Analytical method for forensic investigation of social networking applications on smartphones

Social Networking has influenced the way people interact with each other. Many people use social networking applications for individual or commercial purposes to share information. However, the rapid growth of social networking and social networking applications on mobile devices has attracted cyber criminals and has resulted in their use in many criminal activities such as identity theft, piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. Mobile devices are a gold mine of evidences for forensic investigators as they store valuable social networking data. Previous researches on forensic investigation of social networking applications on smartphones were conducted using existing forensic analyzer tools and failed to identify important data remnants including passwords, GPS locations, uploaded files, posts and messages. Therefore, the result of previous researches indicate that the current mobile forensic analyzer tools and methods are not able to automatically acquire enough valuable data remnants from social networking applications on smartphones and only provide an interface to the data for the investigator. In this research, we propose an examination method for investigation of social networking applications on smartphones in order to detect all possible data remnants when undertaking the forensic investigation of social networking platforms. In this examination method, logical and physical images of smartphones are examined manually using a set of predefined keywords. This will allow the investigators to detect the data remnants and identify their patterns. The identified patterns are then used to design an algorithm for detecting social networking data remnants automatically. The outcome of this research resulted in detection of user‟s username, password, UID, personal information, pictures, workplace and organization, GPS locations, friend list, uploaded posts, uploaded messages, uploaded comments, uploaded files, interests and identification of the pattern for how and where each data remnant is stored in the internal memory and internal storage of the smartphone. Moreover, an algorithm was designed that automatically extracts social networking data remnants from smartphones using the identified patterns. We hope this research can be a stepping stone for identifying a common methodology for investigation of all types of smartphone applications and serve as the first step toward developing a consistent digital forensic framework for social networking such as the one proposed and evaluated in this research.

Preview Text FSKTM 2016 22 IR.pdf Download (473kB) | Preview

Actions (login required)

View Item