Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

  title={Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications},
  author={Moses Ashawa and Innocent Ogwuche},
The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of… 
Examining artifacts generated by setting Facebook Messenger as a default SMS application on Android: Implication for personal data privacy
The results suggest that anonymization of data is essential if Facebook chats are to be shared for further research into social media content.
Android Permission Classifier: a deep learning algorithmic framework based on protection and threat levels
This article is the first to classify Android permission based on their protection and threat levels and shows classification accuracy of 97% and an FPR value of 0.2% with high diversity capacity when compared with the performance of those of other similar existing methods.
Design and Implementation of Linux based Workflow for Digital Forensics Investigation
This study designed and implemented a Linux forensic based-workflow for digital investigation that was divided into different investigation phases and tested and evidence such as (E01) Image was accurately acquired.
Strategy for Detecting IP Address of LINE VOIP Network Packets by Using the Decision-Tree Approach
This paper proposes a learning-based approach that integrates a decision tree by sniffing the LINE application VoIP network packets at the client-user side and can handle the identification of the end user.


Smartphone Forensic Analysis: A Case Study for Obtaining Root Access of an Android Samsung S3 Device and Analyse the Image without an Expensive Commercial Tool
This case study shows how to obtain the root access of Samsung S3 phone, how to create DD image and then how to examine DD image via commercial tool like UFED physical analyzer trial version which doesn’t support Android devices.
Forensic investigation and analysis on digital evidence discovery through physical acquisition on smartphone
The results are presented to demonstrate the smartphone as a goldmine for investigators and as sources of digital evidence and the forensic tool and techniques for acquiring and examining digital evidence on this device.
Forensic Analysis of Instant Messenger Applications on Android Devices
The experiments and results show that heavy amount of potential evidences and valuable data can be found on Android phones by forensic investigators.
Forensic Simplified Methodology for Android Data Extraction
This paper objective to propose a one-way form to analyze in legitimate and authorized Android devices, applying forensics techniques with adhesions of the features in the Android Platform.
Windows Instant Messaging App Forensics: Facebook and Skype as Case Studies
This research contributes to an in-depth understanding of the types of terrestrial artefacts that are likely to remain after the use of instant messaging services and application software on a contemporary Windows operating system.
A Comparison of Forensic Acquisition Techniques for Android Devices: A Case Study Investigation of Orweb Browsing Sessions
A case study to reconstruct browser sessions carried out using the Orweb private web browser, an Android browser which uses Onion Routing to anonymize web traffic, and which records no browsing history concludes that rooting the device is unnecessary and thus should be avoided.
Testing the harmonised digital forensic investigation process model-using an Android mobile phone
Through observing the findings of the test using an Android mobile phone, this paper demonstrates that conducting mobile forensics using the HDFI process model produces satisfactory results.
A Novel Anti-forensics Technique for the Android OS
This paper proposes a new anti-forensics technique for mobile devices with the Android OS that makes it possible to modify and erase, securely and selectively, the digital evidence on an Android device without having to use any cryptographic primitives or make any file system changes.
Forensic Data Recovery from Android OS Devices: An Open Source Toolkit
An open-source toolkit has been developed to improve workflow for forensic analysts and to aid Android OS mobile phone forensics, designed to automatically extract and handle all data extracted from the devices so that vital intelligence can be searched and identified quickly, accurately and efficiently.
Forensic analysis of the android file system YAFFS2
Focussing on the internal storage of a Sony Ericsson Xperia x10i, a process to extract both logical and physical data from the internal NAND memory is possible after gaining super user access and showed that the NANDdump has generated a bit-by-bit dump of the internal flash memory.