FIG 3 - uploaded by Mohd Najwadi Yusoff
Content may be subject to copyright.
Source publication
The development of a mobile web-centric OS such as Firefox OS (FxOS) has created new challenges and opportunities for digital investigators. Network traffic forensics plays an important role in cybercrime investigation to detect subject(s) and object(s) of the crime. In this chapter we detect and analyze residual network traffic artifacts of FxOS i...
Context in source publication
Context 1
... are able to be captured. In this experiment we run the FxOS simulator in the VM player. All network traffic from the FxOS simulator were captured once with Wireshark 1.12.5 and another time using Microsoft Network Monitor 3.4 as a backup captur- ing tool. In order to capture the network traffic from VM player, VM network adapter was set to NAT. Fig. 3 shows the network packets captured by Wireshark when we executed the communication activities using the FxOS ...
Similar publications
Development of mobile web-centric OS such as Firefox OS has created new challenges, and opportunities for digital investigators. Network traffic forensic plays an important role in cybercrime investigation to detect subject(s) and object(s) of the crime. In this chapter, we detect and analyze residual network traffic artefacts of Firefox OS in rela...
Citations
... Research on Telegram itself has only focused on security aspects (Susanka and Kokes 2017), social influence (Nobari et al. 2017b;Rey et al. 2017) and forensic analysis (Anglano et al. 2017;Yusoff et al. 2017;Gregorio et al. 2017). ...
Mobile broadband (3G and 4G) has remarkably influenced people’s lives. For instance, the impacts of this technology are evident in transportation, education and messaging. With the advent of this technology, a new generation of messengers offering instant messaging is available to people. One of them is Telegram that comes with new features; one of them is broadcasting messages under the name of “channel.” In this paper, we introduce the channel retrieval problem which aims to find a sorted list of related channels to a user query. This problem is first modeled to the classic information retrieval problems (expert finding and blog retrieval), but since there’s a vocabulary gap between the user query and the published messages in the channels, two query expansion methods for enhancing the performance are proposed. In this paper, a dataset is generated for the channel retrieval, which is publicly available for other researchers. Our experiments on this dataset show that using a semantic approach for query expansion can enhance channel retrieval performance.
Digital forensics is one of the prime professional fields for law enforcement forces. It is also a major active research topic in the cybersecurity field. Internet traffic and content analysis are leading tasks within this research area. Most of the internet traffic is now encrypted, making the traditional analysis of contents impossible. In this paper, we proposed a novel framework and methodology to extract a valuable set of information from encrypted traffic of Instant Messages and Voice Over IP applications. The presented framework enables the analysts to detect, classify and analyze encrypted traffic (typing, chatting, media transmission of audio and video calls, etc.). The provided framework was tested by taking over 30 trace files of these activities and looking at some specific payload patterns. The proposed methodology's results enable investigators to detect and extract application user behavior that can be used as evidence for a forensics investigation. Also, it shows that a valuable set of information can be extracted from encrypted WhatsApp and Telegram traffic.
In the digital forensics discipline, the lack of comprehensive research that addresses investigative challenges and opportunities for newer mobile Operating Systems (OSs) such as Android and iOS keeps continuing. These two OSs are currently widely operated by millions of smartphones and used by millions of users; therefore, forensic investigators need to be prepared to analyze these OSs during an investigation giving consideration to mobile app updates. The current research efforts focus on the forensic analysis of individual applications of certain OSs. In this study, we conducted a detailed forensic investigation of both Android and iOS OSs to (1) elucidate their structures for investigators, (2) identify pertinent forensic artifacts, (3) highlight any privacy and security concerns in popular applications present on both OSs, and (4) validate the forensic investigation on the selected tools for reproducibility and verification purposes. This work aims to analyze 27 Android and 33 iOS mobile applications comprehensively.
This research investigates popular messaging applications’ traffic in other to assess the security or vulnerability of communication on those applications. The experiment was carried out in a Local Area Network. Wireshark, NetworkMiner and Netwitness Investigators were used to capture and analyse the traffic. Ten (10) instant messaging applications were installed on Android platforms and used for the experiment. Different types of sensitive media files were recovered from the network traffic, including images, documents/texts and audio. The Internet Service Provider (ISP) of the sender was also recovered along with the resident city of the third party. The research classifies the mobile applications into vulnerable and nonvulnerable applications using the gathered data. Thus, it was discovered that out of ten mobile applications investigated, only Viber application was non-vulnerable to tested attacks. The classification result also shows random forest as the best classifier using this research data.
Telegram is a new Instant Messaging application providing key features for both public and private messaging. Telegram is similar to group broadcast or micro-blogging platforms, while on the other hand, it has features of ordinary Instant Messaging applications such as WhatsApp. In this paper, investigating a real dataset crawled from Telegram, we provide several observations which can explain the information flow, business model of content providers, and social sensing aspects of Telegram. The crawled dataset which is manually labeled by six persons contains two months of public messages of selected Telegram channels. Moreover, we introduce the viral messages in instant messaging services and propose formal definition of these messages as well as deeply analyzing their characteristics and features. Detection of virality characteristics of messages in Telegram can be beneficial for both end-users and digital marketers. Consequently, we propose statistical and word embedding approaches to detect viral messages and their sentiment and message category.Our experiments indicate that the word embedding approach can significantly outperform other baseline models.
