Integrated examination and analysis model for improving mobile cloud forensic investigation

48  Download (0)

Full text


The copyright © of this thesis belongs to its rightful author and/or other copyright owner. Copies can be accessed and downloaded for non-commercial or learning purposes without any charge and permission. The thesis cannot be reproduced or quoted as a whole without the permission from its rightful owner. No alteration or changes in format is allowed without permission from its rightful owner.





JULY 2022



Permission to Use

In presenting this thesis in fulfilment of the requirements for Doctor of Philosophy degree from Universiti Utara Malaysia, I agree that the Universiti Library may make it freely available for inspection. I further agree that permission for the copying of this thesis in any manner, in whole or in part, for scholarly purpose may be granted by my supervisor(s) or, in their absence, by the Dean of Awang Had Salleh Graduate School of Arts and Sciences. It is understood that any copying or publication or use of this thesis or parts thereof for financial gain shall not be allowed without my written permission. It is also understood that due recognition shall be given to me and to Universiti Utara Malaysia for any scholarly use which may be made of any material from my thesis.

Requests for permission to copy or to make other use of materials in this thesis, in whole or in part, should be addressed to:

Dean of Awang Had Salleh Graduate School of Arts and Sciences Universiti Utara Malaysia

06010 UUM Sintok Kedah Darul Aman




Teknik forensik termaju telah menjadi suatu kemestian untuk menyiasat aktiviti berniat jahat dalam Aplikasi Mudah Alih berasaskan Awan (CMA). Adalah mencabar untuk menganalisis artifak keterangan kes khusus dalam persekitaran Pengkomputeran Awan Mudah Alih (MCC) di bawah keadaan forensik yang kukuh. Siasatan Awan Mudah Alih (MCI) menghadapi banyak isu penyelidikan dalam menjejak dan membuat penalaan halus terhadap bukti artifak yang berkaitan persekitaran MCC.

Penyelidikan ini mencadangkan model Pemeriksaan dan Analisis (EA) bersepadu untuk seni bina aplikasi umum CMA yang boleh digunakan pada awan awam untuk mengesan artifak keterangan kes khusus. Model yang dicadangkan telah mengesahkan keberkesanan MCI dan meningkatkan kualiti serta kelajuan penyiasatan. Dalam konteks tersebut, dicadangkan model Metodologi Pemeriksaan dan Analisis Forensik menggunakan Perlombongan Data (FED) dan Metodologi Pemeriksaan dan Analisis Forensik menggunakan Perlombongan Data dan Pengoptimum (FEDO) bagi menangani isu-isu ini. FED menggabungkan subfasa utama seperti analisis garis masa, penapisan cincang, pengukiran data dan transformasi data untuk menapis artifak kes khusus. Metodologi forensik dibantu LSTM menentukan jumlah maklumat yang berpotensi untuk disimpan untuk siasatan lanjut dan mengkategorikan artifak bukti forensik bagi kerelevanan kejadian jenayah. Akhir sekali, model FED membangunkan taksonomi bukti forensik dan mengekalkan ketepatan dan perolehan kembali melebihi 85% bagi pembuatan keputusan yang lebih berkesan. FEDO memudahkan bukti awan dengan memeriksa ciri-ciri utama dan mengindeks bukti. FEDO menggabungkan beberapa subfasa untuk mengendalikan bukti secara tepat, seperti pengindeksan bukti, rujukan silang dan carian kata kunci. Model ini menganalisis maklumat temporal dan geografi serta melakukan rujukan silang untuk memperhalusi bukti ke arah bukti kes khusus. FEDO memodelkan strategi Linearly Decreasing Weight (LDW) berasaskan algoritma Particle Swarm Optimization (PSO) pada bukti kes khusus untuk meningkatkan keupayaan pencarian siasatan merentas persekitaran raya MCC. FEDO memberikan kadar pengesanan bukti sehingga 90% dan dengan itu, EA bersepadu telah memastikan peningkatan prestasi MCI.

Kata kunci: Forensik awan mudah alih, Pemeriksaan dan analisis forensik, Ukiran dan transformasi data, Pengindeksan bukti, Perlombongan data forensik




Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the case- specific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud Investigation (MCI) encounters many research issues in tracing and fine-tuning the relevant evidential artifacts from the MCC environment. This research proposes an integrated Examination and Analysis (EA) model for a generalised application architecture of CMA deployable on the public cloud to trace the case-specific evidential artifacts. The proposed model effectively validates MCI and enhances the accuracy and speed of the investigation. In this context, proposing Forensic Examination and Analysis Methodology using Data mining (FED) and Forensic Examination and analysis methodology using Data mining and Optimization (FEDO) models address these issues. The FED incorporates key sub-phases such as timeline analysis, hash filtering, data carving, and data transformation to filter out case-specific artifacts. The Long Short-Term Memory (LSTM) assisted forensic methodology decides the amount of potential information to be retained for further investigation and categorizes the forensic evidential artifacts for the relevancy of the crime event. Finally, the FED model constructs the forensic evidence taxonomy and maintains the precision and recall above 85% for effective decision-making. FEDO facilitates cloud evidence by examining the key features and indexing the evidence. The FEDO incorporates several sub-phases to precisely handle the evidence, such as evidence indexing, cross- referencing, and keyword searching. It analyses the temporal and geographic information and performs cross-referencing to fine-tune the evidence towards the case- specific evidence. FEDO models the Linearly Decreasing Weight (LDW) strategy based Particle Swarm Optimization (PSO) algorithm on the case-specific evidence to improve the searching capability of the investigation across the massive MCC environment. FEDO delivers the evidence tracing rate at 90%, and thus the integrated EA ensures improved MCI performance.

Keywords: Mobile Cloud Forensics, Forensic Examination and Analysis, Data Carving and Transformation, Evidence Indexing, Forensic Data Mining.




In The Name of Allah the Most Beneficent, the Most Merciful

First of all, I am thankful to Allah SWT, for the power and the bestowing me health and strength that have given me to accomplish this work through my journey of research and to be able to finish the write up of this thesis.

Also, I am deeply indebted in the preparation of this thesis and grateful to my supervisor, Dr. Massudi Mahmuddin for his extensive guidance, unprecedented support, and comments.

Also, I am obliged to thank my late supervisor Prof. Dr. Abd Razak Yaakub may Allah have mercy on him, he made things easy for me when they were difficult.

I would like to extend thanks to Cyber Security Malaysia for my training in all tools related to Digital forensics and dealing with them professionally.

First and foremost, I would like to thank my father Ali Alnajjar, Mother Fatimah, sisters, brothers and their families for their constant love, support and encouragement during my journey.

Last but not least, I would specially like to thank my family. My wife Waganat has been extremely supportive of me throughout this journey and has made countless sacrifices to help me get to this point. My children (Fajraldeen, Pillar and Sima) for giving me unlimited happiness and pleasure.

Finally, I would like to thank my friends, who so generously contributed to the work presented in this research.


Table of Contents

Permission to Use ... i

Abstrak ... ii

Abstract ... iii

Acknowledgements ... iv

Table of Contents ... v

List of Tables... xi

List of Figures ... xii

List of Abbreviations... xiv


1.1 Background ... 1

1.2 Forensic Research Challenges in Mobile Cloud Applications ... 2

1.2.1 Research Constraints in The Mobile Cloud Forensics………..…………...3

1.3 Importance Of Examination and Analysis (EA) in Mobile Cloud Forensics ... 4

1.4 Problem Statement ... 5

1.5 Research Questions ... 6

1.6 Research Objectives ... 7

1.7 Scope of the Work ... 7

1.8 Significance of the Work ... 8

1.9 Thesis Organization ... 9


2.1 Mobile Computing ... 11

2.1.1 Mobile Device Forensics…...……….………12

2.1.2 Phases of Mobile Device Forensics……….………….……….13

2.1.3 Countermeasures for Mobile Device Forensics.………15

2.1.4 Tools for Mobile Device Forensics………....17

2.2 Cloud Computing ... 22

2.2.1 Cloud Computing Forensics………...23

2.2.2 Countermeasures for Cloud Forensics………...24

2.2.3 Tools for Cloud Forensics.……….26

2.2.4 Cloud Forensics Investigation Models and Frameworks.………..29

2.3 Mobile Cloud Computing ... 33



2.3.1 Growth Potential of CMAs...……….34

2.3.2 Mobile Cloud Forensics……….35

2.3.3 Phases of Mobile Cloud Forensics.………37

2.4 Challenges of Mobile Cloud Forensics ... 41

2.4.1 Examination and Analysis Tools and Techniques for Mobile Cloud Forensics………...………..47 Forensic Examination and Analysis Tools and Techniques for Mobile Devices………...………49 Forensic Examination and Analysis Tools and Techniques for Cloud………...…51 Forensic Examination and Analysis Tools and Techniques for Mobile Cloud………..………52

2.5 Data Mining Based Forensic Analysis Approaches ... 56

2.5.1 Machine Learning-Based Forensic Techniques……….59

2.5.2 Deep Learning-Based Forensic Techniques………...61

2.5.3 Statistics and Heuristics-Based Forensic Techniques.………...63

2.6 Research Gaps in the Investigation Of CMA ... 65

2.6.1 Research Gaps in the Examination And Analysis Tools and Techniques of Mobile Cloud Forensics.………..67

2.7 Summary ... 71


3.1 Forensic Data Collection and Filtering ... 72

3.2 Mobile Forensic Artifacts Collection ... 73

3.2.1 Cloud Forensic Artifacts Collection ………...74

3.2.2 Evidence Filtering………..77

3.3 An Outline of the Integrated EA Forensic Model ... 78

3.4 Summary ... 82


4.1 An Integrated EA Model For MCI ... 83

4.2 Case Study Outline ... 86

4.3 Experimental Setup ... 90

4.3.1 Evaluation of FED……….……….90

4.3.2 Evaluation of FEDO…….………..91



4.3.3 Performance Metrics………..92

4.4 Summary ... 93


5.1 Introduction ... 94

5.2 System Model ... 95

5.3 An Overview of the FED ... 97

5.4 The Proposed FED ... 103

5.4.1 Timeline Analysis………106

5.4.2 Hash Filtering………...107

5.4.3 Data Carving………112

5.4.4 Data Transformation………120

5.5 Construction of Synthetic Dataset For FED... 127

5.6 Experimental Evaluation ... 130

5.6.1 Experimental Results………131 Inter-Linked Evidence Ratio Vs. Precision………...132 Inter-Linked Evidence Ratio Vs. Recall………133

5.7 Summary ... 135


6.1 Introduction ... 136

6.2 An Overview Of FEDO ... 137

6.3 The Proposed FEDO ... 140

6.3.1 Evidence Indexing ………...143

6.3.2 Cross-Referencing And Keyword Searching………...145

6.4 PSO Algorithm in the FEDO ... 154

6.5 Analysis for Experimental Evaluation ... 156

6.6 Construction of Synthetic Dataset for FEDO... 160

6.7 Experimental Evaluation ... 164

6.7.1 Experimental Results………165 Evidence Traces Vs. Precision………..165 Evidence Traces Vs. Recall………...166 Evidence Traces Vs. Tracing Rate………167



6.8 Summary ... 168


7.1 Revisiting Research Objectives ... 169

7.2 Research Contributions ... 171

7.3 Limitations ... 172

7.4 Future Directions ... 173

References ... 174



List of Tables

Table 2.1: Comparison of Several Mobile Forensic Tools………...………...21

Table 2.2: Review of Various Forensic Investigation Model and Frameworks…....31

Table 2.3: Comparison of Conventional Forensic Approaches in Mobile, Cloud, and MC Environment……...……….……..….68

Table 5.1: Sample Features in the Acquired Forensic Logs………...128

Table 6.1: Details of Mobile Evidential Artifacs……….161

Table 6.2: Details of Cloud Evidential Artifacts………...……..163



List of Figures

Figure 2.1: MCC Architecture………...23

Figure 2.2: Forensic Investigation Process………...39

Figure 3.1: Forensic Analysis Cloud-based Mobile Applications...………..76

Figure 3.2: Research Design of Proposed EA Forensic………...…………..79

Figure 3.3: The Research Process of the Integrated EA Forensic Model…………..80

Figure 4.1: Integrated MC Forensic EA Model…….………85

Figure 5.1: Enhanced Forensic EA Model for MCI………….………...99

Figure 5.2: Architecture of the FED……….. ……….102

Figure 5.3: The Sub-Phases in the FED...………103

Figure 5.4: The FED Methodology………..……..………...105

Figure 5.5: Hash Filtering Process in the FED………… ………...108

Figure 5.6: Data Carving Process in the FED.………...113

Figure 5.7: Comprehensive Data Carving Process in the FED………...119

Figure 5.8: Data Transformation Process in the FED ………..………...121

Figure 5.9: LSTM-based Evidence Cloud Integration in the FED…...124

Figure 5.10: Inter-Linked Evidence Ratio Vs. Precision...……...………..…...133

Figure 5.11: Inter-Linked Evidence Ratio Vs. Recall……….…..………...134

Figure 6.1: The Sub-Phases in the FEDO………..……...139

Figure 6.2: Architecture of the FEDO………...…………..141

Figure 6.3: The FEDO Methodology……….…………...142

Figure 6.4: Evidence Indexing Process in FEDO……..……….………144

Figure 6.5: Cross-referencing and Keyword Searching Process in the FEDO..…..146

Figure 6.6: Process Flow of the Search Optimization in FEDO……….150

Figure 6.7: PSO Search Optimization Steps Involved in the FEDO……...151

Figure 6.8: Flow Diagram of PSO in FEDO………..…...155

Figure 6.9: An Illustration of CMA Model……….…...………158

Figure 6.10 An Illustration of Evidential Artifacts for MCI………...……...159

Figure 6.11: Evidence Traces vs. Precision ……….…………...166

Figure 6.12: Evidence Traces vs. Recall ………..………167

Figure 6.13: Evidence Traces vs. Tracing Rate ………...168



List of Abbreviations

ACO Ant Colony Optimization ADT Android Development Tool

API Application Programming Interface ASEF Android Security Evaluation Framework

AWS Amazon Web Service

CAGR Compound Annual Growth Rate

CDI Cloud Data Imager

CDMA Code-Division Multiple Access CES Cloud Elasticity Service

CMA Cloud-based Mobile Applications

CMF Copy-Move Forgery

CMFD-PSO CMF Detection model using Particle Swarm Optimization CNNIC China Internet Network Information Centre

CPS Cyber Physical System

CS Correlation or Cross-referencing Score

CSV Comma Separated Value

DDoS Distributed Denial-of-Service DEM Device Elasticity Manager

DFIAC Digital Forensic Intelligence Analysis Cycle

DLCF Deep Learning Cognitive Computing for the Cyber Forensics

DoS Denial-of-Service

EIDIP Enhanced Integrated Digital Investigation Process EA Examination and Analysis

EM Expectation Maximization



EMSVM Enhanced Multiclass Support Vector Machine F2S2 Fast Forensic Similarity Search

FCMP Fuzzy C-Means clustering using Particle swarm optimization

FE Forensic Evidence

FED Forensic EA Methodology using the Data Mining

FEDO Forensic EA Methodology using the Data Mining and Optimization FEDO-PSO Forensic EA Methodology using the Data Mining and Optimization

with PSO

FEI-LSTM Forensic Evidence Integration using LSTM FROST Forensic Open-Stack Tool

FTK Forensic Tool Kit

FTS Forensic Testing Service

GA Genetic Algorithm

GPS Global Positioning System

GSM Global System for Mobile Communications HTTP HyperText Transfer Protocol

HTTPS HyperText Transfer Protocol with Secure Sockets Layer (SSL) IaaS Infrastructure as a Service

IDC International Data Corporation

IDFPM Integrated Digital Forensic Process Model IDS Intrusion Detection System

IEF Internet Evidence Finder ILER Inter-Linked Evidence Ratio

IMEI International Mobile Equipment Identity IMSI International Mobile Subscriber Identity IoT Internet-of-Things



IP Internet Protocol

ISP Internet Service Provider

IT Information Technology

JDK Java Development Kit LCD Liquid Crystal Display LDW Linearly Decreasing Weight

LSTM Long Short-Term Memory

MAC Media Access Control

MC Mobile Cloud

MCC Mobile Cloud Computing

MCI Mobile Cloud Investigation MFP Mobile Forensic Platform

MFT Master File Table

MILP Mixed Integer Linear Programming

mVoIP mobile VoIP

NB Naïve Bayes

NFC Near Field Communication

OS Operating System

PaaS Platform as a Service

PC Personal Computer

PCA Principal Component Analysis PDA Personal Digital Assistant

PROOFS Proactive Object Fingerprinting and Storage PSO Particle Swarm Optimization

RAM Random Access Memory

RNN Recurrent Neural Network



ROM Read Only Memory

SAAF Static Android Analysis Framework SaaS Software as a Service

SD Card Secure Digital Card

SDK Software Development Kit

SIFT Scale Invariant Features Transform SIM Subscriber Identity Module

SMS Short Messaging Service SQL Structured Query Language

SRDFIM Systematic Digital Forensics Investigation Model

SSH Secure SHell

STaaS STorage as a Service

TDMA Time-Division Multiple Access UFED Universal Forensic Extraction Device UICC Universal Integrated Circuit Card URL Uniform Resource Locator USB Universal Serial Bus

VAIE Visualize Association Inside Emails VNC Virtual Network Computing

VoIP Voice over Internet Protocol WAP Wireless Application Protocol

WEKA Waikato Environment for Knowledge Analysis YAFFS Yet Another Flash File System




1.1 Background

In recent years, the utilization of smartphones and cloud computing technology (Rimal et al., 2009) has witnessed unprecedented growth discussed by the researchers (Qi, &

Gani, 2012; Faheem et al., 2016a). With the rapid adoption of mobile devices, including smartphones, stated by Silver (2019), business organizations accelerate mobile application development to enhance their service portfolios and provide services anywhere that improve revenue and customer reachability, as discussed by Behani (2019). For instance, Chuck (2019) has provided statistics showing that 34%

of the customers buy additional products, 33% utilize mobile applications for frequent purchases, and 37% spend more after the customers are introduced to the Smartphone apps. With the emergence of the application categories in the smartphone, the adoption of smartphones is also increased among the end-users to perform smarter activities in their real-life widely. For instance, Blair (2020) discussed mobile application download and usage statistics based on the penetration rate of the application category.

Among the Android users, the success rate of the application categories is provided by Blair (2020), involving communication applications 99%, video players and editing applications 96%, travel and local 95%, and social media applications 95%. According to these statistics, individual access to mobile applications and business organizations has gained increased attention and benefits, necessitating the adoption of cloud resources and Mobile Cloud Computing (MCC) technology. As described by the authors (Fernando et al., 2013; Dinh et al., 2013; Noor et al., 2018), MCC technology provides unlimited remote resources to the mobile device particularly, smartphones


172 7.3 Limitations

This research work paves the way for the forensic investigator to conduct the forensic investigation for the CMA towards the potential research directions. Despite this, the forensic methodologies confront several shortcomings, which are discussed as follows.

 Extracting all the information related to the criminal activities from the smartphone and the third-party application is a critical task due to the ability to extract only limited data by the existing mobile forensic tool over the ever-increasing storage of the mobile device through application activities.

 Obtaining access from the cloud service provider is challenging while only acquiring the corresponding mobile application activities-relevant data from the multi-tenant and distributed cloud environment.

 The diversified behavior of malicious insiders or external intruders poses significant challenges in accurate forensic decision-making in the MCI.

 The enhanced forensic analysis methodologies lack the examination of all the relevant artifacts in the MC environment without compromising privacy and security.


173 7.4 Future Directions

In the future, this MCI research will extend as the different research solutions to further improve the investigation accuracy for the CMA.

 With the rapid increase of criminal activity in the MC environment, the forensics research is extended to consider the multi-modalities during the evidence analysis.

 The MC forensic EA phase is further developed as the adaptive forensic-decision making model in the dynamic MC environment due to the diversity in the behaviors of the malicious individuals while launching a similar crime event.

 By adopting the hybrid machine learning or deep learning model for the sequential fine-tuning of the evidence, the current research work enriches the investigation performance.

 Future forensic research focuses on investigating the cloud insiders rather than suspecting only the external users or third parties with the knowledge of the service level agreements in the cloud and the violations.




Access Data. (2008). FTK, Retrieved from website: services/forensic-toolkit-ftk, Accessed On January, 2021.

Adelstein, F. (2003). MFP: The Mobile Forensics Platform. In Proceedings of the 2002 Digital Forensics Research Workshop.

Aditya, K., Grzonkowski, S., & Lekhac, N. (2018, August). Enabling trust in deep learning models: a digital forensics case study. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE

International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 1250-1255). IEEE.

Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). Systematic digital forensic investigation model. International Journal of Computer Science and Security (IJCSS), 5(1), 118-131.

Agarwal, R., & Kothari, S. (2015). Review of digital forensic investigation frameworks.

In Information science and applications (pp. 561-571). Springer, Berlin, Heidelberg.

Agarwal, V., Tiwari, A., Gupta, R. K., & Singh, U. P. (2018). Discovering Optimal

Patterns for Forensic Pattern Warehouse. In Advanced Computing and Communication Technologies (pp. 101-108). Springer, Singapore. 4603-2_11

Ahmed, R., & Dharaskar, R. V. (2008, December). Mobile forensics: an overview, tools, future trends and challenges from law enforcement perspective. In 6th International Conference on E-Governance, ICEG, Emerging Technologies in E-Government, M- Government (pp. 312-23).

Akkaladevi, S., Keesara, H., & Luo, X. (2011). Efficient forensic tools for handheld device: a comprehensive perspective. Software Engineering Research, Management and Applications Studies in Computational Intelligence, 377, 349-359.



Al Mutawa, N., Baggili, I., & Marrington, A. (2012). Forensic analysis of social networking applications on mobile devices. Digital investigation, 9, S24-S33.

Albano, P., Castiglione, A., Cattaneo, G., & De Santis, A. (2011, October). A novel anti- forensics technique for the android os. In 2011 International Conference on

Broadband and Wireless Computing, Communication and Applications (pp. 380-385).


Alharbi, S., Weber-Jahnke, J., & Traore, I. (2011, August). The proactive and reactive digital forensics investigation process: A systematic literature review. In International Conference on Information Security and Assurance (pp. 87-100). Springer, Berlin, Heidelberg.

Ali, M., Shiaeles, S., Clarke, N., & Kontogeorgis, D. (2019). A proactive malicious

software identification approach for digital forensic examiners. Journal of Information Security and Applications, 47, 139-155. Almulla, S., Iraqi, Y., & Jones, A. (2013, March). Cloud forensics: A research perspective.

In 2013 9th International Conference on Innovations in Information Technology (IIT) (pp. 66-71). IEEE. Almulla, S., Iraqi, Y., & Jones, A. (2014). A state-of-the-art review of cloud

forensics. Journal of Digital Forensics, Security and Law, 9(4),2.

Alqahtany, S., Clarke, N., Furnell, S., & Reich, C. (2015, April). Cloud forensics: a review of challenges, solutions and open problems. In 2015 International Conference on Cloud Computing (ICCC) (pp. 1-9). IEEE.

Al-Saleh, M. I., & Forihat, Y. A. (2013). Skype forensics in android devices. International Journal of Computer Applications, 78(7).

Al-Zarouni, M. (2006). Mobile handset forensic evidence: a challenge for law enforcement.



Aminnezhad, A., Dehghantanha, A., Abdullah, M. T., & Damshenas, M. (2013). Cloud forensics issues and opportunities. International Journal of Information Processing and Management, 4(4), 76.

Arasomwan, M. A., & Adewumi, A. O. (2013). On the performance of linear decreasing inertia weight particle swarm optimization for global optimization. The Scientific World Journal, 2013.

Ayers, R., Brothers, S., & Jansen, W. (2013). Guidelines on mobile device forensics (draft). NIST Special Publication, 800, 101. Azfar, A., Choo, K. K. R., & Liu, L. (2017). Forensic taxonomy of android social

apps. Journal of forensic sciences, 62(2), 435-456. 4029.13267

Babun, L., Sikder, A. K., Acar, A., & Uluagac, A. S. (2018). Iotdots: A digital forensics framework for smart environments. arXiv preprint arXiv:1809.00745.

Bansal, J. C., Singh, P. K., Saraswat, M., Verma, A., Jadon, S. S., & Abraham, A. (2011, October). Inertia weight strategies in particle swarm optimization. In 2011 Third world congress on nature and biologically inspired computing (pp. 633-640). IEEE.

Bappy, J. H., Simons, C., Nataraj, L., Manjunath, B. S., & Roy-Chowdhury, A. K. (2019).

Hybrid lstm and encoder–decoder architecture for detection of image forgeries. IEEE Transactions on Image Processing, 28(7), 3286-3300.

Barmpatsalou, K., Damopoulos, D., Kambourakis, G., & Katos, V. (2013). A critical review of 7 years of Mobile Device Forensics. Digital Investigation, 10(4), 323- 349.

Baryamureeba, V., & Tushabe, F. (2004). The enhanced digital investigation process model. Digital Investigation.

Beebe, N. L., & Clark, J. G. (2005). A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2), 147-167.



Bertè, R., Marturana, F., Me, G., & Tacconi, S. (2012). Data mining based crime- dependent triage in digital forensics analysis. In Proceedings of 2012 International Conference on Affective Computing and Intelligent Interaction.

Bhadsavle, N., & Wang, J. A. (2009). Validating tools for cell phone forensics.

In American Society for Engineering Education (ASEE) Southeastern Section Conference.

Birk, D., & Wegener, C. (2011, May). Technical issues of forensic investigations in cloud computing environments. In 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering (pp. 1-10). IEEE.

Blair, I. Mobile App Download and Usage Statistics (2020), Retrieved from website:, Accessed on October, 2020

Brunty, J. (2016). Mobile device forensics: threats, challenges, and future trends. In digital forensics (pp. 69-84). Syngress. Bulbul, H. I., Yavuzcan, H. G., & Ozel, M. (2013). Digital forensics: an analytical crime

scene procedure model (ACSPM). Forensic Science International, 233(1-3), 244-256.

Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), 599-616.

Cahyani, N. D. W., Ab Rahman, N. H., Glisson, W. B., & Choo, K. K. R. (2017). The role of mobile forensics in terrorism investigations involving the use of cloud storage service and communication apps. Mobile Networks and Applications, 22(2), 240- 254.



Carpene, C. (2011). Looking to iPhone backup files for evidence extraction. Proceedings of the 9th Australian Digital Forensics Conference, (December), 16-32.

Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press.

Cellebrite. (2007). Cellebrite UFED, Retrieved from website:, Accessed On January, 2021.

Chelihi, M. A., Elutilo, A., Ahmed, I., Papadopoulos, C., & Dehghantanha, A. (2017). An android cloud storage apps forensic taxonomy. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications (pp. 285-305). Syngress.

Chen, L., Xu, L., Yuan, X., & Shashidhar, N. (2015, February). Digital forensics in social networks and the cloud: Process, approaches, methods, tools, and challenges. In 2015 International Conference on Computing, Networking and Communications

(ICNC) (pp. 1132-1136). IEEE.

Chuck, M. (2019) 7 Reasons Why Companies with Apps Earn More Revenue According to Studies, Retrieved from website: apps/7-reasons-why-companies-with-apps-earn-more-revenue-according-to-studies- 02242228, Accessed on July, 2020

Chung, H., Park, J., Lee, S., & Kang, C. (2012). Digital Forensic Investigation of Cloud Storage Services. Digital Investigation, 9(2), 81-95.

Clark, P. (2011). Digital Forensics Tool Testing-Image Metadata in the cloud (Master's thesis). Retrieved from:


Cohen, M. I. (2008). PyFlag–An advanced network forensic framework. Digital Investigation, 5, S112-S120.



Dagher, G. G., & Fung, B. C. (2013). Subject-based semantic document clustering for digital forensic investigations. Data & Knowledge Engineering, 86, 224-241.

Damopoulos, D., Kambourakis, G., Gritzalis, S., & Park, S. O. (2014). Exposing mobile malware from the inside (or what is your mobile app really doing?). Peer-to-Peer Networking and Applications, 7(4), 687-697. 0179-x

Damshenas, M., Dehghantanha, A., Mahmoud, R., & bin Shamsuddin, S. (2012, June).

Forensics investigation challenges in cloud computing environments. In Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (pp. 190-194). IEEE.

Danker, S., Ayers, R., & Mislan, R. P. (2009). Hashing Techniques for Mobile Device Forensics. Stress, 6(4f16334e774b5c), 77bebd7fb998797dd.

Dargahi, T., Dehghantanha, A., & Conti, M. (2017a). Forensics analysis of Android mobile VoIP apps. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications (pp. 7-20). Syngress. 2

Dargahi, T., Dehghantanha, A., & Conti, M. (2017b). Investigating Storage as a Service Cloud Platform: pCloud as a Case Study. In Contemporary Digital Forensic

Investigations of Cloud and Mobile Applications (pp. 185-204).


Daryabar, F., Dehghantanha, A., Eterovic-Soric, B., & Choo, K. K. R. (2016a). Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices. Australian Journal of Forensic Sciences, 48(6), 615-642.

Daryabar, F., Dehghantanha, A., Udzir, N. I., bin Shamsuddin, S., & Norouzizadeh, F.

(2013). A survey about impacts of cloud computing on digital forensics. International Journal of Cyber-Security and Digital Forensics, 2(2), 77-95.



Daryabar, F., Tadayon, M. H., Parsi, A., & Sadjadi, H. (2016, September). Automated analysis method for forensic investigation of cloud applications on Android. In 2016 8th International Symposium on Telecommunications (IST) (pp. 145-150). IEEE.

Dezfouli, F. N., Dehghantanha, A., Mahmoud, R., Sani, N. F. B. M., & bin Shamsuddin, S.

(2012, June). Volatile memory acquisition using backup for forensic investigation. In Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (pp. 186-189). IEEE.

DIGAMBAR, P. (2015). A novel digital forensic framework for cloud computing environment (Doctoral dissertation). Retrieved from

Ding, X., & Zou, H. (2011, March). Time based data forensic and cross-reference analysis.

In Proceedings of the 2011 ACM Symposium on Applied Computing (pp. 185-190).

Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of Mobile Cloud

Computing: architecture, applications, and approaches. Wireless Communications and Mobile Computing, 13(18), 1587-1611.

Do, Q., Martini, B., & Choo, K. K. R. (2015). A cloud-focused mobile forensics

methodology. IEEE Cloud Computing, 2(4), 60-65. Du, X., & Scanlon, M. (2019, August). Methodology for the automated metadata-based

classification of incriminating digital forensic artefacts. In Proceedings of the 14th International Conference on Availability, Reliability and Security (pp. 1-8).

Du, X., Le-Khac, N. A., & Scanlon, M. (2017). Evaluation of digital forensic process models with respect to digital forensics as a service. European Conference on Information Warfare and Security, ECCWS, 573-581.



Dykstra, J. (2015). Seizing electronic evidence from cloud computing environments. In Cloud Technology: Concepts, Methodologies, Tools, and Applications (pp. 2033- 2062). IGI Global.

Dykstra, J., & Sherman, A. T. (2011). Understanding issues in cloud forensics: two

hypothetical case studies. Proceeding of the Conference on Digital Forensics, Security and Law, (pp. 45-54).

Dykstra, J., & Sherman, A. T. (2012). Acquiring forensic evidence from infrastructure-as- a-service cloud computing: Exploring and evaluating tools, trust, and techniques.

Digital Investigation, 9, S90-S98. Dykstra, J., & Sherman, A. T. (2013). Design and implementation of FROST: Digital

forensic tools for the OpenStack cloud computing platform. Digital Investigation, 10, S87-S95.

Elbes, M., Alzubi, S., Kanan, T., Al-Fuqaha, A., & Hawashin, B. (2019). A survey on particle swarm optimization with emphasis on engineering and network

applications. Evolutionary Intelligence, 1-17. 00210-z

Elias Chachak, The Cyber Research DataBank, (2021). Cybercrime is moving towards smartphones –this is what you could to protect your company. Available Online at: do-to-protect-your-company/, Accessed On, January 2022.

Enterprise Engineering Solutions, (2021). Mobile Cloud Computing: What, How, and Why?. Available Online at:, Accessed On, January 2022.

Exterro. (2020). AccessData Forensic Tool, Retrieved from website:, Accessed On August, 2020.



Faheem, M., Kechadi, T., & Le Khac, A. (2016b). A Unified Forensic Framework for Data Identification and Collection in Mobile Cloud Social Network Applications.

International Journal Of Advanced Computer Science and Applications, 7(1), 21- 29.

Faheem, M., Kechadi, T., & Le Khac, N. A. (2014). An Overview of Cloud Base Application Forensics Tools for Mobile Devices.International Journal of Applied Information Systems (IJAIS), 7(10), 7-10. 14-451232 Faheem, M., Kechadi, T., & Le-Khac, N. A. (2015). The state of the art forensic

techniques in Mobile Cloud environment: A survey, challenges and current trends.

International Journal of Digital Crime and Forensics (IJDCF), 7(2), 1-19.

Faheem, M., Le-Khac, N. A., & Kechadi, T. (2016a, August). Toward a new Mobile Cloud forensic framework. In 2016 Sixth International Conference on Innovative Computing Technology (INTECH) (pp. 736-742). IEEE.

Federal Rules of Evidence. (2019). Rule 401. Test for Relevant Evidence | Federal Rules of Evidence | US Law | LII / Legal Information Institute, Retrieved from website:, Accessed on November, 2019 Federici, C. (2014). Cloud Data Imager: A unified answer to remote acquisition of cloud

storage areas. Digital Investigation, 11(1), 30-42.

Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile Cloud Computing: A survey.

Future Generation Computer Systems, 29(1), 84-106.

Forensic Science Service. (2012). CellDek TEK Forensic Tool, Retrieved from website: d=, Accessed On August, 2020.



Forensic Telecommunication Services. (2009). Hex Raptor Forensic Tool, Retrieved from website:, Accessed On August, 2020.

Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., ...& Stoica, I. (2009).

Above the clouds: A berkeley view of cloud computing. Department of Electrical Engineering and Computer Sciences, University of California, Berkeley, Rep.

UCB/EECS, 28(13), 2009.

Freet, D., Agrawal, R., John, S., & Walker, J. J. (2015, October). Cloud forensics

challenges from a service model standpoint: IaaS, PaaS and SaaS. In Proceedings of the 7th International Conference on Management of Computational and Collective intElligence in Digital EcoSystems (pp. 148-155).

Gao, F., & Zhang, Y. (2013, April). Analysis of WeChat on iPhone. In 2nd international symposium on computer, communication, control and automation. Atlantis Press.

Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7, S64-S73.

Gomez-Torres, E., Moscoso-Zea, O., Herrera, N. H., & Lujan-Mora, S. (2018, January).

Towards a forensic analysis of mobile devices using android. In International Conference on Information Theoretic Security (pp. 30-39). Springer, Cham.

Greff, K., Srivastava, R. K., Koutník, J., Steunebrink, B. R., & Schmidhuber, J. (2016).

LSTM: A search space odyssey. IEEE transactions on neural networks and learning systems, 28(10), 2222-2232.

Grispos, G., Glisson, W. B., & Storer, T. (2013, January). Using smartphones as a proxy for forensic evidence contained in cloud storage services. In2013 46th Hawaii International Conference on System Sciences (pp. 4910-4919).




Grispos, G., Glisson, W. B., & Storer, T. (2015). Recovering residual forensic data from smartphone interactions with cloud storage providers. In The Cloud Security

Ecosystem: Technical, Legal, Business and Management.

Grispos, G., Storer, T., & Glisson, W. B. (2013). Calm before the storm: the challenges of cloud. Emerging digital forensics applications for crime detection, prevention, and security, 4(1), 28-48.

Grover, J. (2013). Android forensics: Automated data collection and reporting from a mobile device. Digital Investigation, 10, S12-S20.

Grover, R. (2019). Deep Learning - Overview, Practical Examples, Popular Algorithms, Retrieved from website: overview-practical-examples-popular-algorithms, Accessed on August, 2020.

Guido, M., Ondricek, J., Grover, J., Wilburn, D., Nguyen, T., & Hunt, A. (2013).

Automated identification of installed malicious Android applications. Digital Investigation, 10, S96-S104. Guo, H., Jin, B., & Shang, T. (2012, August). Forensic investigations in cloud

environments. In 2012 International Conference on Computer Science and Information Processing (CSIP) (pp. 248-251). IEEE.

Gupta, J. N., Kalaimannan, E., &Yoo, S. M. (2016). A heuristic for maximizing investigation effectiveness of digital forensic cases involving multiple investigators. Computers and Operations Research, 69,19.

Hale, J. S. (2013). Amazon cloud drive forensic analysis. Digital Investigation, 10(3), 259- 265.



Hegarty, R., Merabti, M., Shi, Q., & Askwith, B. (2011, June). Forensic analysis of distributed service oriented computing platforms. In 12th Annual PostGraduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting.

Hitchcock, B., Le-Khac, N. A., & Scanlon, M. (2016). Tiered forensic methodology model for digital field triage by non-digital evidence specialists. Digital Investigation, 16, S75-S85.

Hoon, K. S., Yeo, K. C., Azam, S., Shunmugam, B., & De Boer, F. (2018, January).

Critical review of machine learning approaches to apply big data analytics in DDoS forensics. In 2018 International Conference on Computer Communication and Informatics (ICCCI) (pp. 1-5). IEEE. Hooper, C., Martini, B., & Choo, K. K. R. (2013). Cloud computing and its implications

for cybercrime investigations in Australia. Computer Law & Security Review, 29(2), 152-163.

Immanuel, F., Martini, B., & Choo, K. K. R. (2015, August). Android cache taxonomy and forensic process. In2015 IEEE Trustcom/BigDataSE/ISPA (Vol. 1, pp. 1094-1101).


Information Gain Ltd, (2012). Why split data in the ratio 70:30?. Available Online at:, Accessed On, January 2022.

Iqbal, S., & Alharbi, S. A. (2019). Advancing Automation in Digital Forensic Investigations Using Machine Learning Forensics. In Digital Forensic Science.


Jang, Y. J., & Kwak, J. (2015). Digital forensics investigation methodology applicable for social network services. Multimedia Tools and Applications, 74(14), 5029-5040.



Jansen, W., Delaitre, A., & Moenner, L. (2008, January). Overcoming impediments to cell phone forensics. In Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008) (pp. 483-483). IEEE.

Jung, Y. G., Kang, M. S., & Heo, J. (2014). Clustering performance comparison using K- means and expectation maximization algorithms. Biotechnology & Biotechnological Equipment, 28(sup1), S44-S48.

Karamitsos, I., Afzulpurkar, A., & Trafalis, T. B. (2020). Malware Detection for Forensic Memory Using Deep Recurrent Neural Networks. Journal of Information

Security, 11(2), 103-120.

Karie, N. M., Kebande, V. R., & Venter, H. S. (2019). Diverging deep learning cognitive computing techniques into cyber forensics. Forensic Science International: Synergy, 1, 61-67.

Kaur, R., & Kaur, A. (2012). Digital forensics. International Journal of Computer Applications, 50(5).

Khan, S., Ahmad, E., Shiraz, M., Gani, A., Wahab, A. W. A., & Bagiwa, M. A. (2014a).

Forensic challenges in Mobile Cloud Computing. IEEE International Conference on Computer, Communications, and Control Technology (I4CT). 343-347.

Khan, S., Shiraz, M., Abdul Wahab, A. W., Gani, A., Han, Q., & Bin Abdul Rahman, Z.

(2014b). A comprehensive review on adaptability of network forensics frameworks for Mobile Cloud Computing. The Scientific World Journal.

Khobragade, P. K., & Malik, L. G. (2014, April). Data generation and analysis for digital forensic application using data mining. In 2014 Fourth International Conference on Communication Systems and Network Technologies (pp. 458-462). IEEE.



Kohn, M. D., Eloff, M. M., & Eloff, J. H. (2013). Integrated digital forensic process model.

Computers and Security, 38, 103-115. Koroniotis, N., & Moustafa, N. (2020). Enhancing network forensics with particle swarm

and deep learning: The particle deep


Kushida, K. E., Murray, J., & Zysman, J. (2015). Cloud computing: From scarcity to abundance. Journal of Industry, Competition and Trade, 15(1), 5-19.

Silver L, Pew Research Center, (2019). Smartphone Ownership Is Growing Rapidly Around the World, but Not Always Equally. Available Online at: rapidly-around-the-world-but-not-always-equally/, Accessed On, January 2022.

Lee, J., & Hong, D. (2011, November). Pervasive forensic analysis based on Mobile Cloud Computing. In 2011 Third international conference on multimedia information

networking and security (pp. 572-576). IEEE. Lessard, J., & Kessler, G. (2010). Android Forensics: Simplifying Cell Phone


Levinson, A., Stackpole, B., & Johnson, D. (2011, January). Third party application forensics on apple mobile devices. In 2011 44th Hawaii International Conference on System Sciences (pp. 1-9). IEEE.

Liu, C., Singhal, A., & Wijesekera, D. (2017, January). Identifying evidence for cloud forensic analysis. In IFIP International Conference on Digital Forensics (pp. 111-130).

Springer, Cham.

Magneto IT Solutions, (2019). A Smarter Mobile App can Increase Sales & Productivity of Business. Available Online at: app-can-increase-sales-productivity-of-business, Accessed On, January 2022.

Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing—The business perspective. Decision support systems, 51(1), 176-189.



Martini, B., & Choo, K. K. R. (2012). An integrated conceptual digital forensic framework for cloud computing. Digital Investigation, 9(2), 71-80.

Martini, B., & Choo, K. K. R. (2013). Cloud storage forensics: ownCloud as a case study.

Digital Investigation, 10(4), 287-299. Martini, B., & Choo, K. K. R. (2014). Cloud forensic technical challenges and solutions:

A snapshot. IEEE Cloud Computing, 1(4), 20-25. Martini, B., Do, Q., & Choo, K. K. R. (2015). Conceptual evidence collection and analysis

methodology for Android devices. arXiv preprint arXiv:1506.05527.

Martini, B., Do, Q., & Choo, K. K. R. (2015). Mobile Cloud forensics: An analysis of seven popular Android apps. arXiv preprint arXiv:1506.05533.

Marturana, F., & Tacconi, S. (2013). A Machine Learning-based Triage methodology for automated categorization of digital media. Digital Investigation, 10(2), 193-204.

Marty, R. (2011, March). Cloud application logging for forensics. In proceedings of the 2011 ACM Symposium on Applied Computing (pp. 178-


Mayer, O., Bayar, B., &Stamm, M. C. (2018, June). Learning unified deep-features for multiple forensic tasks. In Proceedings of the 6th ACM workshop on information hiding and multimedia security (pp. 79-84). Meliana, N., & Fadlil, A. (2019, November). Identification of Cyber Bullying by using

Clustering Methods on Social Media Twitter. In Journal of Physics: Conference Series (Vol. 1373, No. 1, p. 012040). IOP Publishing.



Meng, F., Wu, S., Yang, J., & Yu, G. (2009, November). Research of an e-mail forensic and analysis system based on visualization. In 2009 Asia-Pacific Conference on Computational Intelligence and Industrial Applications (PACIIA) (Vol. 1, pp. 281- 284). IEEE.

Micro Systemation. (2017). XRY, Retrieved from website:, Accessed On January, 2021.

Miranda Lopez, E., Moon, S. Y., & Park, J. H. (2016). Scenario-based digital forensics challenges in cloud computing. Symmetry, 8(10), 107. doi:10.3390/sym8100107 Mishra, A. K., Matta, P., Pilli, E. S., & Joshi, R. C. (2012, December). Cloud forensics:

state-of-the-art and research challenges. In 2012 International Symposium on Cloud and Services Computing (pp. 164-170). IEEE. Mobile Cloud Market, Retrieved from website: reports/global-mobile-cloud-market-industry, Accessed on December, 2017.

Mohammad, R. M. (2018, October). A neural network based digital forensics

classification. In 2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA) (pp. 1-7). IEEE.

Mohammad, R. M. A. (2019). An Enhanced Multiclass Support Vector Machine Model and its Application to Classifying File Systems Affected by a Digital Crime. Journal of King Saud University-Computer and Information Sciences.

Mohammad, R. M. A., & Alqahtani, M. (2019). A comparison of machine learning techniques for file system forensics analysis. Journal of Information Security and Applications, 46, 53-61.

Mohammed, H., Clarke, N., & Li, F. (2016). An Automated Approach for Digital Forensic Analysis of Heterogeneous Big Data. Journal of Digital Forensic, Security and Law, Volume 11.



Mohtasebi, S., Dehghantanha, A., & Choo, K. K. (2017). Cloud storage forensics: analysis of data remnants on SpiderOak, JustCloud, and pCloud. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications (pp. 205-246). Syngress.

Mollah, M. B., Azad, M. A. K., & Vasilakos, A. (2017). Security and privacy challenges in Mobile Cloud Computing: Survey and way ahead. Journal of Network and Computer Applications, 84, 38-54.

Murphy, C. (2009). The fraternal clone method for CDMA cell phones. Small Scale Digital Device Forensics Journal, 3(1), 1-8.

Mushtaque, K., Ahsan, K., & Umer, A. (2015). Digital forensic investigation models: an evolution study. JISTEM-Journal of Information Systems and Technology

Management, 12(2), 233-243. Mylonas, A., Meletiadis, V., Tsoumas, B., Mitrou, L., & Gritzalis, D. (2012, June).

Smartphone forensics: A proactive investigation scheme for evidence acquisition. In IFIP International Information Security Conference (pp. 249-260). Springer, Berlin, Heidelberg.

Nitesh Behani, (2018). 10 Things You Must Consider While Developing User-Centered Mobile Apps. Available Online at: mobile-apps-things-consider-developing.

Neha Kapoor, (2020). Smartphones Are Becoming Prime Targets for Cybercriminals – Here’s What You Need to Know. Available Online at:, Accessed On, January 2022.

Noor, T. H., Zeadally, S., Alfazi, A., & Sheng, Q. Z. (2018). Mobile Cloud Computing:

Challenges and future research directions. Journal of Network and Computer Applications, 115, 70-85.



Norouzizadeh Dezfouli, F., Dehghantanha, A., Eterovic-Soric, B., & Choo, K. K. R.

(2016). Investigating Social Networking Applications on Smartphones Detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms.

Australian journal of forensic sciences, 48(4), 469-488.

Oestreicher, K. (2014). A forensically robust method for acquisition of iCloud data. Digital Investigation, 11, S106-S113.

Ogazi-Onyemaechi, B. C., Dehghantanha, A., & Choo, K. K. (2017). Performance of android forensics data recovery tools. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications (pp. 91-110).

Syngress. OpenText. (1998). Encase Forensic Tool. Retrieved from website:, Accessed On August, 2020.

Openwall. (2015). Portable PHP password hashing framework, Retrieved from website:, Accessed on Feb, 2015

Orozco, A. L. S., González, D. M. A., Villalba, L. J. G., & Hernández-Castro, J. (2015).

Analysis of errors in exif metadata on mobile devices. Multimedia Tools and Applications, 74(13), 4735-4763.

Othman, M., Madani, S. A., & Khan, S. U. (2013). A survey of Mobile Cloud Computing application models. IEEE communications surveys & tutorials, 16(1), 393-413.

Pearson, S., & Watson, R. (2010). Digital triage forensics: processing the digital crime scene. Syngress.

Perumal, S. (2009). Digital forensic model based on Malaysian investigation process.

International Journal of Computer Science and Network Security, 9(8), 38-44.



Perumal, S., Norwawi, N. M., & Raman, V. (2015, October). Internet of Things (IoT) digital forensic investigation model: Top-down forensic approach methodology. In 2015 Fifth International Conference on Digital Information Processing and Communications (ICDIPC) (pp. 19-23). IEEE.

Pichan, A., Lazarescu, M., & Soh, S. T. (2015). Cloud forensics: Technical challenges, solutions and comparative analysis. Digital Investigation, 13, 38-57.

Povar, D., & Geethakumari, G. (2014, September). A heuristic model for performing digital forensics in cloud computing environment. In International Symposium on Security in Computing and Communication (pp. 341-352). Springer, Berlin, Heidelberg.

Qi, H., & Gani, A. (2012, May). Research on mobile cloud computing: Review, trend and perspectives. In 2012 second international conference on digital information and communication technology and it's applications (DICTAP) (pp. 195-202). IEEE.

Quick, D., & Alzaabi, M. (2011). Forensic analysis of the android file system yaffs2.

Quick, D., & Choo, K. (2014b). Impacts of increasing volume of digital forensic data: A survey and future research challenges. Digital Investigation, 11(4), 273-294.

Quick, D., & Choo, K. K. R. (2013a). Dropbox analysis: Data remnants on user machines.

Digital Investigation, 10(1), 3-18.

Quick, D., & Choo, K. K. R. (2013b). Digital droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems, 29(6), 1378-1394.

Quick, D., & Choo, K. K. R. (2013c). Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata?.Digital Investigation, 10(3), 266-277.



Quick, D., & Choo, K. K. R. (2014a). Data reduction and data mining framework for digital forensic evidence: storage, intelligence, review and archive. Trends and issues in crime and criminal justice, 480, 1-11.

Quick, D., & Choo, K. K. R. (2017). Pervasive social networking forensics: intelligence and evidence from mobile device extracts. Journal of Network and Computer Applications, 86, 24-33.

Raburu, G., Omollo, R., & Okumu, D. O. (2018). Applying data mining principles in the extraction of digital evidence.

RADIOTACTICS. (2018). Athena Forensic Tool, Retrieved from website: https://radio-, Accessed On August, 2020.

Raghav, S., & Saxena, A. K. (2009, November). Mobile forensics: Guidelines and challenges in data preservation and acquisition. In 2009 IEEE Student Conference on Research and Development (SCOReD) (pp. 5-8). IEEE.

Rahimi, M. R., Ren, J., Liu, C. H., Vasilakos, A. V., & Venkatasubramanian, N. (2014).

Mobile Cloud Computing: A survey, state of art and future directions. Mobile

Networks and Applications, 19(2), 133-143. Ramadhan, B., Purwanto, Y., & Ruriawan, M. F. (2020, October). Forensic Malware

Identification Using Naive Bayes Method. In 2020 International Conference on Information Technology Systems and Innovation (ICITSI) (pp. 1-7). IEEE.

Rao, V. V., & Chakravarthy, A. S. N. (2016, December). Forensic Analysis of android mobile devices. In 2016 International Conference on Recent Advances and

Innovations in Engineering (ICRAIE) (pp. 1-6). IEEE.

Reese, G. (2010). Cloud Forensics Using Ebs Boot Volumes. Retrieved from website:

www. Oreilly. com.



Reilly, D., Wren, C., & Berry, T. (2011). Cloud computing: Pros and cons for computer forensic investigations. International Journal Multimedia and Image Processing (IJMIP), 1(1), 26-34. Rimal, B. P., Choi, E., & Lumb, I. (2009, August). A taxonomy and survey of cloud

computing systems. In 2009 Fifth International Joint Conference on INC, IMS and IDC (pp. 44-51). IEEE.

Roussev, V., & McCulley, S. (2016). Forensic analysis of cloud-native artifacts. Digital Investigation, 16, S104-S113.

Ruan, K., & Carthy, J. (2012, October). Cloud forensic maturity model. In International Conference on Digital Forensics and Cyber Crime (pp. 22-41). Springer, Berlin, Heidelberg.

Ruan, K., Carthy, J., Kechadi, T., & Baggili, I. (2013). Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digital Investigation, 10(1), 34-43.

Ruan, K., Carthy, J., Kechadi, T., & Crosbie, M. (2011, January). Cloud forensics. In IFIP International Conference on Digital Forensics (pp. 35-46). Springer, Berlin,


Rübsamen, T., Reich, C., Taherimonfared, A., Wlodarczyk, T., & Rong, C. (2013, June).

Evidence for accountable cloud computing services. In Pre-Proceedings of International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (p. 1).

Said, H., Yousif, A., & Humaid, H. (2011, October). IPhone forensics techniques and crime investigation. In The 2011 International Conference and Workshop on Current Trends in Information Technology (CTIT 11) (pp. 120-125). IEEE.

Saleem, S., Popov, O., & Baggili, I. (2016). A method and a case study for the selection of the best available tool for mobile device forensics using decision analysis. Digital Investigation, 16, S55-S64.



Samet, N., Letaifa, A. B., Hamdi, M., & Tabbane, S. (2014, June). Forensic investigation in Mobile Cloud environment. In The 2014 International Symposium on Networks, Computers and Communications (pp. 1-5). IEEE.

Satyanarayanan, M. (2010, June). Mobile computing: the next decade. In Proceedings of the 1st ACM workshop on Mobile Cloud Computing and services: social networks and beyond (pp. 1-6).

Scrivens, N., & Lin, X. (2017, May). Android digital forensics: data, extraction and analysis. In Proceedings of the ACM Turing 50th Celebration Conference-China (pp.


Selwin, V. P. (2017, March). Survey on Online Social Media Networks Facebook Forensics. In International Conference on Information and Communication Technology for Intelligent Systems (pp. 1-12). Springer, Cham.

Sengupta, S., Basak, S., & Peters, R. A. (2019). Particle Swarm Optimization: A survey of historical and recent developments with hybridization perspectives. Machine Learning and Knowledge Extraction, 1(1), 157-191. Shahzad, A., & Hussain, M. (2013). Security issues and challenges of Mobile Cloud

Computing. International Journal of Grid and Distributed Computing, 6(6), 37-50.

Sharma, P., Arora, D., & Sakthivel, T. (2017, March). Mobile Cloud forensic: Legal implications and counter measures. In International Conference on Information and Communication Technology for Intelligent Systems (pp. 531-542). Springer, Cham.

Sharma, P., Arora, D., & Sakthivel, T. (2020). Enhanced forensic process for improving mobile cloud traceability in cloud-based mobile applications. Procedia Computer Science, 167, 907-917.



Shi, Y., & Eberhart, R. C. (1999, July). Empirical study of particle swarm optimization.

In Proceedings of the 1999 congress on evolutionary computation-CEC99 (Cat. No.

99TH8406) (Vol. 3, pp. 1945-1950). IEEE. Shields, C., Frieder, O., & Maloof, M. (2011). A system for the proactive, continuous, and

efficient collection of digital forensic evidence. Digital Investigation, 8, S3-S13.

Sibiya, G., Venter, H. S., & Fogwill, T. (2012). Digital Forensic Framework for a Cloud Environment. IST-Africa 2012 Conference Proceedings. IIMobile Cloud International Information Management Corporation, 2012.

Simou, S., Kalloniatis, C., Kavakli, E., & Gritzalis, S. (2014, June). Cloud forensics:

identifying the major issues and challenges. In International conference on advanced information systems engineering (pp. 271-284). Springer,


Song, W., Yin, H., Liu, C., & Song, D. (2018, January). Deepmem: Learning graph neural network models for fast and robust memory forensic analysis. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 606- 618).

Statista. (2018) Portal, Retrieved from website: traffic/, Accessed on Jan, 2018.

Stergiou, C., & Psannis, K. E. (2017). Recent advances delivered by Mobile Cloud Computing and Internet of Things for Big Data applications: a survey. International Journal of Network Management, 27(3), e1930.

Sylve, J., Case, A., Marziale, L., & Richard, G. G. (2012). Acquisition and analysis of volatile memory from android devices. Digital Investigation, 8(3-4), 175-184.




Related subjects :