization, DFRWS sponsors technical working
groups, annual conferences and challenges to help drive the direction of research and development.
A video demonstration of this process can be viewed at www.youtube.com/unhcfreg
Device/Tool Use Software/OS Version Laptop Create test network using virtual mini port adapter Windows 7 SP2 One M8 (UNHcFREGdroid) Connected to test network Android 4.4.2 IPad 2 (UNHcFREGapple) Connected outside test network iOS 7.1.2 NetworkMiner Observe live network traffic 1.6.1 Wireshark Record live network traffic to pcap file for each app 1.10.8 NetWitness Investigator Verify findings/post-analysis from pcap files 9.7.5.9
Created by UNHcFREG researchers Roberto Meija and Kyle Anthony.
Datapp is available for download from our website (www.unhcfreg.com) under Data & Tools.
27'
[1] Ashby v Commonwealth of Australia (No 4) [2012] FCA 1411 [2] S v Oscar Pistorius (CC113/2013) [2014] ZAGPPHC 793 (12 September 2014) [3] J. Lessard and G. C. Kessler, “Android Forensics: Simplifying Cell Phone Examinations,” Small Scale Digit. Device Forensics J., vol. 4, no. 1, 2010. [4] M. Taylor, G. Hughes, J. Haggerty, D. Gresty, and P. Almond, “Digital evidence from mobile telephone applications,” Comput. Law Secur. Rev., vol. 28, no. 3, pp. 335–339, 2012. [5] S. Y. Willassen, “Forensics and the GSM mobile telephone system,” Int. J. Digit. Evid., vol. 2, no. 1, 2003.
[6] M. Husain and R. Sridhar, “iForensics: forensic analysis of instant messaging on smart phones,” Digit. forensics cyber crime, vol. 31, pp. 9–18, 2010. [7] K. Barmpatsalou, D. Damopoulos, G. Kambourakis, and V. Katos, “A critical review of 7 years of Mobile Device Forensics,” Digit. Investig., vol. 10, no. 4, pp. 323–349, 2013. [8] T. Vidas, C. Zhang, and N. Christin, “Toward a general collection methodology for Android devices,” Digit. Investig., vol. 8, pp. S14–S24, Aug. 2011. [9] N. Al Mutawa, I. Baggili, and A. Marrington, “Forensic analysis of social networking applications on mobile devices,” Digit. Investig., vol. 9, pp. S24–S33, Aug. 2012. [10] J. Grover, “Android forensics: Automated data collection and reporting from a mobile device,” in Digital Investigation, 2013, vol. 10, pp. S12–S20. [11] J. Reust, “Case study: AOL instant messenger trace evidence,” Digit. Investig., vol. 3, no. 4, pp. 238–243, 2006.
[12] M. Dickson, “An examination into AOL Instant Messenger 5.5 contact identification,” Digit. Investig., vol. 3, no. 4, pp. 227–237, 2006. [13] M. Dickson, “An examination into Yahoo Messenger 7.0 contact identification,” Digit. Investig., vol. 3, no. 3, pp. 159–165, 2006. [14] M. Dickson, “An examination into MSN Messenger 7.5 contact identification,” Digit. Investig., vol. 3, no. 2, pp. 79–83, 2006. [15] M. Dickson, “An examination into Trillian basic 3.x contact identification,” Digit. Investig., vol. 4, no. 1, pp. 36–45, 2007.
[16] M. Kiley, S. Dankner, and M. Rogers, “Forensic Analysis of Volatile Instant Messaging,” in Advances in Digital Forensics IV, vol. 285, Boston: Springer, 2008, pp. 129–138. [17] N. Al Mutawa, I. Al Awadhi, I. Baggili, and A. Marrington, “Forensic artifacts of Facebook’s instant messaging service,” in Internet Technology and Secured Transactions (ICITST), 2011
International Conference for, 2011, pp. 771–776. [18] C. Anglano, “Forensic analysis of WhatsApp Messenger on Android smartphones,” Digit. Investig., vol. 11, no. 3, pp. 1–13, 2014. [19] D. Damopoulos, G. Kambourakis, M. Anagnostopoulos, S. Gritzalis, and J. H. Park, “User privacy and modern mobile services: Are they on the same path?,” Pers. Ubiquitous Comput., vol.
17, pp. 1437–1448, 2013. [20] E. Chin, A. Felt, K. Greenwood, and D. Wagner, “Analyzing inter-application communication in Android,” Proc. 9th …, pp. 239–252, 2011. [21] S. Schrittwieser, P. Frühwirt, P. Kieseberg, M. Leithner, M. Mulazzani, M. Huber, and E. Weippl, “Guess who’s texting you? evaluating the security of smartphone messaging applications,”
Proc. 19th Annu. Symp. Netw. Distrib. Syst. Secur., p. 9, 2012.