Research Area:  Digital Forensics
In this paper, we propose an analysis method for investigation of cloud client applications in order to automatically detect all possible data remnants and data leakage on Android devices. In this analysis method, a set of predefined keywords to conduct the manual examination of acquired forensically sound images of Android-s internal memory (RAM) and internal storage was used. This allows the investigators to detect the data remnants and identify users activities patterns. The identified patterns are then used to design an algorithm for detecting cloud client applications data remnants automatically. The outcome of this paper resulted in detection of varieties of artifacts from different user activities, such as installation, login, uploading, downloading, deletion, and the sharing of files on the Android internal memory and internal storages. These findings and method may assist digital forensic examiners and investigators in real world examination of cloud client applications on Android platforms.
Keywords:  
Author(s) Name:  Farid Daryabar; Mohammad Hesam Tadayon; Ashkan Parsi; Hadi Sadjadi
Journal name:  
Conferrence name:  8th International Symposium on Telecommunications (IST)
Publisher name:  IEEE
DOI:  10.1109/ISTEL.2016.7881799
Volume Information:  
Paper Link:   https://ieeexplore.ieee.org/abstract/document/7881799