Network and device forensic analysis of Android social-messaging applications

In this research we forensically acquire and analyze the device-stored data and network traffic of 20 popular instant messaging applications for Android. We were able to reconstruct some or the entire message content from 16 of the 20 applications tested, which reflects poorly on the security and privacy measures employed by these applications but may be construed positively for evidence collection purposes by digital forensic practitioners. This work shows which features of these instant messaging applications leave evidentiary traces allowing for suspect data to be reconstructed or partially reconstructed, and whether network forensics or device forensics permits the reconstruction of that activity. We show that in most cases we were able to reconstruct or intercept data such as: passwords, screenshots taken by applications, pictures, videos, audio sent, messages sent, sketches, profile pictures and more.

Metadaten
Author:	Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Jason Moore, Frank Breitinger ORCiD GND
URN:	urn:nbn:de:bvb:384-opus4-1176060
Frontdoor URL	https://opus.bibliothek.uni-augsburg.de/opus4/117606
ISSN:	1742-2876OPAC
Parent Title (English):	Digital Investigation
Publisher:	Elsevier BV
Type:	Article
Language:	English
Year of first Publication:	2015
Publishing Institution:	Universität Augsburg
Release Date:	2024/12/16
Volume:	14
Issue:	Supplement 1
First Page:	S77
Last Page:	S84
DOI:	https://doi.org/10.1016/j.diin.2015.05.009
Institutes:	Fakultät für Angewandte Informatik
	Fakultät für Angewandte Informatik / Institut für Informatik
	Fakultät für Angewandte Informatik / Institut für Informatik / Lehrstuhl für Cybersicherheit
Dewey Decimal Classification:	0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 004 Datenverarbeitung; Informatik
Licence (German):	CC-BY-NC-ND 4.0: Creative Commons: Namensnennung - Nicht kommerziell - Keine Bearbeitung (mit Print on Demand)

Open Access