![]() ![]() Finally, we analyzed the tools on the basis of their ability to extract digital evidences from the device and their performance are examined with respect to NIST standards. This useful data can easily be recovered by forensic analysts for future examination of any crime situation. From the results of these experiments, a considerable amount of essential data was successfully extracted from the examined smartphone. ![]() Data extraction and analysis are carried out using three tools, i.e., Magnet AXIOM, XRY, and Autopsy. The essential motivation behind the examination and tests is to find whether the data resides within the internal storage of the device or not after using these social networking apps. This research is aimed at performing forensic investigation of five social networking apps, i.e., Instagram, LINE, Whisper, WeChat, and Wickr on Android smart phones. ![]() Many of such crimes are carried out through social networking apps therefore, the forensic analysis of allegedly involved digital devices in crime scenes and social apps installed on them can be helpful in resolving criminal investigations. This momentous usage has also resulted in a huge spike in cybercrimes such as social harassing, abusive messages, vicious threats, broadcasting of suicidal actions, and live coverage of violent attacks. ![]() The use of social networking apps on smartphones has become a dominating part of daily lives. Smartphone users spend a substantial amount of time in browsing, emailing, and messaging through different social networking apps. Finally, we show how to reconstruct the log of the voice calls made or received by the user.Although in this paper we focus on Telegram Messenger, our methodology can be applied to the forensic analysis of any application running on the Android platform. Furthermore, we show how to determine significant properties of the various chats, groups, and channels in which the user has been involved (e.g., the identifier of the creator, the date of creation, the date of joining, etc.). In this paper we present a methodology for the forensic analysis of the artifacts generated on Android smartphones by Telegram Messenger, the official client for the Telegram instant messaging platform, which provides various forms of secure individual and group communication, by means of which both textual and non-textual messages can be exchanged among users, as well as voice calls.Our methodology is based on the design of a set of experiments suitable to elicit the generation of artifacts and their retention on the device storage, and on the use of virtualized smartphones to ensure the generality of the results and the full repeatability of the experiments, so that our findings can be reproduced and validated by a third-party.In this paper we show that, by using the proposed methodology, we are able (a) to identify all the artifacts generated by Telegram Messenger, (b) to decode and interpret each one of them, and (c) to correlate them in order to infer various types of information that cannot be obtained by considering each one of them in isolation.As a result, in this paper we show how to reconstruct the list of contacts, the chronology and contents of the messages that have been exchanged by users, as well as the contents of files that have been sent or received. 2016, the Telegram Messenger LLP company reported that there were 100,000,000 active users per month, with 350,000 new users signing up per day (Telegram Messenger LLP, 2016)), providing secure one-to-one, one-tomany, and many-to-many communication services, as well as self-destructing chats, that is reportedly used for various criminal activities, ranging from cybercrime (C. This is particularly true for Telegram, a very popular IM platform (in Feb. The forensic analysis of these applications is therefore of crucial importance from the investigative standpoint (Wu et al., 2017 Zhang et al., 2016 Zhou et al., 2015 Anglano, 2014 Anglano et al., 2016 Mehrotra and Mehtre, 2013 Walnycky et al., 2015). In addition to legitimate users, IM services are very popular also among criminals (United Nations Office on Drugs and Crime, 2013), that use them for their communications as they make it harder than traditional communication means to link the real identity of a person to an account (s)he uses, and more and more often they use end-to-end encryption to escape interception. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |