Forensic Analysis of GroupMe on Android and iOS Smartphones

Tanvi Milind Gandhi (11205891)

30 July 2021

The growing popularity of instant messaging has led to the conception of several new applications over the span of the past decade. This has opened up an attack surface for cybercriminals to target susceptible app users. GroupMe is a free IM app widely used by students and so far, no comprehensive forensic analysis has been performed to aid forensic practitioners in recovering evidence from GroupMe on smartphones. This research performs a detailed analysis of the digital artifacts left by the app on Android and iOS devices. This was achieved by installing the app on two mobile phones (Samsung Galaxy S7 Edge and iPhone 6), and identifying each artifact created by performing a series of actions in the app ranging from sending texts, to sharing images and documents, along with their location. Using Cellebrite UFED and Magnet AXIOM, a significant number of artifacts were accurately recovered mainly from the “GroupMe.sqlite” and “GroupMe.sqlite-wal” databases. Out of the 335 artifacts populated on the iPhone, 317 were correctly recovered by both UFED and AXIOM, resulting in an accuracy of 94.62%. No GroupMe related artifacts could be recovered from the Android device. This was due to several physical imaging and rooting limitations imposed by the Samsung SM-935A model, which was used during the study.

Uncategorized

Digital Forensics

Cyber Forensics

Mobile Forensics

Forensic Analysis

GroupMe

Android Forensics

iOS Forensics

UFED Cellebrite

Magnet AXIOM

Forensic Analysis of Navigation Applications on Android and iOS Platforms

Neesha Shantaram (11656642)

19 December 2021

<div>With the increased evolution in technology over the past decade, there has been a gradual inclination towards utilizing advanced tools, like location-based applications which incorporate features such as constant route or traffic updates with Global Positioning System (GPS), among</div><div>others, which aid in smooth living. Such applications gain access to private information of users, among their other life hack qualities, thus producing a highly vulnerable ground for data exposure such as current location. With the increase in mobile application-based attacks, there exists a</div><div>constant threat scenario in terms of criminal activities which pose an ultimate challenge while tackling large amount of data. This research primarily focuses on the extent of user-specific data that can be obtained while forensically collecting and analysing data from Waze and HEREwego</div><div>applications on Android and iOS platforms. In order to address the lack of forensic research on the above mentioned applications, an in-depth forensic analysis is conducted in this study, utilizing Cellebrite, a professional tool to provide and verify the evidence acquired, that aid in any digital forensic investigations. On the Waze application, 12 artifacts were populated on the Android device and 17 artifacts on the iOS device, out of which 12 artifacts were recovered from the Android device (100% of the artifacts populated) and 12 artifacts from the iOS device (70.58% of the artifacts populated). Similarly on the HEREwego application, 14 artifacts were populated on the Android device and 13 artifacts on the iOS device, out of which 7 artifacts were recovered from the Android device (50% of the artifacts populated) and 7 artifacts from iOS device (53.84% of the artifacts populated).</div>

Technology not elsewhere classified

Digital Forensics

Mobile Forensics

Cyber Forensics

Android Forensics

iOS Forensics

GPS

Navigation

Mobile applications

UFED Cellebrite

Waze

HEREwego