Skip to main content

Advertisement

SpringerLink
Log in

The Role of Mobile Forensics in Terrorism Investigations Involving the Use of Cloud Storage Service and Communication Apps

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Mobile technologies can be, and have been, exploited in terrorist activities. In this paper, we highlight the importance of mobile forensics in the investigation of such activities. Specifically, using a series of controlled experiments on Android and Windows devices, we demonstrate how mobile forensics techniques can be used to recover evidentiary artefacts from client devices. There are three simulation scenarios, namely: (1) information propagation, (2) information concealment and (3) communications. The experiments used three popular cloud apps (Google Drive, Dropbox, and OneDrive), five communication apps (Messenger, WhatsApp, Telegram, Skype and Viber), and two email apps (GMail and Microsoft Outlook). The evidential data was collected and analysed using mobile forensics and network packet analyser tools. The correlation of evidence artefacts would support to infer illegal use of mobile devices. This study also highlights the extent of acquired evidence between Android and Windows devices, in which Android presents more evidentiary value.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Australian Government (2010) Securing Australia: Protecting Our Community. https://www.asio.gov.au/img/files/counter-terrorism_white_paper.pdf. Accessed 28 February 2016

  2. Choo K-KR (2013) New payment methods: a review of 2010–2012 FATF mutual evaluation reports. Comput Secur 36:12–26

    Article  Google Scholar 

  3. Choo K-KR (2014) Designated non-financial businesses and professionals: a review and analysis of recent financial action task force on money laundering mutual evaluation reports. Secur J 27(1):1–26

    Article  Google Scholar 

  4. Federal Bureau of Investigation (2016) Statement to Address Misleading Reports that the County Of San Bernardino Reset Terror Suspect’s Iphone without Consent of the FBI https://assets.documentcloud.org/documents/2716811/Statement-from-the-FBI-Feb-20-2016.pdf. Accessed 28 Februari 2016

  5. Ab Rahman N, Choo K (2015) Integrating digital forensic practices in cloud incident handling: A conceptual cloud incident handling model. In: KO R, CHOO K-KR (eds) Cloud Security Ecosystem. Syngress, an Imprint of Elsevier, Waltham, pp. 383–400

    Chapter  Google Scholar 

  6. Amble JC (2012) Combating terrorism in the new media environment. Stud Conf Terror 35(5):339–353

    Article  Google Scholar 

  7. UNODC (2012) The Use of the Internet for Terrorist Purposes. https://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf. Accessed 28 February 2016

  8. Ogun MN (2012) Terrorist use of internet: possible suggestions to prevent the usage for terrorist purposes. J Appl Secur Res 7(2):203–217

    Article  Google Scholar 

  9. Choo K-KR (2008) Organised crime groups in cyberspace: a typology. Trends in Organized Crime 11(3):270–295

    Article  Google Scholar 

  10. Choo K-KR, Smith RG, McCusker R (2007) Future directions in technology-enabled crime: 2007–09. Research and public policy no 78. Australian Institute of Criminology, Canberra

    Google Scholar 

  11. Zielińska E, Mazurczyk W, Szczypiorski K Trends in steganography. Commun ACM 57(3):86–95

  12. Choo K-KR SR, Walters J, Bricknell S (2013) Perceptions of money laundering and financing of terrorism in the Australian legal profession. Research and public policy no 122(1). Australian Institute of Criminology, Canberra

    Google Scholar 

  13. Walters J, Budd C, Smith R, Choo K, McCusker R, Rees D (2012) Anti-money laundering and counter-terrorism financing across the globe: a comparative study of regulatory action. Research and public policy no 113. Australian Institute of Criminology, Canberra

    Google Scholar 

  14. Mishra S (2003) Exploitation of information and communication technology by terrorist organisations. Strateg Anal 27(3):439–462

    Article  Google Scholar 

  15. Ayers R, Brothers S, Jansen W (2014) Guidelines on mobile device forensics. NIST Special Publication 800 (101 Revision 1)

  16. Grispos G, Storer T, Glisson WB (2011) A comparison of forensic evidence recovery techniques for a windows mobile smart phone. Digit Investig 8(1):23–36

    Article  Google Scholar 

  17. Tassone C, Martini B, Choo K-KR, Slay J (2013) Mobile device forensics: a snapshot. Trends issues crime Crim. Justice no. 460: 1–7. Australian Institute of Criminology, Canberra

    Google Scholar 

  18. Glisson WB, Storer T, Buchanan-Wollaston J (2013) An empirical comparison of data recovered from mobile forensic toolkits. Digit Investig 10(1):44–55

    Article  Google Scholar 

  19. Cahyani NDW, Martini B, Choo KKR, Al-Azhar A (2016) Forensic data acquisition from cloud-of-things devices: Windows smartphones as a case study. Concurrency and Computation: Practice and Experience

  20. Chung H, Park J, Lee S, Kang C (2012) Digital forensic investigation of cloud storage services. Digit Investig 9(2):81–95

    Article  Google Scholar 

  21. McKemmish R (1999) What is forensic computing? Trends issues crime Crim. Justice no. 118:1–6. Australian Institute of Criminology, Canberra

    Google Scholar 

  22. Martini B, Do Q, Choo K-KR (2015) Mobile cloud forensics: An analysis of seven popular Android apps. In: KO R, CHOO K-KR (eds) Cloud Security Ecosystem. Syngress, an Imprint of Elsevier, Waltham, pp. 309–345

    Chapter  Google Scholar 

  23. Ariffin A, D'Oorazio C, Choo K-KR, Slay J (2013) iOS Forensics: How can we recover deleted image files with timestamp in a forensically sound manner? In: Proceedings of the 8th International Conference on Availability, Reliability and Security, Regensburg, Germany, Sept 2–6, 2013 (IEEE), 375–382

  24. Leom MD, DOrazio CJ, Deegan G, Choo K-KR (2015) Forensic Collection and Analysis of Thumbnails in Android. In: Proceedings of the 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communication, Helsinki, Finland, Aug 20–22, (IEEE) 1059–1066

  25. Berman KJ, Glisson WB, Glisson LM (2015) Investigating the Impact of Global Positioning System Evidence. In: Hawaii International Conference on System Sciences, Hawaii, Jan 5–8, 2015 (IEEE), 5234–5243

  26. McMillan JER, Glisson WB, Bromby M (2013) Investigating the increase in mobile phone evidence in criminal activities. In: Hawaii International Conference on System Sciences, Wailea, Hawaii, Jan 7–10, 2013 (IEEE), 4900–4909

  27. Grispos G, Glisson WB, Storer T (2015) Recovering residual forensic data from smartphone interactions with cloud storage providers. In: KO R, CHOO K-KR (eds) Cloud Security Ecosystem. Syngress, an Imprint of Elsevier, Waltham

    Google Scholar 

  28. Al Mutawa N, Baggili I, Marrington A (2012) Forensic analysis of social networking applications on mobile devices. Digit Investig 9:S24–S33

    Article  Google Scholar 

  29. Farhood ND, Dehghantanha A, Eterovic-Soric B, Choo K-KR (2015) Investigating social networking applications on smartphones detecting Facebook, twitter, LinkedIn and Google + artefacts on android and iOS platforms. Aust J Forensic Sci:1–20

  30. Anglano C (2014) Forensic analysis of WhatsApp messenger on android smartphones. Digit Investig 11(3):201–213

    Article  Google Scholar 

  31. Azfar A, Choo K-KR, Liu L (2015) Forensic Taxonomy of Popular Android mHealth Apps. In: Proceedings of the 21st Americas Conference on Information Systems

  32. Sgaras C, Kechadi M-T, Le-Khac N-A (2015) Forensics Acquisition and Analysis of Instant Messaging and VoIP Applications. In: Garain U, Shafait F (eds) Computational Forensics. Springer, Switzerland, pp. 188–199

    Chapter  Google Scholar 

  33. Oates BJ (2005) Researching information systems and computing. Sage Publications, London, p. 341

    Google Scholar 

  34. Ab Rahman NH, Cahyani NDW, Choo KKR (2016) Cloud incident handling and forensic-by-design: cloud storage as a case study. Concurrency and Computation: Practice and Experience

  35. Cahyani NDW, Ab Rahman NH, Xu Z, Glisson WB, Choo KKR (2016) The role of mobile forensics in terrorism investigations involving the use of cloud apps. In: Proceedings of the 9th International Conference on Mobile Multimedia Communications

Download references

Acknowledgements

The authors thank the anonymous reviewers for providing constructive and generous feedback. Despite their invaluable assistance, any errors remaining in this paper are solely attributed to the authors. This paper is an extended conference version [35], with more than 50% new content.

Author information

Authors and Affiliations

  1. School of Information Technology & Mathematical Sciences, University of South Australia, Adelaide, Australia

    Niken Dwi Wahyu Cahyani, Nurul Hidayah Ab Rahman & Kim-Kwang Raymond Choo

  2. Telkom University, Bandung, Indonesia

    Niken Dwi Wahyu Cahyani

  3. Universiti Tun Hussein Onn Malaysia, Kuala Lumpur, Johor, Malaysia

    Nurul Hidayah Ab Rahman

  4. School of Computing, University of South Alabama, Mobile, AL, USA

    William Bradley Glisson

  5. Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, 78249, TX, USA

    Kim-Kwang Raymond Choo

Authors
  1. Niken Dwi Wahyu Cahyani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nurul Hidayah Ab Rahman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. William Bradley Glisson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kim-Kwang Raymond Choo.

Appendix A

Appendix A

Fig. 7
figure 7

Example of a Viber’s packet from a Windows device

Full size image
Fig. 8
figure 8

Initial inspection

Full size image
Fig. 9
figure 9

Manual acquisition

Full size image

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cahyani, N.D.W., Rahman, N.H.A., Glisson, W.B. et al. The Role of Mobile Forensics in Terrorism Investigations Involving the Use of Cloud Storage Service and Communication Apps. Mobile Netw Appl 22, 240–254 (2017). https://doi.org/10.1007/s11036-016-0791-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-016-0791-8

Keywords

Search

Navigation