ORCID Identifiers
Document Type
Article
Source of Publication
Digital Investigation
Publication Date
1-1-2015
Abstract
In this research we forensically acquire and analyze the device-stored data and network traffic of 20 popular instant messaging applications for Android. We were able to reconstruct some or the entire message content from 16 of the 20 applications tested, which reflects poorly on the security and privacy measures employed by these applications but may be construed positively for evidence collection purposes by digital forensic practitioners. This work shows which features of these instant messaging applications leave evidentiary traces allowing for suspect data to be reconstructed or partially reconstructed, and whether network forensics or device forensics permits the reconstruction of that activity. We show that in most cases we were able to reconstruct or intercept data such as: passwords, screenshots taken by applications, pictures, videos, audio sent, messages sent, sketches, profile pictures and more.
DOI Link
ISSN
Publisher
Elsevier Ltd
Volume
14
First Page
S77
Last Page
S84
Disciplines
Computer Sciences
Keywords
Android (operating system), Message passing, World Wide Web, Android forensics, Application security, Datapp, Instant messaging, Network forensics, Mobile security
Scopus ID
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Recommended Citation
Walnycky, Daniel; Baggili, Ibrahim; Marrington, Andrew; Moore, Jason; and Breitinger, Frank, "Network and device forensic analysis of Android social-messaging applications" (2015). All Works. 2483.
https://zuscholars.zu.ac.ae/works/2483
Indexed in Scopus
yes
Open Access
yes
Open Access Type
Hybrid: This publication is openly available in a subscription-based journal/series