The Role of Mobile Forensics in Terrorism Investigations Involving the Use of Cloud Storage Service and Communication Apps

Mobile technologies can be, and have been, exploited in terrorist activities. In this paper, we highlight the importance of mobile forensics in the investigation of such activities. Specifically, using a series of controlled experiments on Android and Windows devices, we demonstrate how mobile forensics techniques can be used to recover evidentiary artefacts from client devices. There are three simulation scenarios, namely: (1) information propagation, (2) information concealment and (3) communications. The experiments used three popular cloud apps (Google Drive, Dropbox, and OneDrive), five communication apps (Messenger, WhatsApp, Telegram, Skype and Viber), and two email apps (GMail and Microsoft Outlook). The evidential data was collected and analysed using mobile forensics and network packet analyser tools. The correlation of evidence artefacts would support to infer illegal use of mobile devices. This study also highlights the extent of acquired evidence between Android and Windows devices, in which Android presents more evidentiary value.

[1]  Kim-Kwang Raymond Choo,et al.  iOS Forensics: How Can We Recover Deleted Image Files with Timestamp in a Forensically Sound Manner? , 2013, 2013 International Conference on Availability, Reliability and Security.

[2]  M. Tahar Kechadi,et al.  Forensics Acquisition and Analysis of Instant Messaging and VoIP Applications , 2014, IWCF.

[3]  Tim Storer,et al.  Recovering residual forensic data from smartphone interactions with cloud storage providers , 2015, The Cloud Security Ecosystem.

[4]  Kim-Kwang Raymond Choo New payment methods: A review of 2010-2012 FATF mutual evaluation reports , 2013, Comput. Secur..

[5]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[6]  Kim-Kwang Raymond Choo,et al.  Forensic Collection and Analysis of Thumbnails in Android , 2015, TrustCom 2015.

[7]  William Bradley Glisson,et al.  Investigating the Impact of Global Positioning System Evidence , 2015, 2015 48th Hawaii International Conference on System Sciences.

[8]  Ibrahim Baggili,et al.  Forensic analysis of social networking applications on mobile devices , 2012, Digit. Investig..

[9]  William Bradley Glisson,et al.  Investigating the Increase in Mobile Phone Evidence in Criminal Activities , 2013, 2013 46th Hawaii International Conference on System Sciences.

[10]  Kim-Kwang Raymond Choo,et al.  Forensic data acquisition from cloud‐of‐things devices: windows Smartphones as a case study , 2017, Concurr. Comput. Pract. Exp..

[11]  J. C. Amble,et al.  Combating Terrorism in the New Media Environment , 2012 .

[12]  B. J. Oates,et al.  Researching Information Systems and Computing , 2005 .

[13]  Tim Storer,et al.  An empirical comparison of data recovered from mobile forensic toolkits , 2013, Digit. Investig..

[14]  Kim-Kwang Raymond Choo,et al.  Mobile cloud forensics: An analysis of seven popular Android apps , 2015, The Cloud Security Ecosystem.

[15]  Cosimo Anglano,et al.  Forensic analysis of WhatsApp Messenger on Android smartphones , 2014, Digit. Investig..

[16]  M. Ogun Terrorist Use of Internet: Possible Suggestions to Prevent the Usage for Terrorist Purposes , 2012 .

[17]  Kim-Kwang Raymond Choo,et al.  Integrating digital forensic practices in cloud incident handling: A conceptual Cloud Incident Handling Model , 2015, The Cloud Security Ecosystem.

[18]  Kim-Kwang Raymond Choo,et al.  Mobile device forensics: a snapshot , 2013 .

[19]  Richard P. Ayers,et al.  Guidelines on Mobile Device Forensics , 2014 .

[20]  Kim-Kwang Raymond Choo,et al.  Forensic Taxonomy of Popular Android mHealth Apps , 2015, AMCIS.

[21]  Kim-Kwang Raymond Choo,et al.  Cloud incident handling and forensic‐by‐design: cloud storage as a case study , 2017, Concurr. Comput. Pract. Exp..

[22]  Tim Storer,et al.  A comparison of forensic evidence recovery techniques for a windows mobile smart phone , 2011, Digit. Investig..

[23]  Ali Dehghantanha,et al.  Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms , 2016 .

[24]  Kim-Kwang Raymond Choo Organised crime groups in cyberspace: a typology , 2008 .

[25]  Shitanshu Mishra Exploitation of information and communication technology by terrorist organisations , 2003 .

[26]  Kim-Kwang Raymond Choo,et al.  Anti-money laundering and counter-terrorism financing across the globe: A comparative study of regulatory action , 2011 .

[27]  Wojciech Mazurczyk,et al.  Trends in steganography , 2014, Commun. ACM.

[28]  Kim-Kwang Raymond Choo,et al.  The role of mobile forensics in terrorism investigations involving the use of cloud apps , 2016, MobiMedia.

[29]  Kim-Kwang Raymond Choo Designated non-financial businesses and professionals: A review and analysis of recent financial action task force on money laundering mutual evaluation reports , 2014 .