Digital Forensics Report: Current Trends and Future Directions

Verified

Added on 2022/09/10

AI Summary

This report provides an overview of digital forensics, a field that has become increasingly important due to the proliferation of mobile devices and the rise of cybercrime. It explores the challenges of extracting data from encrypted devices and the impact of cloud storage on forensic investigations. The report reviews literature on mobile forensics, particularly focusing on iOS devices and technologies like AirPrint. It examines how digital forensic experts adapt to rapidly changing mobile technologies and the traces left behind by applications and device functionalities. The results highlight the importance of device forensics, the challenges posed by encryption, and the potential for recovering data from various sources. The report concludes with a discussion of future work and comparisons, emphasizing the need for continuous adaptation and knowledge in the face of evolving technologies and the importance of digital forensic analysis in various scenarios.

Running head: DIGITAL FORENSICS
DIGITAL FORENSICS
Name of the Student
Name of the university
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1DIGITAL FORENSICS
Table of Contents
Introduction................................................................................................................................3
Literature review........................................................................................................................3
Results........................................................................................................................................6
Conclusion..................................................................................................................................7
Future work and comparison......................................................................................................8
References..................................................................................................................................9

2DIGITAL FORENSICS
Introduction
There has been a lot of advancement in information technologies which has had a
significant impact on human lives. As per Statista, at present 45.12 percent of the population
of the world have a smartphone (Lillis, Becker, O'Sullivan, & Scanlon, 2016). Portable
devices such as the smart phones and tablets are the electronic gadgets on which people are
heavily dependent on. Therefore cybersecurity has become an important concern. Hence,
digital forensics has emerged as an important field related to this context. With the increasing
number of cyber crimes, there is a need to safeguard sensitive data in order to prevent data
breaches. The problem is, personal devices that are always with their users have lots of
sensitive informations stored in them which make the user vulnerable to different threats and
risks. Developments include cloud storage systems and many more things that are being used
by criminals to store and conceal criminal data including child pornography, terrorism and
other such things like illegal drogue. Thus it is necessary to find out how digital forensics
skills can be made use of to
Literature review
As per the research done by Valjarevic and Venter (2015), the task of a digital
forensic expert is tough in cases where different applications such as IMO employ encryption
for storing as well as transmitting data. This makes its complicated for the digital forensic
investigator to extract data. The IMO application has employed encryption for not just calling
activities but also for chatting activities. Since the last few years, the users have shown
increasing concerns over the privacy of their data and thus almost all social media
applications have come up with encryption. Device forensics requires analyzing memory as
well as storage elements in order to collect evidences but the encryption of the data these
days has made the task of the experts’ tough than before (Du, Le-Khac, & Scanlon, 2017). It

3DIGITAL FORENSICS
has had an impact on network forensics as well that is basically studying of the traffic in a
network for various activities of the users and the services. In order to understand the
scenario and the connection better a study of the network as well as various activities of the
users and service is done. This study considers forensic analysis of 20 popular social media
applications for the Android platform. The device forensics of IMO application was carried
out on both Android as well as on the iOS platform. The main aim of the study was to figure
out what is the number of maximum possible artifacts that can be extracted from the devices’
internal as well as eternal memory (Gudipaty & Jhala, 2015). With no such information on its
communication protocol and security architecture the possible vulnerabilities were explored
for figuring out which of these can certainly be exploited by forensic expert for carrying out
an investigation that involves IMO application.
As per the research done by Jang, Park, Pak, and Lee (2015), digital forensic experts
need to adapt themselves to the rapidly changing mobile technologies as not doing the same
may have a bad impact on their work. In order to understand how the experts need to update
themselves on the emerging technologies, Apple iOS devices have been considered for the
study. Being specific, the capabilities of these devices to print wirelessly to the compatible
printers by making use of AirPrint have been considered. Digital forensics is all about tracing
back the evidences on a digital media and thus in this case it is required to check as to
whether AirPrint leaves behind some traces that can help a forensic expert to analyze any
case which involves AirPrint (Umar, Riadi, & Zamroni, 2018). As per studies, in order to
understand the evidences that can be left behind in devices such as AirPrint it is required that
AirPrint and its various mode of operations from not just the user’s end but also from the
technical standpoint be considered in details. It is a tough task to analyze this as to what
evidences can be got from the digital devices and for this various steps as well:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4DIGITAL FORENSICS
1. Preliminary setup- The digital forensic expert needs to be clear as what are the equipments
that are required to carry on with the experiment of finding evidences. In this case, iOS
devices, AirPrint enabled printer and two laptops can be said to be as the equipments used.
2. Analyzing the forensic traces that have been left behind by AirPrint.
3. Checking on the various properties of the AirPrint temporary files (Sivaprasad, 2017).
4. PDF metadata of these temporary files.
Carrying out the investigation in this process an investigator will get to know whether,
AirPrint leaves behind any trace of evidence.
As per the research done by Choi, Yu, Hyun, and Kim (2019), there is a need to
expose of a certain method that can help in recovering from the iOS devices contents as well
as metadata of different documents that have been printed through AirPrint even in the
modern devices which have features such as hardware-based data encryption. The challenge
in analysis of the behavior of AirPrint was that it lacks in public documentation related to
many of the internal aspects as iOS is not an open operating system. There are no works on
the behind the scenes working procedure of AirPrint and also what forensic traces it leaves
behind. Before the announcement of AirPrint by Apple in the year 2010, many solutions were
out which involve iOS applications that helped in opening different file formats, sending the
same to the desktop systems, running companion application that later sent these documents
to the printer. The options that are available to the user are as follows:
1. Printer- From this option the user gets to know about all the AirPrint enabled printers that
are present locally with details such as “name” and “description”.

5DIGITAL FORENSICS
2. Range- This option provides the provision to the user to select from all the pages of a
document so that he or she can print the pages that is required (Halboob, Mahmod, Udzir, &
Abdullah, 2015).
3. Copies- This option provides the provision to specify the number of copies that is to be
printed.
4. On the basis of the features of the printer, additional parameters including duplex printing
can be checked.
5. Print- This button is there is to send the job that is to be done to the printer.
In this the user has no other provisions with him to specify any other type of information that
in general can be found in printing menus like size of paper, orientation of the same and
quality of printing (Gueron, 2016). This process was needed to understand as in order to find
out whether traces are left behind, its way of working is required to be known. Thus it can be
said that in digital forensics, a proper understanding of the device is necessary so that
evidences can be traced.
Results
From the literature review section, some important facts that could be determined are
as follows:
1. Digital forensics specifically device forensic is becoming a necessity owing to the
increasing number of data breaches, most of which include mobile devices or computer
systems. The proliferation of these mobile technologies can be said to be as the major reason
for the increase in requirement for digital forensic experts. On one hand when encryptions
have become a necessity to safeguard users’ data on the other hand it has also become an
escape route for the cyber criminals. Applications such as IMO and WhatsApp are making

6DIGITAL FORENSICS
use of end-to-end encryption that is tough for the investigators to decrypt. Thus to deal with
these new technologies, investigators need to update themselves. The results suggest that the
databases maintained by IMO could be accessed in Android as well as iOS. All the useful
informations related to a user could be extracted from the mobile device when IMO was
investigated.
2. It was found that using AirPrint to print documents on the wireless medium leaves behind
a trace that is in form of temporary files and contains a copy of printed information which
indicates as to when be the document printed. Thus the recovery of the AirPrint artifacts can
act as valuable resources for forensic investigations.
3. The files recovered from AirPrint in certain cases can be corrupt but still from these
corrupted files certain details such an iOS version made use of and date of printing can be
obtained.
4. Another important result was that only one or two of the AirPrint temporary files from
around 20 could be recovered. This suggests that maybe the latest jobs were getting
recovered. The traces that were obtained were corresponding to the first jobs that were sent to
get printed instead of the ones that had been sent last.
Conclusion
From the discussion done above it can be concluded that, recovery of the artifacts
from forensic devices are essential in forensic investigation specifically in scenarios such as
leakage of information, distribution of inappropriate content and many more. This can also
pose high level of threat to the users. With the modern mechanisms of encryption being
deployed in applications it has become relatively tough for the investigators to trace data.
Studies conducted suggested that though there is iOS 6 data encryption mechanisms in place,
methods used could be recovered 5 to 15 percent of the printed documents through AirPrint.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7DIGITAL FORENSICS
The success rate of recovering the files or data from devices is dependent on factors such as
disk scheduling strategies and many more. This is an important point to be noted as for these
specific thing different iOS versions could yield different results. Thus, it can be inferred that
digital forensics can certainly trace back the data on the devices even with encryptions
deployed by following certain processes and another major thing is the investigator should
have adequate amount of knowledge.
Future work and comparison
The articles reviewed had a commonality as to how the changing technology is
throwing up challenged in front of digital forensic experts. The case studies of IMO and
AirPrint were taken to clarify the concept and to analyze whether data on these applications
or device can be traced back in conditions where criminal activities have taken place. One
included dealing with the encryption while other dealt with device functionality and how its
operations. Future work can include network traffic generated and this can be done across
much different number of devices, different versions of iOS including third party applications
as well. In case of application IMO it can certainly be applied to different social media
applications.

8DIGITAL FORENSICS
References
Choi, J., Yu, J., Hyun, S., & Kim, H. (2019). Digital forensic analysis of encrypted database
files in instant messaging applications on Windows operating systems: Case study
with KakaoTalk, NateOn and QQ messenger. Digital Investigation, 28, S50-S59.
Du, X., Le-Khac, N.-A., & Scanlon, M. (2017). Evaluation of digital forensic process models
with respect to digital forensics as a service. arXiv preprint arXiv:1708.01730.
Gudipaty, L., & Jhala, K. (2015). Whatsapp forensics: decryption of encrypted whatsapp
databases on non rooted android devices. Journal Information Technology & Software
Engineering, 5, 2.
Gueron, S. (2016). Memory encryption for general-purpose processors. IEEE Security &
Privacy, 14(6), 54-62.
Halboob, W., Mahmod, R., Udzir, N. I., & Abdullah, M. T. (2015). Privacy Levels for
Computer Forensics: Toward a More Efficient Privacy-preserving Investigation.
Paper presented at the FNC/MobiSPC.
Jang, S.-M., Park, J.-H., Pak, C.-U., & Lee, S.-J. (2015). The Research for Digital Evidence
Acquisition Procedure within a Full Disk Encryption Environment. Journal of the
Korea Institute of Information Security and Cryptology, 25(1), 39-48.
Lillis, D., Becker, B., O'Sullivan, T., & Scanlon, M. (2016). Current challenges and future
research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
Sivaprasad, A. (2017). Secured proactive network forensic framework. Paper presented at the
2017 International Conference on Current Trends in Computer, Electrical, Electronics
and Communication (CTCEEC).
Umar, R., Riadi, I., & Zamroni, G. M. (2018). Mobile forensic tools evaluation for digital
crime investigation. Int. J. Adv. Sci. Eng. Inf. Technol, 8(3), 949.
Valjarevic, A., & Venter, H. S. (2015). A comprehensive and harmonized digital forensic
investigation process model. Journal of forensic sciences, 60(6), 1467-1483.