Integrated examination and analysis model for improving mobile cloud forensic investigation

(1)

The copyright © of this thesis belongs to its rightful author and/or other copyright owner. Copies can be accessed and downloaded for non-commercial or learning purposes without any charge and permission. The thesis cannot be reproduced or quoted as a whole without the permission from its rightful owner. No alteration or changes in format is allowed without permission from its rightful owner.

(2)

INTEGRATED EXAMINATION AND ANALYSIS MODEL FOR IMPROVING MOBILE CLOUD FORENSIC INVESTIGATION

IBRAHIM ALI ALNAJJAR

DOCTOR OF PHILOSOPHY UNIVERSITI UTARA MALAYSIA

JULY 2022

(3)

(4)

i

Permission to Use

In presenting this thesis in fulfilment of the requirements for Doctor of Philosophy degree from Universiti Utara Malaysia, I agree that the Universiti Library may make it freely available for inspection. I further agree that permission for the copying of this thesis in any manner, in whole or in part, for scholarly purpose may be granted by my supervisor(s) or, in their absence, by the Dean of Awang Had Salleh Graduate School of Arts and Sciences. It is understood that any copying or publication or use of this thesis or parts thereof for financial gain shall not be allowed without my written permission. It is also understood that due recognition shall be given to me and to Universiti Utara Malaysia for any scholarly use which may be made of any material from my thesis.

Requests for permission to copy or to make other use of materials in this thesis, in whole or in part, should be addressed to:

Dean of Awang Had Salleh Graduate School of Arts and Sciences Universiti Utara Malaysia

06010 UUM Sintok Kedah Darul Aman

(5)

ii

Abstrak

Teknik forensik termaju telah menjadi suatu kemestian untuk menyiasat aktiviti berniat jahat dalam Aplikasi Mudah Alih berasaskan Awan (CMA). Adalah mencabar untuk menganalisis artifak keterangan kes khusus dalam persekitaran Pengkomputeran Awan Mudah Alih (MCC) di bawah keadaan forensik yang kukuh. Siasatan Awan Mudah Alih (MCI) menghadapi banyak isu penyelidikan dalam menjejak dan membuat penalaan halus terhadap bukti artifak yang berkaitan persekitaran MCC.

Penyelidikan ini mencadangkan model Pemeriksaan dan Analisis (EA) bersepadu untuk seni bina aplikasi umum CMA yang boleh digunakan pada awan awam untuk mengesan artifak keterangan kes khusus. Model yang dicadangkan telah mengesahkan keberkesanan MCI dan meningkatkan kualiti serta kelajuan penyiasatan. Dalam konteks tersebut, dicadangkan model Metodologi Pemeriksaan dan Analisis Forensik menggunakan Perlombongan Data (FED) dan Metodologi Pemeriksaan dan Analisis Forensik menggunakan Perlombongan Data dan Pengoptimum (FEDO) bagi menangani isu-isu ini. FED menggabungkan subfasa utama seperti analisis garis masa, penapisan cincang, pengukiran data dan transformasi data untuk menapis artifak kes khusus. Metodologi forensik dibantu LSTM menentukan jumlah maklumat yang berpotensi untuk disimpan untuk siasatan lanjut dan mengkategorikan artifak bukti forensik bagi kerelevanan kejadian jenayah. Akhir sekali, model FED membangunkan taksonomi bukti forensik dan mengekalkan ketepatan dan perolehan kembali melebihi 85% bagi pembuatan keputusan yang lebih berkesan. FEDO memudahkan bukti awan dengan memeriksa ciri-ciri utama dan mengindeks bukti. FEDO menggabungkan beberapa subfasa untuk mengendalikan bukti secara tepat, seperti pengindeksan bukti, rujukan silang dan carian kata kunci. Model ini menganalisis maklumat temporal dan geografi serta melakukan rujukan silang untuk memperhalusi bukti ke arah bukti kes khusus. FEDO memodelkan strategi Linearly Decreasing Weight (LDW) berasaskan algoritma Particle Swarm Optimization (PSO) pada bukti kes khusus untuk meningkatkan keupayaan pencarian siasatan merentas persekitaran raya MCC. FEDO memberikan kadar pengesanan bukti sehingga 90% dan dengan itu, EA bersepadu telah memastikan peningkatan prestasi MCI.

Kata kunci: Forensik awan mudah alih, Pemeriksaan dan analisis forensik, Ukiran dan transformasi data, Pengindeksan bukti, Perlombongan data forensik

(6)

iii

Abstract

Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the case- specific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud Investigation (MCI) encounters many research issues in tracing and fine-tuning the relevant evidential artifacts from the MCC environment. This research proposes an integrated Examination and Analysis (EA) model for a generalised application architecture of CMA deployable on the public cloud to trace the case-specific evidential artifacts. The proposed model effectively validates MCI and enhances the accuracy and speed of the investigation. In this context, proposing Forensic Examination and Analysis Methodology using Data mining (FED) and Forensic Examination and analysis methodology using Data mining and Optimization (FEDO) models address these issues. The FED incorporates key sub-phases such as timeline analysis, hash filtering, data carving, and data transformation to filter out case-specific artifacts. The Long Short-Term Memory (LSTM) assisted forensic methodology decides the amount of potential information to be retained for further investigation and categorizes the forensic evidential artifacts for the relevancy of the crime event. Finally, the FED model constructs the forensic evidence taxonomy and maintains the precision and recall above 85% for effective decision-making. FEDO facilitates cloud evidence by examining the key features and indexing the evidence. The FEDO incorporates several sub-phases to precisely handle the evidence, such as evidence indexing, cross- referencing, and keyword searching. It analyses the temporal and geographic information and performs cross-referencing to fine-tune the evidence towards the case- specific evidence. FEDO models the Linearly Decreasing Weight (LDW) strategy based Particle Swarm Optimization (PSO) algorithm on the case-specific evidence to improve the searching capability of the investigation across the massive MCC environment. FEDO delivers the evidence tracing rate at 90%, and thus the integrated EA ensures improved MCI performance.

Keywords: Mobile Cloud Forensics, Forensic Examination and Analysis, Data Carving and Transformation, Evidence Indexing, Forensic Data Mining.

(7)

iv

Acknowledgements

In The Name of Allah the Most Beneficent, the Most Merciful

First of all, I am thankful to Allah SWT, for the power and the bestowing me health and strength that have given me to accomplish this work through my journey of research and to be able to finish the write up of this thesis.

Also, I am deeply indebted in the preparation of this thesis and grateful to my supervisor, Dr. Massudi Mahmuddin for his extensive guidance, unprecedented support, and comments.

Also, I am obliged to thank my late supervisor Prof. Dr. Abd Razak Yaakub may Allah have mercy on him, he made things easy for me when they were difficult.

I would like to extend thanks to Cyber Security Malaysia for my training in all tools related to Digital forensics and dealing with them professionally.

First and foremost, I would like to thank my father Ali Alnajjar, Mother Fatimah, sisters, brothers and their families for their constant love, support and encouragement during my journey.

Last but not least, I would specially like to thank my family. My wife Waganat has been extremely supportive of me throughout this journey and has made countless sacrifices to help me get to this point. My children (Fajraldeen, Pillar and Sima) for giving me unlimited happiness and pleasure.

Finally, I would like to thank my friends, who so generously contributed to the work presented in this research.

(8)

List of Tables

Table 2.1: Comparison of Several Mobile Forensic Tools………...………...21

Table 2.2: Review of Various Forensic Investigation Model and Frameworks…....31

Table 2.3: Comparison of Conventional Forensic Approaches in Mobile, Cloud, and MC Environment……...……….……..….68

Table 5.1: Sample Features in the Acquired Forensic Logs………...128

Table 6.1: Details of Mobile Evidential Artifacs……….161

Table 6.2: Details of Cloud Evidential Artifacts………...……..163

(13)

x

List of Figures

Figure 2.1: MCC Architecture………...23

Figure 2.2: Forensic Investigation Process………...39

Figure 3.1: Forensic Analysis Cloud-based Mobile Applications...………..76

Figure 3.2: Research Design of Proposed EA Forensic………...…………..79

Figure 3.3: The Research Process of the Integrated EA Forensic Model…………..80

Figure 4.1: Integrated MC Forensic EA Model…….………85

Figure 5.1: Enhanced Forensic EA Model for MCI………….………...99

Figure 5.2: Architecture of the FED……….. ……….102

Figure 5.3: The Sub-Phases in the FED...………103

Figure 5.4: The FED Methodology………..……..………...105

Figure 5.5: Hash Filtering Process in the FED………… ………...108

Figure 5.6: Data Carving Process in the FED.………...113

Figure 5.7: Comprehensive Data Carving Process in the FED………...119

Figure 5.8: Data Transformation Process in the FED ………..………...121

Figure 5.9: LSTM-based Evidence Cloud Integration in the FED…...124

Figure 5.10: Inter-Linked Evidence Ratio Vs. Precision...……...………..…...133

Figure 5.11: Inter-Linked Evidence Ratio Vs. Recall……….…..………...134

Figure 6.1: The Sub-Phases in the FEDO………..……...139

Figure 6.2: Architecture of the FEDO………...…………..141

Figure 6.3: The FEDO Methodology……….…………...142

Figure 6.4: Evidence Indexing Process in FEDO……..……….………144

Figure 6.5: Cross-referencing and Keyword Searching Process in the FEDO..…..146

Figure 6.6: Process Flow of the Search Optimization in FEDO……….150

Figure 6.7: PSO Search Optimization Steps Involved in the FEDO……...151

Figure 6.8: Flow Diagram of PSO in FEDO………..…...155

Figure 6.9: An Illustration of CMA Model……….…...………158

Figure 6.10 An Illustration of Evidential Artifacts for MCI………...……...159

Figure 6.11: Evidence Traces vs. Precision ……….…………...166

Figure 6.12: Evidence Traces vs. Recall ………..………167

Figure 6.13: Evidence Traces vs. Tracing Rate ………...168

(14)

xi

List of Abbreviations

ACO Ant Colony Optimization ADT Android Development Tool

API Application Programming Interface ASEF Android Security Evaluation Framework

AWS Amazon Web Service

CAGR Compound Annual Growth Rate

CDI Cloud Data Imager

CDMA Code-Division Multiple Access CES Cloud Elasticity Service

CMA Cloud-based Mobile Applications

CMF Copy-Move Forgery

CMFD-PSO CMF Detection model using Particle Swarm Optimization CNNIC China Internet Network Information Centre

CPS Cyber Physical System

CS Correlation or Cross-referencing Score

CSV Comma Separated Value

DDoS Distributed Denial-of-Service DEM Device Elasticity Manager

DFIAC Digital Forensic Intelligence Analysis Cycle

DLCF Deep Learning Cognitive Computing for the Cyber Forensics

DoS Denial-of-Service

EIDIP Enhanced Integrated Digital Investigation Process EA Examination and Analysis

EM Expectation Maximization

(15)

xii

EMSVM Enhanced Multiclass Support Vector Machine F2S2 Fast Forensic Similarity Search

FCMP Fuzzy C-Means clustering using Particle swarm optimization

FE Forensic Evidence

FED Forensic EA Methodology using the Data Mining

FEDO Forensic EA Methodology using the Data Mining and Optimization FEDO-PSO Forensic EA Methodology using the Data Mining and Optimization

with PSO

FEI-LSTM Forensic Evidence Integration using LSTM FROST Forensic Open-Stack Tool

FTK Forensic Tool Kit

FTS Forensic Testing Service

GA Genetic Algorithm

GPS Global Positioning System

GSM Global System for Mobile Communications HTTP HyperText Transfer Protocol

HTTPS HyperText Transfer Protocol with Secure Sockets Layer (SSL) IaaS Infrastructure as a Service

IDC International Data Corporation

IDFPM Integrated Digital Forensic Process Model IDS Intrusion Detection System

IEF Internet Evidence Finder ILER Inter-Linked Evidence Ratio

IMEI International Mobile Equipment Identity IMSI International Mobile Subscriber Identity IoT Internet-of-Things

(16)

xiii

IP Internet Protocol

ISP Internet Service Provider

IT Information Technology

JDK Java Development Kit LCD Liquid Crystal Display LDW Linearly Decreasing Weight

LSTM Long Short-Term Memory

MAC Media Access Control

MC Mobile Cloud

MCC Mobile Cloud Computing

MCI Mobile Cloud Investigation MFP Mobile Forensic Platform

MFT Master File Table

MILP Mixed Integer Linear Programming

mVoIP mobile VoIP

NB Naïve Bayes

NFC Near Field Communication

OS Operating System

PaaS Platform as a Service

PC Personal Computer

PCA Principal Component Analysis PDA Personal Digital Assistant

PROOFS Proactive Object Fingerprinting and Storage PSO Particle Swarm Optimization

RAM Random Access Memory

RNN Recurrent Neural Network

(17)

xiv

ROM Read Only Memory

SAAF Static Android Analysis Framework SaaS Software as a Service

SD Card Secure Digital Card

SDK Software Development Kit

SIFT Scale Invariant Features Transform SIM Subscriber Identity Module

SMS Short Messaging Service SQL Structured Query Language

SRDFIM Systematic Digital Forensics Investigation Model

SSH Secure SHell

STaaS STorage as a Service

TDMA Time-Division Multiple Access UFED Universal Forensic Extraction Device UICC Universal Integrated Circuit Card URL Uniform Resource Locator USB Universal Serial Bus

VAIE Visualize Association Inside Emails VNC Virtual Network Computing

VoIP Voice over Internet Protocol WAP Wireless Application Protocol

WEKA Waikato Environment for Knowledge Analysis YAFFS Yet Another Flash File System

(18)

1

CHAPTER ONE INTRODUCTION

1.1 Background

In recent years, the utilization of smartphones and cloud computing technology (Rimal et al., 2009) has witnessed unprecedented growth discussed by the researchers (Qi, &

Gani, 2012; Faheem et al., 2016a). With the rapid adoption of mobile devices, including smartphones, stated by Silver (2019), business organizations accelerate mobile application development to enhance their service portfolios and provide services anywhere that improve revenue and customer reachability, as discussed by Behani (2019). For instance, Chuck (2019) has provided statistics showing that 34%

of the customers buy additional products, 33% utilize mobile applications for frequent purchases, and 37% spend more after the customers are introduced to the Smartphone apps. With the emergence of the application categories in the smartphone, the adoption of smartphones is also increased among the end-users to perform smarter activities in their real-life widely. For instance, Blair (2020) discussed mobile application download and usage statistics based on the penetration rate of the application category.

Among the Android users, the success rate of the application categories is provided by Blair (2020), involving communication applications 99%, video players and editing applications 96%, travel and local 95%, and social media applications 95%. According to these statistics, individual access to mobile applications and business organizations has gained increased attention and benefits, necessitating the adoption of cloud resources and Mobile Cloud Computing (MCC) technology. As described by the authors (Fernando et al., 2013; Dinh et al., 2013; Noor et al., 2018), MCC technology provides unlimited remote resources to the mobile device particularly, smartphones

(19)

172 7.3 Limitations

This research work paves the way for the forensic investigator to conduct the forensic investigation for the CMA towards the potential research directions. Despite this, the forensic methodologies confront several shortcomings, which are discussed as follows.

 Extracting all the information related to the criminal activities from the smartphone and the third-party application is a critical task due to the ability to extract only limited data by the existing mobile forensic tool over the ever-increasing storage of the mobile device through application activities.

 Obtaining access from the cloud service provider is challenging while only acquiring the corresponding mobile application activities-relevant data from the multi-tenant and distributed cloud environment.

 The diversified behavior of malicious insiders or external intruders poses significant challenges in accurate forensic decision-making in the MCI.

 The enhanced forensic analysis methodologies lack the examination of all the relevant artifacts in the MC environment without compromising privacy and security.

(20)

173 7.4 Future Directions

In the future, this MCI research will extend as the different research solutions to further improve the investigation accuracy for the CMA.

 With the rapid increase of criminal activity in the MC environment, the forensics research is extended to consider the multi-modalities during the evidence analysis.

 The MC forensic EA phase is further developed as the adaptive forensic-decision making model in the dynamic MC environment due to the diversity in the behaviors of the malicious individuals while launching a similar crime event.

 By adopting the hybrid machine learning or deep learning model for the sequential fine-tuning of the evidence, the current research work enriches the investigation performance.

 Future forensic research focuses on investigating the cloud insiders rather than suspecting only the external users or third parties with the knowledge of the service level agreements in the cloud and the violations.

(21)

174

References

Access Data. (2008). FTK, Retrieved from website: https://accessdata.com/products- services/forensic-toolkit-ftk, Accessed On January, 2021.

Adelstein, F. (2003). MFP: The Mobile Forensics Platform. In Proceedings of the 2002 Digital Forensics Research Workshop.

Aditya, K., Grzonkowski, S., & Lekhac, N. (2018, August). Enabling trust in deep learning models: a digital forensics case study. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE

International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 1250-1255). IEEE.

Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). Systematic digital forensic investigation model. International Journal of Computer Science and Security (IJCSS), 5(1), 118-131.

Agarwal, R., & Kothari, S. (2015). Review of digital forensic investigation frameworks.

In Information science and applications (pp. 561-571). Springer, Berlin, Heidelberg.

https://doi.org/10.1007/978-3-662-46578-3_66

Agarwal, V., Tiwari, A., Gupta, R. K., & Singh, U. P. (2018). Discovering Optimal

Patterns for Forensic Pattern Warehouse. In Advanced Computing and Communication Technologies (pp. 101-108). Springer, Singapore. https://doi.org/10.1007/978-981-10- 4603-2_11

Ahmed, R., & Dharaskar, R. V. (2008, December). Mobile forensics: an overview, tools, future trends and challenges from law enforcement perspective. In 6th International Conference on E-Governance, ICEG, Emerging Technologies in E-Government, M- Government (pp. 312-23).

Akkaladevi, S., Keesara, H., & Luo, X. (2011). Efficient forensic tools for handheld device: a comprehensive perspective. Software Engineering Research, Management and Applications Studies in Computational Intelligence, 377, 349-359.

(22)

175

Al Mutawa, N., Baggili, I., & Marrington, A. (2012). Forensic analysis of social networking applications on mobile devices. Digital investigation, 9, S24-S33.

https://doi.org/10.1016/j.diin.2012.05.007

Albano, P., Castiglione, A., Cattaneo, G., & De Santis, A. (2011, October). A novel anti- forensics technique for the android os. In 2011 International Conference on

Broadband and Wireless Computing, Communication and Applications (pp. 380-385).

IEEE. https://doi.org/10.1109/bwcca.2011.62

Alharbi, S., Weber-Jahnke, J., & Traore, I. (2011, August). The proactive and reactive digital forensics investigation process: A systematic literature review. In International Conference on Information Security and Assurance (pp. 87-100). Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23141-4_9

Ali, M., Shiaeles, S., Clarke, N., & Kontogeorgis, D. (2019). A proactive malicious

software identification approach for digital forensic examiners. Journal of Information Security and Applications, 47, 139-155. https://doi.org/10.1016/j.jisa.2019.04.013 Almulla, S., Iraqi, Y., & Jones, A. (2013, March). Cloud forensics: A research perspective.

In 2013 9th International Conference on Innovations in Information Technology (IIT) (pp. 66-71). IEEE. https://doi.org/10.1109/innovations.2013.6544395 Almulla, S., Iraqi, Y., & Jones, A. (2014). A state-of-the-art review of cloud

forensics. Journal of Digital Forensics, Security and Law, 9(4),2.

https://doi.org/10.15394/jdfsl.2014.1190

Alqahtany, S., Clarke, N., Furnell, S., & Reich, C. (2015, April). Cloud forensics: a review of challenges, solutions and open problems. In 2015 International Conference on Cloud Computing (ICCC) (pp. 1-9). IEEE.

https://doi.org/10.1109/cloudcomp.2015.7149635

Al-Saleh, M. I., & Forihat, Y. A. (2013). Skype forensics in android devices. International Journal of Computer Applications, 78(7). https://doi.org/10.5120/13504-1253

Al-Zarouni, M. (2006). Mobile handset forensic evidence: a challenge for law enforcement. https://doi.org/10.4225/75/57b121cfc704e

(23)

176

Aminnezhad, A., Dehghantanha, A., Abdullah, M. T., & Damshenas, M. (2013). Cloud forensics issues and opportunities. International Journal of Information Processing and Management, 4(4), 76. https://doi.org/10.4156/ijipm.vol4.issue4.9

Arasomwan, M. A., & Adewumi, A. O. (2013). On the performance of linear decreasing inertia weight particle swarm optimization for global optimization. The Scientific World Journal, 2013. https://doi.org/10.1155/2013/860289

Ayers, R., Brothers, S., & Jansen, W. (2013). Guidelines on mobile device forensics (draft). NIST Special Publication, 800, 101. https://doi.org/10.6028/nist.sp.800-101r1 Azfar, A., Choo, K. K. R., & Liu, L. (2017). Forensic taxonomy of android social

apps. Journal of forensic sciences, 62(2), 435-456. https://doi.org/10.1111/1556- 4029.13267

Babun, L., Sikder, A. K., Acar, A., & Uluagac, A. S. (2018). Iotdots: A digital forensics framework for smart environments. arXiv preprint arXiv:1809.00745.

Bansal, J. C., Singh, P. K., Saraswat, M., Verma, A., Jadon, S. S., & Abraham, A. (2011, October). Inertia weight strategies in particle swarm optimization. In 2011 Third world congress on nature and biologically inspired computing (pp. 633-640). IEEE.

https://doi.org/10.1109/NaBIC.2011.6089659

Bappy, J. H., Simons, C., Nataraj, L., Manjunath, B. S., & Roy-Chowdhury, A. K. (2019).

Hybrid lstm and encoder–decoder architecture for detection of image forgeries. IEEE Transactions on Image Processing, 28(7), 3286-3300.

Barmpatsalou, K., Damopoulos, D., Kambourakis, G., & Katos, V. (2013). A critical review of 7 years of Mobile Device Forensics. Digital Investigation, 10(4), 323- 349.https://doi.org/10.1016/j.diin.2013.10.003

Baryamureeba, V., & Tushabe, F. (2004). The enhanced digital investigation process model. Digital Investigation.

Beebe, N. L., & Clark, J. G. (2005). A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2), 147-167.

(24)

177

Bertè, R., Marturana, F., Me, G., & Tacconi, S. (2012). Data mining based crime- dependent triage in digital forensics analysis. In Proceedings of 2012 International Conference on Affective Computing and Intelligent Interaction.

https://doi.org/10.13140/2.1.3119.9680

Bhadsavle, N., & Wang, J. A. (2009). Validating tools for cell phone forensics.

In American Society for Engineering Education (ASEE) Southeastern Section Conference.

Birk, D., & Wegener, C. (2011, May). Technical issues of forensic investigations in cloud computing environments. In 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering (pp. 1-10). IEEE.

https://doi.org/10.1109/sadfe.2011.17

Blair, I. Mobile App Download and Usage Statistics (2020), Retrieved from website:

https://buildfire.com/app-statistics/, Accessed on October, 2020

Brunty, J. (2016). Mobile device forensics: threats, challenges, and future trends. In digital forensics (pp. 69-84). Syngress. https://doi.org/10.1016/b978-0-12-804526-8.00005-8 Bulbul, H. I., Yavuzcan, H. G., & Ozel, M. (2013). Digital forensics: an analytical crime

scene procedure model (ACSPM). Forensic Science International, 233(1-3), 244-256.

https://doi.org/10.1016/j.forsciint.2013.09.007

Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), 599-616.

https://doi.org/10.1109/ccgrid.2009.97

Cahyani, N. D. W., Ab Rahman, N. H., Glisson, W. B., & Choo, K. K. R. (2017). The role of mobile forensics in terrorism investigations involving the use of cloud storage service and communication apps. Mobile Networks and Applications, 22(2), 240- 254.https://doi.org/10.1007/s11036-016-0791-8

(25)

178

Carpene, C. (2011). Looking to iPhone backup files for evidence extraction. Proceedings of the 9^th Australian Digital Forensics Conference, (December), 16-32.

https://doi.org/10.4225/75/57b2b9e540ce9

Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press.

Cellebrite. (2007). Cellebrite UFED, Retrieved from website:

https://www.cellebrite.com/en/mobile-forensics/, Accessed On January, 2021.

Chelihi, M. A., Elutilo, A., Ahmed, I., Papadopoulos, C., & Dehghantanha, A. (2017). An android cloud storage apps forensic taxonomy. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications (pp. 285-305). Syngress.

https://doi.org/10.1016/b978-0-12-805303-4.00015-0

Chen, L., Xu, L., Yuan, X., & Shashidhar, N. (2015, February). Digital forensics in social networks and the cloud: Process, approaches, methods, tools, and challenges. In 2015 International Conference on Computing, Networking and Communications

(ICNC) (pp. 1132-1136). IEEE. https://doi.org/10.1109/iccnc.2015.7069509

Chuck, M. (2019) 7 Reasons Why Companies with Apps Earn More Revenue According to Studies, Retrieved from website: https://www.business2community.com/mobile- apps/7-reasons-why-companies-with-apps-earn-more-revenue-according-to-studies- 02242228, Accessed on July, 2020

Chung, H., Park, J., Lee, S., & Kang, C. (2012). Digital Forensic Investigation of Cloud Storage Services. Digital Investigation, 9(2), 81-95.

Clark, P. (2011). Digital Forensics Tool Testing-Image Metadata in the cloud (Master's thesis). Retrieved from: https://ntnuopen.ntnu.no/ntnu-

xmlui/bitstream/handle/11250/143978/Philip%20Clark.pdf?sequence=1.

Cohen, M. I. (2008). PyFlag–An advanced network forensic framework. Digital Investigation, 5, S112-S120. https://doi.org/10.1016/j.diin.2008.05.016

(26)

179

Dagher, G. G., & Fung, B. C. (2013). Subject-based semantic document clustering for digital forensic investigations. Data & Knowledge Engineering, 86, 224-241.

Damopoulos, D., Kambourakis, G., Gritzalis, S., & Park, S. O. (2014). Exposing mobile malware from the inside (or what is your mobile app really doing?). Peer-to-Peer Networking and Applications, 7(4), 687-697. https://doi.org/10.1007/s12083-012- 0179-x

Damshenas, M., Dehghantanha, A., Mahmoud, R., & bin Shamsuddin, S. (2012, June).

Forensics investigation challenges in cloud computing environments. In Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (pp. 190-194). IEEE.

https://doi.org/10.1109/CyberSec.2012.6246092

Danker, S., Ayers, R., & Mislan, R. P. (2009). Hashing Techniques for Mobile Device Forensics. Stress, 6(4f16334e774b5c), 77bebd7fb998797dd.

Dargahi, T., Dehghantanha, A., & Conti, M. (2017a). Forensics analysis of Android mobile VoIP apps. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications (pp. 7-20). Syngress.https://doi.org/10.1016/b978-0-12-805303-4.00002- 2

Dargahi, T., Dehghantanha, A., & Conti, M. (2017b). Investigating Storage as a Service Cloud Platform: pCloud as a Case Study. In Contemporary Digital Forensic

Investigations of Cloud and Mobile Applications (pp. 185-204).

Syngress.https://doi.org/10.1016/b978-0-12-805303-4.00012-5

Daryabar, F., Dehghantanha, A., Eterovic-Soric, B., & Choo, K. K. R. (2016a). Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices. Australian Journal of Forensic Sciences, 48(6), 615-642.

https://doi.org/10.1080/00450618.2015.1110620

Daryabar, F., Dehghantanha, A., Udzir, N. I., bin Shamsuddin, S., & Norouzizadeh, F.

(2013). A survey about impacts of cloud computing on digital forensics. International Journal of Cyber-Security and Digital Forensics, 2(2), 77-95.

(27)

180

Daryabar, F., Tadayon, M. H., Parsi, A., & Sadjadi, H. (2016, September). Automated analysis method for forensic investigation of cloud applications on Android. In 2016 8th International Symposium on Telecommunications (IST) (pp. 145-150). IEEE.

https://doi.org/10.1109/istel.2016.7881799

Dezfouli, F. N., Dehghantanha, A., Mahmoud, R., Sani, N. F. B. M., & bin Shamsuddin, S.

(2012, June). Volatile memory acquisition using backup for forensic investigation. In Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (pp. 186-189). IEEE.

https://doi.org/10.1109/cybersec.2012.6246108

DIGAMBAR, P. (2015). A novel digital forensic framework for cloud computing environment (Doctoral dissertation). Retrieved from

http://125.22.54.221:8080/jspui/bitstream/123456789/3032/2/Thesis-final.pdf.

Ding, X., & Zou, H. (2011, March). Time based data forensic and cross-reference analysis.

In Proceedings of the 2011 ACM Symposium on Applied Computing (pp. 185-190).

https://doi.org/10.1145/1982185.1982227

Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of Mobile Cloud

Computing: architecture, applications, and approaches. Wireless Communications and Mobile Computing, 13(18), 1587-1611. https://doi.org/10.1002/wcm.1203

Do, Q., Martini, B., & Choo, K. K. R. (2015). A cloud-focused mobile forensics

methodology. IEEE Cloud Computing, 2(4), 60-65. https://doi.org/10.1109/MCC.2015.71 Du, X., & Scanlon, M. (2019, August). Methodology for the automated metadata-based

classification of incriminating digital forensic artefacts. In Proceedings of the 14th International Conference on Availability, Reliability and Security (pp. 1-8).

https://doi.org/10.1145/3339252.3340517.

Du, X., Le-Khac, N. A., & Scanlon, M. (2017). Evaluation of digital forensic process models with respect to digital forensics as a service. European Conference on Information Warfare and Security, ECCWS, 573-581.

(28)

181

Dykstra, J. (2015). Seizing electronic evidence from cloud computing environments. In Cloud Technology: Concepts, Methodologies, Tools, and Applications (pp. 2033- 2062). IGI Global. https://doi.org/10.4018/978-1-4666-6539-2.ch095

Dykstra, J., & Sherman, A. T. (2011). Understanding issues in cloud forensics: two

hypothetical case studies. Proceeding of the Conference on Digital Forensics, Security and Law, (pp. 45-54).

Dykstra, J., & Sherman, A. T. (2012). Acquiring forensic evidence from infrastructure-as- a-service cloud computing: Exploring and evaluating tools, trust, and techniques.

Digital Investigation, 9, S90-S98. https://doi.org/10.1016/j.diin.2012.05.001 Dykstra, J., & Sherman, A. T. (2013). Design and implementation of FROST: Digital

forensic tools for the OpenStack cloud computing platform. Digital Investigation, 10, S87-S95. https://doi.org/10.1016/j.diin.2013.06.010

Elbes, M., Alzubi, S., Kanan, T., Al-Fuqaha, A., & Hawashin, B. (2019). A survey on particle swarm optimization with emphasis on engineering and network

applications. Evolutionary Intelligence, 1-17. https://doi.org/10.1007/s12065-019- 00210-z

Elias Chachak, The Cyber Research DataBank, (2021). Cybercrime is moving towards smartphones –this is what you could to protect your company. Available Online at:

https://www.cyberdb.co/cybercrime-is-moving-towards-smartphones-this-is-what-you-could- do-to-protect-your-company/, Accessed On, January 2022.

Enterprise Engineering Solutions, (2021). Mobile Cloud Computing: What, How, and Why?. Available Online at: https://www.eescorporation.com/mobile-cloud-computing/, Accessed On, January 2022.

Exterro. (2020). AccessData Forensic Tool, Retrieved from website:

https://accessdata.com/products-services/forensic-toolkit-ftk, Accessed On August, 2020.

(29)

182

Faheem, M., Kechadi, T., & Le Khac, A. (2016b). A Unified Forensic Framework for Data Identification and Collection in Mobile Cloud Social Network Applications.

International Journal Of Advanced Computer Science and Applications, 7(1), 21- 29.https://doi.org/10.14569/IJACSA.2016.070103

Faheem, M., Kechadi, T., & Le Khac, N. A. (2014). An Overview of Cloud Base Application Forensics Tools for Mobile Devices.International Journal of Applied Information Systems (IJAIS), 7(10), 7-10. https://doi.org/10.5120/ijais 14-451232 Faheem, M., Kechadi, T., & Le-Khac, N. A. (2015). The state of the art forensic

techniques in Mobile Cloud environment: A survey, challenges and current trends.

International Journal of Digital Crime and Forensics (IJDCF), 7(2), 1-19.

https://doi.org/10.4018/ijdcf.2015040101

Faheem, M., Le-Khac, N. A., & Kechadi, T. (2016a, August). Toward a new Mobile Cloud forensic framework. In 2016 Sixth International Conference on Innovative Computing Technology (INTECH) (pp. 736-742). IEEE.

https://doi.org/10.1109/INTECH.2016.7845142

Federal Rules of Evidence. (2019). Rule 401. Test for Relevant Evidence | Federal Rules of Evidence | US Law | LII / Legal Information Institute, Retrieved from website:

https://www.law.cornell.edu/rules/fre/rule_401, Accessed on November, 2019 Federici, C. (2014). Cloud Data Imager: A unified answer to remote acquisition of cloud

storage areas. Digital Investigation, 11(1), 30-42.

Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile Cloud Computing: A survey.

Future Generation Computer Systems, 29(1), 84-106.

https://doi.org/10.1016/j.future.2012.05.023

Forensic Science Service. (2012). CellDek TEK Forensic Tool, Retrieved from website:

http://www.mobileforensicscentral.com/mfc/products/celldek.asp?pg=d&prid=347&pi d=, Accessed On August, 2020.

(30)

183

Forensic Telecommunication Services. (2009). Hex Raptor Forensic Tool, Retrieved from website: http://forensicir.blogspot.com/2009/07/unsung-tools-raptor-forensics.html, Accessed On August, 2020.

Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., ...& Stoica, I. (2009).

Above the clouds: A berkeley view of cloud computing. Department of Electrical Engineering and Computer Sciences, University of California, Berkeley, Rep.

UCB/EECS, 28(13), 2009. https://doi.org/10.1145/1721654.1721672

Freet, D., Agrawal, R., John, S., & Walker, J. J. (2015, October). Cloud forensics

challenges from a service model standpoint: IaaS, PaaS and SaaS. In Proceedings of the 7th International Conference on Management of Computational and Collective intElligence in Digital EcoSystems (pp. 148-155).

https://doi.org/10.1145/2857218.2857253

Gao, F., & Zhang, Y. (2013, April). Analysis of WeChat on iPhone. In 2nd international symposium on computer, communication, control and automation. Atlantis Press.

https://doi.org/10.2991/3ca-13.2013.69

Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7, S64-S73. https://doi.org/10.1016/j.diin.2010.05.009

Gomez-Torres, E., Moscoso-Zea, O., Herrera, N. H., & Lujan-Mora, S. (2018, January).

Towards a forensic analysis of mobile devices using android. In International Conference on Information Theoretic Security (pp. 30-39). Springer, Cham.

https://doi.org/10.1007/978-3-319-73450-7_4

Greff, K., Srivastava, R. K., Koutník, J., Steunebrink, B. R., & Schmidhuber, J. (2016).

LSTM: A search space odyssey. IEEE transactions on neural networks and learning systems, 28(10), 2222-2232. https://doi.org/10.1109/TNNLS.2016.2582924

Grispos, G., Glisson, W. B., & Storer, T. (2013, January). Using smartphones as a proxy for forensic evidence contained in cloud storage services. In2013 46th Hawaii International Conference on System Sciences (pp. 4910-4919).

IEEE.https://doi.org/10.1109/hicss.2013.592

(31)

184

Grispos, G., Glisson, W. B., & Storer, T. (2015). Recovering residual forensic data from smartphone interactions with cloud storage providers. In The Cloud Security

Ecosystem: Technical, Legal, Business and Management.

https://doi.org/10.1016/b978-0-12-801595-7.00016-1

Grispos, G., Storer, T., & Glisson, W. B. (2013). Calm before the storm: the challenges of cloud. Emerging digital forensics applications for crime detection, prevention, and security, 4(1), 28-48. https://doi.org/10.4018/978-1-4666-4006-1.ch015

Grover, J. (2013). Android forensics: Automated data collection and reporting from a mobile device. Digital Investigation, 10, S12-S20.

Grover, R. (2019). Deep Learning - Overview, Practical Examples, Popular Algorithms, Retrieved from website: https://www.analyticssteps.com/blogs/deep-learning- overview-practical-examples-popular-algorithms, Accessed on August, 2020.

Guido, M., Ondricek, J., Grover, J., Wilburn, D., Nguyen, T., & Hunt, A. (2013).

Automated identification of installed malicious Android applications. Digital Investigation, 10, S96-S104. https://doi.org/10.1016/j.diin.2013.06.011 Guo, H., Jin, B., & Shang, T. (2012, August). Forensic investigations in cloud

environments. In 2012 International Conference on Computer Science and Information Processing (CSIP) (pp. 248-251). IEEE.

https://doi.org/10.1109/csip.2012.6308841

Gupta, J. N., Kalaimannan, E., &Yoo, S. M. (2016). A heuristic for maximizing investigation effectiveness of digital forensic cases involving multiple investigators. Computers and Operations Research, 69,19.

https://doi.org/10.1016/j.cor.2015.11.003

Hale, J. S. (2013). Amazon cloud drive forensic analysis. Digital Investigation, 10(3), 259- 265. https://doi.org/10.1016/j.diin.2013.04.006

(32)

185

Hegarty, R., Merabti, M., Shi, Q., & Askwith, B. (2011, June). Forensic analysis of distributed service oriented computing platforms. In 12th Annual PostGraduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting.

Hitchcock, B., Le-Khac, N. A., & Scanlon, M. (2016). Tiered forensic methodology model for digital field triage by non-digital evidence specialists. Digital Investigation, 16, S75-S85. https://doi.org/10.1016/j.diin.2016.01.010

Hoon, K. S., Yeo, K. C., Azam, S., Shunmugam, B., & De Boer, F. (2018, January).

Critical review of machine learning approaches to apply big data analytics in DDoS forensics. In 2018 International Conference on Computer Communication and Informatics (ICCCI) (pp. 1-5). IEEE. https://doi.org/10.1109/ICCCI.2018.8441286 Hooper, C., Martini, B., & Choo, K. K. R. (2013). Cloud computing and its implications

for cybercrime investigations in Australia. Computer Law & Security Review, 29(2), 152-163. https://doi.org/10.1016/j.clsr.2013.01.006

Immanuel, F., Martini, B., & Choo, K. K. R. (2015, August). Android cache taxonomy and forensic process. In2015 IEEE Trustcom/BigDataSE/ISPA (Vol. 1, pp. 1094-1101).

IEEE.https://doi.org/10.1109/trustcom.2015.488

Information Gain Ltd, (2012). Why split data in the ratio 70:30?. Available Online at:

http://information-gain.blogspot.com/2012/07/why-split-data-in-ratio-7030.html, Accessed On, January 2022.

Iqbal, S., & Alharbi, S. A. (2019). Advancing Automation in Digital Forensic Investigations Using Machine Learning Forensics. In Digital Forensic Science.

IntechOpen. https://doi.org/10.5772/intechopen.90233

Jang, Y. J., & Kwak, J. (2015). Digital forensics investigation methodology applicable for social network services. Multimedia Tools and Applications, 74(14), 5029-5040.

https://doi.org/10.1007/s11042-014-2061-8

(33)

186

Jansen, W., Delaitre, A., & Moenner, L. (2008, January). Overcoming impediments to cell phone forensics. In Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008) (pp. 483-483). IEEE.

https://doi.org/10.1109/hicss.2008.341

Jung, Y. G., Kang, M. S., & Heo, J. (2014). Clustering performance comparison using K- means and expectation maximization algorithms. Biotechnology & Biotechnological Equipment, 28(sup1), S44-S48.

Karamitsos, I., Afzulpurkar, A., & Trafalis, T. B. (2020). Malware Detection for Forensic Memory Using Deep Recurrent Neural Networks. Journal of Information

Security, 11(2), 103-120.

Karie, N. M., Kebande, V. R., & Venter, H. S. (2019). Diverging deep learning cognitive computing techniques into cyber forensics. Forensic Science International: Synergy, 1, 61-67. https://doi.org/10.1016/j.fsisyn.2019.03.006

Kaur, R., & Kaur, A. (2012). Digital forensics. International Journal of Computer Applications, 50(5). https://doi.org/10.5120/7765-0844

Khan, S., Ahmad, E., Shiraz, M., Gani, A., Wahab, A. W. A., & Bagiwa, M. A. (2014a).

Forensic challenges in Mobile Cloud Computing. IEEE International Conference on Computer, Communications, and Control Technology (I4CT). 343-347.

https://doi.org/10.1109/I4CT.2014.6914202

Khan, S., Shiraz, M., Abdul Wahab, A. W., Gani, A., Han, Q., & Bin Abdul Rahman, Z.

(2014b). A comprehensive review on adaptability of network forensics frameworks for Mobile Cloud Computing. The Scientific World Journal.

http://dx.doi.org/10.1155/2014/547062

Khobragade, P. K., & Malik, L. G. (2014, April). Data generation and analysis for digital forensic application using data mining. In 2014 Fourth International Conference on Communication Systems and Network Technologies (pp. 458-462). IEEE.

https://doi.org/10.1109/CSNT.2014.97

(34)

187

Kohn, M. D., Eloff, M. M., & Eloff, J. H. (2013). Integrated digital forensic process model.

Computers and Security, 38, 103-115. https://doi.org/10.1016/j.cose.2013.05.001 Koroniotis, N., & Moustafa, N. (2020). Enhancing network forensics with particle swarm

and deep learning: The particle deep

framework. https://doi.org/10.5121/csit.2020.100304

Kushida, K. E., Murray, J., & Zysman, J. (2015). Cloud computing: From scarcity to abundance. Journal of Industry, Competition and Trade, 15(1), 5-19.

Silver L, Pew Research Center, (2019). Smartphone Ownership Is Growing Rapidly Around the World, but Not Always Equally. Available Online at:

https://www.pewresearch.org/global/2019/02/05/smartphone-ownership-is-growing- rapidly-around-the-world-but-not-always-equally/, Accessed On, January 2022.

Lee, J., & Hong, D. (2011, November). Pervasive forensic analysis based on Mobile Cloud Computing. In 2011 Third international conference on multimedia information

networking and security (pp. 572-576). IEEE. https://doi.org/10.1109/mines.2011.77 Lessard, J., & Kessler, G. (2010). Android Forensics: Simplifying Cell Phone

Examinations.

Levinson, A., Stackpole, B., & Johnson, D. (2011, January). Third party application forensics on apple mobile devices. In 2011 44th Hawaii International Conference on System Sciences (pp. 1-9). IEEE. https://doi.org/10.1109/hicss.2011.440

Liu, C., Singhal, A., & Wijesekera, D. (2017, January). Identifying evidence for cloud forensic analysis. In IFIP International Conference on Digital Forensics (pp. 111-130).

Springer, Cham.

Magneto IT Solutions, (2019). A Smarter Mobile App can Increase Sales & Productivity of Business. Available Online at: https://magnetoitsolutions.com/blog/smarter-mobile- app-can-increase-sales-productivity-of-business, Accessed On, January 2022.

Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing—The business perspective. Decision support systems, 51(1), 176-189.

(35)

188

Martini, B., & Choo, K. K. R. (2012). An integrated conceptual digital forensic framework for cloud computing. Digital Investigation, 9(2), 71-80.

Martini, B., & Choo, K. K. R. (2013). Cloud storage forensics: ownCloud as a case study.

Digital Investigation, 10(4), 287-299. https://doi.org/10.1016/j.diin.2013.08.005 Martini, B., & Choo, K. K. R. (2014). Cloud forensic technical challenges and solutions:

A snapshot. IEEE Cloud Computing, 1(4), 20-25.https://doi.org/10.1109/MCC.2014.69 Martini, B., Do, Q., & Choo, K. K. R. (2015). Conceptual evidence collection and analysis

methodology for Android devices. arXiv preprint arXiv:1506.05527. https://doi.org/10.1016/b978-0-12-801595-7.00014-8

Martini, B., Do, Q., & Choo, K. K. R. (2015). Mobile Cloud forensics: An analysis of seven popular Android apps. arXiv preprint arXiv:1506.05533.

https://doi.org/10.1016/B978-0-12-801595-7.00015-X

Marturana, F., & Tacconi, S. (2013). A Machine Learning-based Triage methodology for automated categorization of digital media. Digital Investigation, 10(2), 193-204.

Marty, R. (2011, March). Cloud application logging for forensics. In proceedings of the 2011 ACM Symposium on Applied Computing (pp. 178-

184)..https://doi.org/10.1145/1982185.1982226

Mayer, O., Bayar, B., &Stamm, M. C. (2018, June). Learning unified deep-features for multiple forensic tasks. In Proceedings of the 6th ACM workshop on information hiding and multimedia security (pp. 79-84).https://doi.org/10.1145/3206004.3206022 Meliana, N., & Fadlil, A. (2019, November). Identification of Cyber Bullying by using

Clustering Methods on Social Media Twitter. In Journal of Physics: Conference Series (Vol. 1373, No. 1, p. 012040). IOP Publishing.

(36)

189

Meng, F., Wu, S., Yang, J., & Yu, G. (2009, November). Research of an e-mail forensic and analysis system based on visualization. In 2009 Asia-Pacific Conference on Computational Intelligence and Industrial Applications (PACIIA) (Vol. 1, pp. 281- 284). IEEE. https://doi.org/10.1109/paciia.2009.5406437

Micro Systemation. (2017). XRY, Retrieved from website:

https://www.msab.com/products/xry/, Accessed On January, 2021.

Miranda Lopez, E., Moon, S. Y., & Park, J. H. (2016). Scenario-based digital forensics challenges in cloud computing. Symmetry, 8(10), 107. doi:10.3390/sym8100107 Mishra, A. K., Matta, P., Pilli, E. S., & Joshi, R. C. (2012, December). Cloud forensics:

state-of-the-art and research challenges. In 2012 International Symposium on Cloud and Services Computing (pp. 164-170). IEEE. https://doi.org/10.1109/iscos.2012.32 Mobile Cloud Market, Retrieved from website: https://www.mordorintelligence.com/industry- reports/global-mobile-cloud-market-industry, Accessed on December, 2017.

Mohammad, R. M. (2018, October). A neural network based digital forensics

classification. In 2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA) (pp. 1-7). IEEE.

https://doi.org/10.1109/AICCSA.2018.8612868

Mohammad, R. M. A. (2019). An Enhanced Multiclass Support Vector Machine Model and its Application to Classifying File Systems Affected by a Digital Crime. Journal of King Saud University-Computer and Information Sciences.

https://doi.org/10.1016/j.jksuci.2019.10.010

Mohammad, R. M. A., & Alqahtani, M. (2019). A comparison of machine learning techniques for file system forensics analysis. Journal of Information Security and Applications, 46, 53-61. https://doi.org/10.1016/j.jisa.2019.02.009

Mohammed, H., Clarke, N., & Li, F. (2016). An Automated Approach for Digital Forensic Analysis of Heterogeneous Big Data. Journal of Digital Forensic, Security and Law, Volume 11. https://doi.org/10.15394/jdfsl.2016.1384

(37)

190

Mohtasebi, S., Dehghantanha, A., & Choo, K. K. (2017). Cloud storage forensics: analysis of data remnants on SpiderOak, JustCloud, and pCloud. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications (pp. 205-246). Syngress.

https://doi.org/10.1016/B978-0-12-805303-4.00013-7

Mollah, M. B., Azad, M. A. K., & Vasilakos, A. (2017). Security and privacy challenges in Mobile Cloud Computing: Survey and way ahead. Journal of Network and Computer Applications, 84, 38-54.

Murphy, C. (2009). The fraternal clone method for CDMA cell phones. Small Scale Digital Device Forensics Journal, 3(1), 1-8.

Mushtaque, K., Ahsan, K., & Umer, A. (2015). Digital forensic investigation models: an evolution study. JISTEM-Journal of Information Systems and Technology

Management, 12(2), 233-243. https://doi.org/10.4301/s1807-17752015000200003 Mylonas, A., Meletiadis, V., Tsoumas, B., Mitrou, L., & Gritzalis, D. (2012, June).

Smartphone forensics: A proactive investigation scheme for evidence acquisition. In IFIP International Information Security Conference (pp. 249-260). Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30436-1_21

Nitesh Behani, (2018). 10 Things You Must Consider While Developing User-Centered Mobile Apps. Available Online at: https://elearningindustry.com/user-centered- mobile-apps-things-consider-developing.

Neha Kapoor, (2020). Smartphones Are Becoming Prime Targets for Cybercriminals – Here’s What You Need to Know. Available Online at:

https://yourstory.com/mystory/smartphones-prime-targets-cybercriminals/amp, Accessed On, January 2022.

Noor, T. H., Zeadally, S., Alfazi, A., & Sheng, Q. Z. (2018). Mobile Cloud Computing:

Challenges and future research directions. Journal of Network and Computer Applications, 115, 70-85.

(38)

191

Norouzizadeh Dezfouli, F., Dehghantanha, A., Eterovic-Soric, B., & Choo, K. K. R.

(2016). Investigating Social Networking Applications on Smartphones Detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms.

Australian journal of forensic sciences, 48(4), 469-488.

https://doi.org/10.1080/00450618.2015.1066854

Oestreicher, K. (2014). A forensically robust method for acquisition of iCloud data. Digital Investigation, 11, S106-S113. https://doi.org/10.1016/j.diin.2014.05.006

Ogazi-Onyemaechi, B. C., Dehghantanha, A., & Choo, K. K. (2017). Performance of android forensics data recovery tools. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications (pp. 91-110).

Syngress.https://doi.org/10.1016/b978-0-12-805303-4.00007-1 OpenText. (1998). Encase Forensic Tool. Retrieved from website:

https://security.opentext.com/encase-forensic, Accessed On August, 2020.

Openwall. (2015). Portable PHP password hashing framework, Retrieved from website:

www.openwall.com/phpass/, Accessed on Feb, 2015

Orozco, A. L. S., González, D. M. A., Villalba, L. J. G., & Hernández-Castro, J. (2015).

Analysis of errors in exif metadata on mobile devices. Multimedia Tools and Applications, 74(13), 4735-4763. https://doi.org/10.1007/s11042-013-1837-6

Othman, M., Madani, S. A., & Khan, S. U. (2013). A survey of Mobile Cloud Computing application models. IEEE communications surveys & tutorials, 16(1), 393-413.

https://doi.org/10.1109/SURV.2013.062613.00160

Pearson, S., & Watson, R. (2010). Digital triage forensics: processing the digital crime scene. Syngress.

Perumal, S. (2009). Digital forensic model based on Malaysian investigation process.

International Journal of Computer Science and Network Security, 9(8), 38-44.

(39)

192

Perumal, S., Norwawi, N. M., & Raman, V. (2015, October). Internet of Things (IoT) digital forensic investigation model: Top-down forensic approach methodology. In 2015 Fifth International Conference on Digital Information Processing and Communications (ICDIPC) (pp. 19-23). IEEE.

https://doi.org/10.1109/icdipc.2015.7323000

Pichan, A., Lazarescu, M., & Soh, S. T. (2015). Cloud forensics: Technical challenges, solutions and comparative analysis. Digital Investigation, 13, 38-57.

Povar, D., & Geethakumari, G. (2014, September). A heuristic model for performing digital forensics in cloud computing environment. In International Symposium on Security in Computing and Communication (pp. 341-352). Springer, Berlin, Heidelberg.

Qi, H., & Gani, A. (2012, May). Research on mobile cloud computing: Review, trend and perspectives. In 2012 second international conference on digital information and communication technology and it's applications (DICTAP) (pp. 195-202). IEEE.

Quick, D., & Alzaabi, M. (2011). Forensic analysis of the android file system yaffs2.

https://doi.org/10.4225/75/57b2c23a40cf1

Quick, D., & Choo, K. (2014b). Impacts of increasing volume of digital forensic data: A survey and future research challenges. Digital Investigation, 11(4), 273-294.

Quick, D., & Choo, K. K. R. (2013a). Dropbox analysis: Data remnants on user machines.

Digital Investigation, 10(1), 3-18. https://doi.org/10.1016/j.diin.2013.02.003

Quick, D., & Choo, K. K. R. (2013b). Digital droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems, 29(6), 1378-1394.

https://doi.org/10.1016/j.future.2013.02.001

Quick, D., & Choo, K. K. R. (2013c). Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata?.Digital Investigation, 10(3), 266-277. https://doi.org/10.1016/j.diin.2013.07.001

(40)

193

Quick, D., & Choo, K. K. R. (2014a). Data reduction and data mining framework for digital forensic evidence: storage, intelligence, review and archive. Trends and issues in crime and criminal justice, 480, 1-11.

Quick, D., & Choo, K. K. R. (2017). Pervasive social networking forensics: intelligence and evidence from mobile device extracts. Journal of Network and Computer Applications, 86, 24-33. https://doi.org/10.1016/j.jnca.2016.11.018

Raburu, G., Omollo, R., & Okumu, D. O. (2018). Applying data mining principles in the extraction of digital evidence.

RADIOTACTICS. (2018). Athena Forensic Tool, Retrieved from website: https://radiotactics.com/products/athena/, Accessed On August, 2020.

Raghav, S., & Saxena, A. K. (2009, November). Mobile forensics: Guidelines and challenges in data preservation and acquisition. In 2009 IEEE Student Conference on Research and Development (SCOReD) (pp. 5-8). IEEE.

https://doi.org/10.1109/scored.2009.5443431

Rahimi, M. R., Ren, J., Liu, C. H., Vasilakos, A. V., & Venkatasubramanian, N. (2014).

Mobile Cloud Computing: A survey, state of art and future directions. Mobile

Networks and Applications, 19(2), 133-143.https://doi.org/10.1007/s11036-013-0477-4 Ramadhan, B., Purwanto, Y., & Ruriawan, M. F. (2020, October). Forensic Malware

Identification Using Naive Bayes Method. In 2020 International Conference on Information Technology Systems and Innovation (ICITSI) (pp. 1-7). IEEE.

Rao, V. V., & Chakravarthy, A. S. N. (2016, December). Forensic Analysis of android mobile devices. In 2016 International Conference on Recent Advances and

Innovations in Engineering (ICRAIE) (pp. 1-6). IEEE.

https://doi.org/10.1109/icraie.2016.7939540

Reese, G. (2010). Cloud Forensics Using Ebs Boot Volumes. Retrieved from website:

www. Oreilly. com.

(41)

194

Reilly, D., Wren, C., & Berry, T. (2011). Cloud computing: Pros and cons for computer forensic investigations. International Journal Multimedia and Image Processing (IJMIP), 1(1), 26-34. https://doi.org/10.20533/ijmip.2042.4647.2011.0004 Rimal, B. P., Choi, E., & Lumb, I. (2009, August). A taxonomy and survey of cloud

computing systems. In 2009 Fifth International Joint Conference on INC, IMS and IDC (pp. 44-51). IEEE.

Roussev, V., & McCulley, S. (2016). Forensic analysis of cloud-native artifacts. Digital Investigation, 16, S104-S113. https://doi.org/10.1016/j.diin.2016.01.013

Ruan, K., & Carthy, J. (2012, October). Cloud forensic maturity model. In International Conference on Digital Forensics and Cyber Crime (pp. 22-41). Springer, Berlin, Heidelberg. https://doi.org/10.1109/cloud.2013.46

Ruan, K., Carthy, J., Kechadi, T., & Baggili, I. (2013). Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digital Investigation, 10(1), 34-43. https://doi.org/10.1016/j.diin.2013.02.004

Ruan, K., Carthy, J., Kechadi, T., & Crosbie, M. (2011, January). Cloud forensics. In IFIP International Conference on Digital Forensics (pp. 35-46). Springer, Berlin,

Heidelberg. https://doi.org/10.1007/978-3-642-24212-0_3

Rübsamen, T., Reich, C., Taherimonfared, A., Wlodarczyk, T., & Rong, C. (2013, June).

Evidence for accountable cloud computing services. In Pre-Proceedings of International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (p. 1).

Said, H., Yousif, A., & Humaid, H. (2011, October). IPhone forensics techniques and crime investigation. In The 2011 International Conference and Workshop on Current Trends in Information Technology (CTIT 11) (pp. 120-125). IEEE.

https://doi.org/10.1109/ctit.2011.6107946

Saleem, S., Popov, O., & Baggili, I. (2016). A method and a case study for the selection of the best available tool for mobile device forensics using decision analysis. Digital Investigation, 16, S55-S64. https://doi.org/10.1016/j.diin.2016.01.008

(42)

195

Samet, N., Letaifa, A. B., Hamdi, M., & Tabbane, S. (2014, June). Forensic investigation in Mobile Cloud environment. In The 2014 International Symposium on Networks, Computers and Communications (pp. 1-5). IEEE.

https://doi.org/10.1109/sncc.2014.6866510

Satyanarayanan, M. (2010, June). Mobile computing: the next decade. In Proceedings of the 1st ACM workshop on Mobile Cloud Computing and services: social networks and beyond (pp. 1-6). https://doi.org/10.1145/1810931.1810936

Scrivens, N., & Lin, X. (2017, May). Android digital forensics: data, extraction and analysis. In Proceedings of the ACM Turing 50th Celebration Conference-China (pp.

1-10). https://doi.org/10.1145/3063955.3063981

Selwin, V. P. (2017, March). Survey on Online Social Media Networks Facebook Forensics. In International Conference on Information and Communication Technology for Intelligent Systems (pp. 1-12). Springer, Cham.

https://doi.org/10.1007/978-3-319-63673-3_1

Sengupta, S., Basak, S., & Peters, R. A. (2019). Particle Swarm Optimization: A survey of historical and recent developments with hybridization perspectives. Machine Learning and Knowledge Extraction, 1(1), 157-191. https://doi.org/10.3390/make1010010 Shahzad, A., & Hussain, M. (2013). Security issues and challenges of Mobile Cloud

Computing. International Journal of Grid and Distributed Computing, 6(6), 37-50.

https://doi.org/10.1.1.640.1140

Sharma, P., Arora, D., & Sakthivel, T. (2017, March). Mobile Cloud forensic: Legal implications and counter measures. In International Conference on Information and Communication Technology for Intelligent Systems (pp. 531-542). Springer, Cham.

https://doi.org/10.1007/978-3-319-63673-3_64.

Sharma, P., Arora, D., & Sakthivel, T. (2020). Enhanced forensic process for improving mobile cloud traceability in cloud-based mobile applications. Procedia Computer Science, 167, 907-917.

(43)

196

Shi, Y., & Eberhart, R. C. (1999, July). Empirical study of particle swarm optimization.

In Proceedings of the 1999 congress on evolutionary computation-CEC99 (Cat. No.

99TH8406) (Vol. 3, pp. 1945-1950). IEEE. https://doi.org/10.1109/CEC.1999.785511 Shields, C., Frieder, O., & Maloof, M. (2011). A system for the proactive, continuous, and

efficient collection of digital forensic evidence. Digital Investigation, 8, S3-S13.

Sibiya, G., Venter, H. S., & Fogwill, T. (2012). Digital Forensic Framework for a Cloud Environment. IST-Africa 2012 Conference Proceedings. IIMobile Cloud International Information Management Corporation, 2012.

Simou, S., Kalloniatis, C., Kavakli, E., & Gritzalis, S. (2014, June). Cloud forensics:

identifying the major issues and challenges. In International conference on advanced information systems engineering (pp. 271-284). Springer,

Cham.https://doi.org/10.1007/978-3-319-07881-6_19

Song, W., Yin, H., Liu, C., & Song, D. (2018, January). Deepmem: Learning graph neural network models for fast and robust memory forensic analysis. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 606- 618). https://doi.org/10.1145/3243734.3243813

Statista. (2018) Portal, Retrieved from website:

https://www.statista.com/statistics/292840/distribution-global-cloud-and-non-cloud- traffic/, Accessed on Jan, 2018.

Stergiou, C., & Psannis, K. E. (2017). Recent advances delivered by Mobile Cloud Computing and Internet of Things for Big Data applications: a survey. International Journal of Network Management, 27(3), e1930.

Sylve, J., Case, A., Marziale, L., & Richard, G. G. (2012). Acquisition and analysis of volatile memory from android devices. Digital Investigation, 8(3-4), 175-184.

Integrated examination and analysis model for improving mobile cloud forensic investigation

Full text