Cover Image

The Comparison Performance of Digital Forensic Tools Using Additional Root Access Options

Aljo Leonardo, Rini Indrayani

Abstract


This research used MiChat and SayHi as materials for forensic investigations using three different tools, namely MOBILedit, Magnet Axiom, and Belkasoft. These three tools will show each performance in the forensic process. We also added a rooting process as an option if data cannot be extracted optimally even when using these three applications. The result of this study shows that the cases studied with processes without root access and with root access have the aim of complementing each other in obtaining evidence. So that these two processes complement each other's shortcomings. The main contribution of this research is a recommendation of a tool based on the best performance shown during the forensic process with rooting access and without rooting access. Based on the comparison, Magnet Axiom is superior with a total of 34 items of data found without root access, while MOBILedit is 30 items and 30 items for Belkasoft. While comparison using root access, Magnet Axiom and MOBILedit are superiors with a total of 36 items found in Magnet Axiom without root access, while MOBILedit is 36 items and 33 items for Belkasoft. Based on the test results, it can be concluded that the recommended tool according to the used scenario is Magnet Axiom.


Keywords


Mobile Phone; Forensic; MiChat; SayHi Chat; Root; Digital Evidence

Full Text:

PDF

References


A. Okutan and Y. Çebi, “A Framework for Cyber Crime Investigation,†Procedia Comput. Sci., vol. 158, pp. 287–294, Jan. 2019. https://doi.org/10.1016/j.procs.2019.09.054

Q. Do, B. Martini, and K. K. R. Choo, “The role of the adversary model in applied security research,†Comput. Secur., vol. 81, pp. 156–181, Mar. 2019. https://doi.org/10.1016/j.cose.2018.12.002

M. M. Singh and A. A. Bakar, “A Systemic Cybercrime Stakeholders Architectural Model,†Procedia Comput. Sci., vol. 161, pp. 1147–1155, Jan. 2019. https://doi.org/10.1016/J.PROCS.2019.11.227

U. Hur, M. Park, G. Kim, Y. Park, I. Lee, and J. Kim, “Data acquisition methods using backup data decryption of Sony smartphones,†Digit. Investig., vol. 31, p. 200890, Dec. 2019. https://doi.org/10.1016/j.fsidi.2019.200890

X. Lin, T. Chen, T. Zhu, K. Yang, and F. Wei, “Automated forensic analysis of mobile applications on Android devices,†Digit. Investig., vol. 26, pp. S59–S66, 2018. https://doi.org/10.1016/j.diin.2018.04.012

M. Rath, B. Pati, and B. K. Pattanayak, “An Overview on Social Networking: Design, Issues, Emerging Trends, and Security,†Soc. Netw. Anal., pp. 21–47, Jan. 2019. https://doi.org/10.1016/B978-0-12-815458-8.00002-5

M. Bas Seyyar and Z. J. M. H. Geradts, “Privacy impact assessment in large-scale digital forensic investigations,†Forensic Sci. Int. Digit. Investig., vol. 33, p. 200906, Jun. 2020. https://doi.org/10.1016/j.fsidi.2020.200906

M. de Gruijter and C. J. de Poot, “Cognitive challenges at the crime scene: The importance of social science research when introducing mobile technologies at the crime scene,†Forensic Sci. Int., vol. 297, pp. e16–e18, Apr. 2019. https://doi.org/10.1016/J.FORSCIINT.2019.01.026

W. J. Buchanan, S. Chiale, and R. Macfarlane, “A methodology for the security evaluation within third-party Android Marketplaces,†Digit. Investig., vol. 23, pp. 88–98, 2017. https://doi.org/10.1016/j.diin.2017.10.002

C. Hargreaves and A. Marshall, “SyncTriage: Using synchronisation artefacts to optimise acquisition order,†Digit. Investig., vol. 28, pp. S134–S140, Apr. 2019. https://doi.org/10.1016/j.diin.2017.10.002

C. M. S. Steel, E. Newman, S. O. Rourke, and E. Quayle, “Forensic Science International : Digital Investigation An integrative review of historical technology and countermeasure usage trends in online child sexual exploitation material offenders,†Forensic Sci. Int. Digit. Investig., vol. 33, p. 300971, 2020. https://doi.org/10.1016/j.fsidi.2020.300971

J. Choi, J. Yu, S. Hyun, and H. Kim, “Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems: Case study with KakaoTalk, NateOn and QQ messenger,†Digit. Investig., vol. 28, pp. S50–S59, Apr. 2019. https://doi.org/10.1016/j.diin.2019.01.011

G. Cornelis, R. Seelt, and N. Le-khac, “Forensic Science International : Digital Investigation Forensic analysis of Matrix protocol and Riot . im application,†Forensic Sci. Int. Digit. Investig., vol. 36, p. 301118, 2021. https://doi.org/10.1016/j.fsidi.2021.301118

M. Nicoletti and M. Bernaschi, “Forensic analysis of Microsoft Skype for Business,†Digit. Investig., vol. 29, pp. 159–179, Jun. 2019. https://doi.org/10.1016/j.diin.2019.03.012

D. Wijnberg and N. Le-khac, “Forensic Science International : Digital Investigation Identifying interception possibilities for WhatsApp communication,†Forensic Sci. Int. Digit. Investig., vol. 38, p. 301132, 2021. https://doi.org/10.1016/j.fsidi.2021.301132

Y. C. Tok, C. Wang, and S. Chattopadhyay, “Stitcher: Correlating digital forensic evidence on internet-of-things devices,†Forensic Sci. Int. Digit. Investig., vol. 35, p. 301071, Dec. 2020. https://doi.org/10.1016/j.fsidi.2020.301071

J. Park, Y. H. Jang, and Y. Park, “New flash memory acquisition methods based on firmware update protocols for LG Android smartphones,†Digit. Investig., vol. 25, pp. 42–54, 2018. https://doi.org/10.1016/j.diin.2018.04.002

H. Lee, T. Ermakova, V. Ververis, and B. Fabian, “Forensic Science International : Digital Investigation Detecting child sexual abuse material : A comprehensive survey,†Forensic Sci. Int. Digit. Investig., vol. 34, p. 301022, 2020. https://doi.org/10.1016/j.fsidi.2020.301022

C. H. Ngejane, J. H. P. Eloff, T. J. Sefara, and V. N. Marivate, “Forensic Science International : Digital Investigation Digital forensics supported by machine learning for the detection of online sexual predatory chats,†Forensic Sci. Int. Digit. Investig., vol. 36, p. 301109, 2021. https://doi.org/10.1016/j.fsidi.2021.301109

K. Dwi, O. Mahendra, and I. K. Ari, “Digital Forensic Analysis of Michat Applications on Android as Digital Proof in Handling Online Prostitution Cases,†vol. 9, no. 3, pp. 381–390, 2021. https://doi.org/10.24843/JLK.2021.v09.i03.p09

N. Dwi, W. Cahyani, D. Ph, K. R. Choo, and D. Ph, “DIGITAL & MULTIMEDIA SCIENCES An Evidence-based Forensic Taxonomy of Windows Phone Dating Apps,†no. 7, 2018.

https://doi.org/10.1111/1556-4029.13820

A. Phan, K. Seigfried-Spellar, and K.-K. R. Choo, “Threaten me softly: A review of potential dating app risks,†Comput. Hum. Behav. Reports, vol. 3, p. 100055, Jan. 2021. ttps://doi.org/10.1016/j.chbr.2021.100055

E. Casey, “Maturation of digital forensics,†Digit. Investig., vol. 29, pp. A1–A2, Jun. 2019. https://doi.org/10.1016/j.diin.2019.05.002

D. Kim and S. Lee, “Forensic Science International : Digital Investigation Study of identifying and managing the potential evidence for effective Android forensics,†Forensic Sci. Int. Digit. Investig., vol. 33, p. 200897, 2019. https://doi.org/10.1016/j.fsidi.2019.200897

P. Mullan, C. Riess, and F. Freiling, “Forensic source identification using JPEG image headers: The case of smartphones,†Digit. Investig., vol. 28, pp. S68–S76, Apr. 2019. https://doi.org/10.1016/j.diin.2019.01.016

G. Horsman, “Digital Evidence Certainty Descriptors (DECDs),†Forensic Sci. Int. Digit. Investig., vol. 32, p. 200896, Mar. 2020. https://doi.org/10.1016/j.fsidi.2019.200896

E. Casey, “Strengthening trust: Integration of digital investigation and forensic science,†Forensic Sci. Int. Digit. Investig., vol. 33, p. 301000, Jun. 2020. https://doi.org/10.1016/j.fsidi.2020.301000

E. Gentry and M. Soltys, “SEAKER: A mobile digital forensics triage device,†Procedia Comput. Sci., vol. 159, pp. 1652–1661, 2019. https://doi.org/10.1016/j.procs.2019.09.335

R. O. Andrade and S. G. Yoo, “Cognitive security: A comprehensive study of cognitive science in cybersecurity,†J. Inf. Secur. Appl., vol. 48, p. 102352, Oct. 2019. https://doi.org/10.1016/j.jisa.2019.06.008

N. Akatyev and J. I. James, “Evidence identification in IoT networks based on threat assessment,†Futur. Gener. Comput. Syst., vol. 93, pp. 814–821, Apr. 2019. https://doi.org/10.1016/j.future.2017.10.012

I. Riadi, A. Yudhana, M. Caesar, and F. Putra, “Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method,†vol. 5, no. 2, pp. 235–247, 2018. https://doi.org/10.15294/sji.v5i2.16545

G. Kim, M. Park, S. Lee, Y. Park, I. Lee, and J. Kim, “Forensic Science International : Digital Investigation A study on the decryption methods of telegram X and BBM-Enterprise databases in mobile and PC,†Forensic Sci. Int. Digit. Investig., vol. 35, p. 300998, 2020. https://doi.org/10.1016/j.fsidi.2020.300998

G. Horsman, “Formalising investigative decision making in digital forensics: Proposing the Digital Evidence Reporting and Decision Support (DERDS) framework,†Digit. Investig., vol. 28, pp. 146–151, Mar. 2019. https://doi.org/10.1016/j.diin.2019.01.007

G. Kim, S. Kim, M. Park, Y. Park, I. Lee, and J. Kim, “Forensic Science International : Digital Investigation Forensic analysis of instant messaging apps : Decrypting Wickr and private text messaging data,†Forensic Sci. Int. Digit. Investig., vol. 37, p. 301138, 2021. https://doi.org/10.1016/j.fsidi.2021.301138

T. Wu, F. Breitinger, and S. O’Shaughnessy, “Digital forensic tools: Recent advances and enhancing the status quo,†Forensic Sci. Int. Digit. Investig., vol. 34, p. 300999, Sep. 2020. https://doi.org/10.1016/j.fsidi.2020.300999

E. OliveiraJr, A. F. Zorzo, and C. V. Neu, “Towards a conceptual model for promoting digital forensics experiments,†Forensic Sci. Int. Digit. Investig., vol. 35, p. 301014, Dec. 2020. https://doi.org/10.1016/j.fsidi.2020.301014

G. Tully, N. Cohen, D. Compton, G. Davies, R. Isbell, and T. Watson, “Quality standards for digital forensics: Learning from experience in England & Wales,†Forensic Sci. Int. Digit. Investig., vol. 32, p. 200905, Mar. 2020. https://doi.org/10.1016/j.fsidi.2020.200905

R. Yokota, Y. Hawai, K. Tsuchiya, D. Imoto, M. Hirabayashi, N. Akiba, H. Kakuda, K. Tanabe, M. Honma, and K. Kurosawa, “A revisited visual-based geolocalization framework for forensic investigation support tools,†Forensic Sci. Int. Digit. Investig., vol. 35, p. 301088, Dec. 2020. https://doi.org/10.1016/j.fsidi.2020.301088

M. Guido, J. Buttner, and J. Grover, “Rapid differential forensic imaging of mobile devices,†DFRWS 2016 USA - Proc. 16th Annu. USA Digit. Forensics Res. Conf., vol. 18, pp. S46–S54, 2016. https://doi.org/10.1016/j.diin.2016.04.012

C. Jin, R. Wang, and D. Yan, “Source smartphone identification by exploiting encoding characteristics of recorded speech,†Digit. Investig., vol. 29, pp. 129–146, Jun. 2019. https://doi.org/10.1016/j.diin.2019.03.003

M. Park, O. Yi, and J. Kim, “A methodology for the decryption of encrypted smartphone backup data on android platform: A case study on the latest samsung smartphone backup system,†Forensic Sci. Int. Digit. Investig., vol. 35, p. 301026, Dec. 2020. https://doi.org/10.1016/j.fsidi.2020.301026

P. Feng, Q. Li, P. Zhang, and Z. Chen, “Logical acquisition method based on data migration for Android mobile devices,†Digit. Investig., vol. 26, pp. 55–62, 2018. https://doi.org/10.1016/j.diin.2018.05.003

J. Wagner, A. Rasin, K. Heart, R. Jacob, and J. Grier, “DB3F & DF-Toolkit: The Database Forensic File Format and the Database Forensic Toolkit,†Digit. Investig., vol. 29, pp. S42–S50, Jul. 2019. https://doi.org/10.1016/j.diin.2019.04.010

A. Fukami, R. Stoykova, and Z. Geradts, “A new model for forensic data extraction from encrypted mobile devices,†Forensic Sci. Int. Digit. Investig., vol. 38, p. 301169, 2021. https://doi.org/10.1016/j.fsidi.2021.301169

L. F. Sikos, “Packet analysis for network forensics: A comprehensive survey,†Forensic Sci. Int. Digit. Investig., vol. 32, p. 200892, Mar. 2020. https://doi.org/10.1016/j.fsidi.2019.200892

G. Horsman and N. Sunde, “Part 1: The need for peer review in digital forensics,†Forensic Sci. Int. Digit. Investig., vol. 35, p. 301062, Dec. 2020. https://doi.org/10.1016/j.fsidi.2020.301062

T. Holt and D. S. Dolliver, “Forensic Science International : Digital Investigation Exploring digital evidence recognition among front-line law enforcement of fi cers at fatal crash scenes,†Forensic Sci. Int. Digit. Investig., vol. 37, p. 301167, 2021. https://doi.org/10.1016/j.fsidi.2021.301167

K. Opasiak and W. Mazurczyk, “(In)Secure Android Debugging: Security analysis and lessons learned,†Comput. Secur., vol. 82, pp. 80–98, May 2019. https://doi.org/10.1016/j.cose.2018.12.010

E. Casey, “Interrelations between digital investigation and forensic science,†Digit. Investig., vol. 28, pp. A1–A2, Mar. 2019. https://doi.org/10.1016/j.diin.2019.03.008

D. Mothi, H. Janicke, and I. Wagner, “A novel principle to validate digital forensic models,†Forensic Sci. Int. Digit. Investig., vol. 33, p. 200904, Jun. 2020. https://doi.org/10.1016/j.fsidi.2020.200904

R. M. Carew and D. Errickson, “Imaging in forensic science: Five years on,†J. Forensic Radiol. Imaging, vol. 16, pp. 24–33, Mar. 2019. https://doi.org/10.1016/j.jofri.2019.01.002

T. Latzo, R. Palutke, and F. Freiling, “A universal taxonomy and survey of forensic memory acquisition techniques,†Digit. Investig., vol. 28, pp. 56–69, Mar. 2019. https://doi.org/10.1016/j.diin.2019.01.001

G. Singh and K. Singh, “Digital image forensic approach based on the second-order statistical analysis of CFA artifacts,†Forensic Sci. Int. Digit. Investig., vol. 32, p. 200899, Mar. 2020. https://doi.org/10.1016/j.fsidi.2019.200899

R. M. A. Mohammad, “An Enhanced Multiclass Support Vector Machine Model and its Application to Classifying File Systems Affected by a Digital Crime,†J. King Saud Univ. - Comput. Inf. Sci., Oct. 2019. https://doi.org/10.1016/j.jksuci.2019.10.010

W. Jo, Y. Shin, H. Kim, D. Yoo, D. Kim, C. Kang, J. Jin, J. Oh, B. Na, and T. Shon, “Digital Forensic Practices and Methodologies for AI Speaker Ecosystems,†Digit. Investig., vol. 29, pp. S80–S93, Jul. 2019. https://doi.org/10.1016/j.diin.2019.04.013

P. Sharma, D. Arora, and T. Sakthivel, “Enhanced Forensic Process for Improving Mobile Cloud Traceability in Cloud-Based Mobile Applications,†Procedia Comput. Sci., vol. 167, no. 2019, pp. 907–917, 2020. https://doi.org/10.1016/j.procs.2020.03.390

S. J. Yang, J. H. Choi, K. B. Kim, R. Bhatia, B. Saltaformaggio, and D. Xu, “Live acquisition of main memory data from Android smartphones and smartwatches,†Digit. Investig., vol. 23, pp. 50–62, 2017. https://doi.org/10.1016/j.diin.2017.09.003

G. S. Morrison and F. Kelly, “A statistical procedure to adjust for time-interval mismatch in forensic voice comparison,†Speech Commun., vol. 112, pp. 15–21, Sep. 2019. https://doi.org/10.1016/j.specom.2019.07.001

G. Horsman, “Opinion: Does the field of digital forensics have a consistency problem?,†Forensic Sci. Int. Digit. Investig., vol. 33, p. 300970, Jun. 2020. https://doi.org/10.1016/j.fsidi.2020.300970

A. Fukami and K. Nishimura, “Forensic analysis of water damaged mobile devices,†Digit. Investig., vol. 29, pp. S71–S79, 2019. https://doi.org/10.1016/j.diin.2019.04.009

G. Humphries, R. Nordvik, H. Manifavas, P. Cobley, and M. Sorell, “Law Enforcement educational challenges for mobile forensics,†Digit. Investig., vol. 38, p. 301129, 2021. https://doi.org/10.1016/j.fsidi.2021.301129




DOI: http://dx.doi.org/10.26555/jiteki.v7i3.22381

Refbacks

  • There are currently no refbacks.


Copyright (c) 2022 Aljo Leonardo, Rini Indrayani

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


 
About the JournalJournal PoliciesAuthor Information
 


Jurnal Ilmiah Teknik Elektro Komputer dan Informatika
ISSN 2338-3070 (print) | 2338-3062 (online)
Organized by Electrical Engineering Department - Universitas Ahmad Dahlan
Published by Universitas Ahmad Dahlan
Website: http://journal.uad.ac.id/index.php/jiteki
Email 1: jiteki@ee.uad.ac.id
Email 2: alfianmaarif@ee.uad.ac.id
Office Address: Kantor Program Studi Teknik Elektro, Lantai 6 Sayap Barat, Kampus 4 UAD, Jl. Ringroad Selatan, Tamanan, Kec. Banguntapan, Bantul, Daerah Istimewa Yogyakarta 55191, Indonesia