Fig 4 - uploaded by Gandeva Bayu Satrya
Content may be subject to copyright.
Source publication
As recently updated on the vulnerability statistics shown in 2019, Android-driven smartphones, tablet PCs, and other Android devices are vulnerable whether from internal or external threats. Most users store sensitive data like emails, photos, cloud storage access, and contact lists on Android smartphones. This information holds a growing-importanc...
Contexts in source publication
Context 1
... the logout has been carried out and the device has been restarted, the event was to examine the data inside the memory to find out whether data related to the already logged out account were still can be traced or not. Fig. 4 showed the results of the examination, which was the information related to the account have still existed. This was done to prove either the memory volatility does matter or not in this case or application (e.g., Gdrive). It turned out that the memory was still stored with information from the previously loaded data. Following the ...
Context 2
... the second scenario, six events were carried out, namely file upload, file download, file share, file share (revoke), new file, delete the file. The hash values were taken per event and attached in Appendix A. Fig. 4 shows a file-sharing event where the first account shares files to the second account. Based on the digital evidence, both accounts can be seen along with the shared files. In this scenario, we discussed two file operations as a representative, and further complete analyses are provided in Table II that is presented in the next ...
Context 3
... the logout has been carried out and the device has been restarted, the event was to examine the data inside the memory to find out whether data related to the already logged out account were still can be traced or not. Fig. 4 showed the results of the examination, which was the information related to the account have still existed. This was done to prove either the memory volatility does matter or not in this case or application (e.g., Gdrive). It turned out that the memory was still stored with information from the previously loaded data. Following the ...
Context 4
... the second scenario, six events were carried out, namely file upload, file download, file share, file share (revoke), new file, delete the file. The hash values were taken per event and attached in Appendix A. Fig. 4 shows a file-sharing event where the first account shares files to the second account. Based on the digital evidence, both accounts can be seen along with the shared files. In this scenario, we discussed two file operations as a representative, and further complete analyses are provided in Table II that is presented in the next ...
Citations
... There are now many open-source tools that allow for extraction of forensic artifacts from volatile memory. Researchers and investigators use memory forensics techniques and tools to identify valuable forensic artifacts (Case and Richard, 2016;Casey et al., 2019;Satrya and Kurniawan, 2020). ...
... This can help to reveal hidden processes, malware trying to hide information, toolkits. [81], [82] are some of the existing research surveys in the live memory forensics domain. ...
With the alarmingly increasing rate of cybercrimes worldwide, there is a dire need to combat cybercrimes timely and effectively. Cyberattacks on computing machines leave certain artifacts on target device storage that can reveal the identity and behavior of cyber-criminals if processed and analyzed intelligently. Forensic agencies and law enforcement departments use several digital forensic toolkits, both commercial and open-source, to examine digital evidence. The proposed research survey focuses on identifying the current state-of-the-art digital forensics concepts in existing research, sheds light on research gaps, presents a detailed introduction of different computer forensic domains and forensic toolkits used for computer forensics in the current era. The proposed survey also presents a comparative analysis based on the tool’s characteristics to facilitate investigators in tool selection during the forensics process. Finally, the proposed survey identifies and derives current challenges and future research directions in computer forensics.
... Their research predominantly uncovered artifacts from the storage of experimental VMs with the conclusion that the Tor browser reveals limited user browsing artifacts when compared to private browsing modes of Chrome and Firefox. Gandeva B Satrya et al. [11] proposed a novel Android internal memory forensic acquisition tool called fridump to aid in acquiring Android internal memory more effectively as compared to preceding proposed methodologies, tools, and techniques. They used GDrive as a case study to uncover artifacts from the victim and investigator's Android smartphones i.e. ...
... In this way, we were able to acquire storage and Zram evidence for all the targeted activities mentioned in section III(E) using MOBILedit Forensic Express. However, we were only able to acquire memory evidence using the most efficient Android memory forensic tool developed by Satrya, G. B et.al [11] for Simple Execution and Browsing activity because Fridump tool only let us acquire memory evidence while the process is running. ...
Smartphones and Internet have become prevalent in our society with various applications in businesses, education, healthcare, gaming, and research. One of the major issues with the Internet today is its lack of security since an eavesdropper can potentially intercept the communication. This has contributed towards an increased number of cyber-crime incidents, resulting in an increase in users’ consciousness about the security and privacy of their communication. One example is the shift towards using private browsers such as Tor. Tor is a well-recognized and widely used privacy browser based on The Onion Router network that provisions anonymity over the insecure Internet. This functionality of Tor has been a major hurdle in cybercrime investigations due to the complex nature of its anonymity. This paper investigates artifacts from the Tor privacy browser on the latest Windows 10 and Android 10 devices to determine potential areas where evidence can be found. We examine the registry, storage, and memory of Windows 10 devices and the memory, storage, logs, and Zram of Android 10 devices for three possible scenarios i.e. before, during, and after use of the Tor browser. Our results do not support the claims made by the Tor Project regarding user privacy and anonymity. We find that it is possible to retrieve significant details about a user’s browsing activities while the Tor browser is in use as well as after it is closed (on both operating systems). This paper also provides an investigative methodology for the acquisition and analysis of Tor browser artifacts from different areas of the targeted operating systems. Therefore, it can serve as a base to expand research in the forensic analysis of other privacy browsers and improve the efficiency of cybercrime investigations efficiency.
The easy accessibility of stored data on the cloud storage with the use of wide range of digital devices offers both the economic and technical opportunities to its subscribers. These benefits can also be exploited by malicious users to carry out illegal activities. When such illegal activities (cybercrimes) are carried out, it is essential for digital forensic investigators to identify the malicious usages, the dynamics of the crime, identify the perpetrators or the individuals behind the crime, reconstruct the crime patterns, interpret the criminal activities and charge the personalities involved to the court of law. The sustainability of digital forensics depends on the use of appropriate technology to curb various forms of cybercrimes. During forensic investigation artificial intelligence techniques and the use of appropriate forensic tools play important roles to detect activities related to cybercrime. One of the technical challenges associated with cloud forensics investigation is the inability of forensic investigators to obtain raw data from the Cloud Service Providers (CSPs) as a result of privacy issue; this necessitates the need for client forensics. The aim of this paper is to propose a model based on traceability technique to illustrate how the extracted digital artifacts from Windows 10 and an android smartphone can be mapped and linked to the cloud storage accessed and to illustrate the patterns of the activities with 5Ws1H-based expression (what, who, where, when, why and how). The model is set out to assist forensic investigators to easily identify, track and reconstruct a post-event timeline of the activities that takes place on cloud storage with the use of client devices and thereby saves time and enhances better visualization of the crime patterns.
