While a practitioner should be cognisant of techniques of digital forensics, it is just as important to maintain an up-to-date understanding of the potential artefacts that are recoverable from different types of IM products. In addition to addressing the possible issues in relation to evidence acquisition from the ISPs, the terrestrial artefacts can be useful in establishing whether a suspect has a direct connection to a crime, as the suspect may claim he/she is a victim of identity theft otherwise. ĭepending on the IM application in use, the client device can often provide potential for alternative methods for recovery of the IM artefacts. In the worst-case scenario, the ISPs may not even log the incriminating conversations to reduce traffic to the messaging servers. Even if the artefacts could be identified, the challenges are compounded by cross-jurisdictional investigations that may prohibit cross-border transfer of information. Moreover, collecting data from a multi-tenancy environment may breach the data privacy policies of the ISPs. The data are often protected by proprietary protocols, encryption, etc., making forensic practitioners virtually impossible to collect meaningful information from external network. ĭue to the increased user privacy requirements and demands for data redundancy, it is increasingly challenging to collect evidential data from the IM service provider (ISP). The chat logs can provide a great deal of information of evidential value to investigators, which may often comprise a suspect’s physical location, true identity, transactional information, incriminating conversations, and other person information i.e., email address and bank account number. Similar to other popular consumer technologies, IM services have also been exploited to commit frauds and scams, disseminate malware, groom children online with the purpose of sexual exploitation etc. According to the report of Radicati Group, the number of worldwide IM accounts (with the exception of mobile messaging) in 2015 amounted to over 3.2 billion which is expected to rise above 3.8 billion by the end of 2019. Instant messaging (IM) is popular with both traditional computing device users (i.e., personal computers and laptops) and mobile device users by allowing them to exchange information with peers in real time using text messaging, voice messaging, and file sharing. Potential artefacts detected during the research include data relating to the installation or uninstallation of the instant messaging application software, log-in and log-off information, contact lists, conversations, and transferred files. This research contributes to an in-depth understanding of the types of terrestrial artefacts that are likely to remain after the use of instant messaging services and application software on a contemporary Windows operating system. In this paper, we seek to determine the data remnants from the use of two popular Windows Store application software for instant messaging, namely Facebook and Skype on a Windows 8.1 client machine. The forensic examination of IM apps for modern Windows 8.1 (or later) has been largely unexplored, as the platform is relatively new. However, the interactive and instant nature of these applications (apps) made them an attractive choice for malicious cyber activities such as phishing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |