ebook img

A Practical Hands-on Approach to Database Forensics PDF

302 Pages·2022·13.162 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview A Practical Hands-on Approach to Database Forensics

Studies in Big Data 116 Nhien-An Le-Khac Kim-Kwang Raymond Choo A Practical Hands-on Approach to Database Forensics Studies in Big Data Volume 116 Series Editor Janusz Kacprzyk, Polish Academy of Sciences, Warsaw, Poland The series “Studies in Big Data” (SBD) publishes new developments and advances in the various areas of Big Data-quickly and with a high quality. The intent is to cover the theory, research, development, and applications of Big Data, as embedded in the fields of engineering, computer science, physics, economics and life sciences. The books of the series refer to the analysis and understanding of large, complex, and/or distributed data sets generated from recent digital sources coming from sensors or other physical instruments as well as simulations, crowd sourcing, social networks or other internet transactions, such as emails or video click streams and other. The series contains monographs, lecture notes and edited volumes in Big Data spanning the areas of computational intelligence including neural networks, evolutionary computation, soft computing, fuzzy systems, as well as artificial intelligence, data mining, modern statistics and Operations research, as well as self-organizing systems. Of particular value to both the contributors and the readership are the short publication timeframe and the world-wide distribution, which enable both wide and rapid dissemination of research output. The books of this series are reviewed in a single blind peer review process. Indexed by SCOPUS, EI Compendex, SCIMAGO and zbMATH. All books published in the series are submitted for consideration in Web of Science. · Nhien-An Le-Khac Kim-Kwang Raymond Choo A Practical Hands-on Approach to Database Forensics Nhien-An Le-Khac Kim-Kwang Raymond Choo School of Computer Science Department of Information Systems University College Dublin and Cyber Security Dublin, Ireland University of Texas at San Antonio San Antonio, TX, USA ISSN 2197-6503 ISSN 2197-6511 (electronic) Studies in Big Data ISBN 978-3-031-16126-1 ISBN 978-3-031-16127-8 (eBook) https://doi.org/10.1007/978-3-031-16127-8 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland Foreword It is an honor to write a foreword on this book on database forensics by Kim-Kwang Raymond Choo and Nhien-An Le-Khac. Database forensics in this book are well described, with many examples, and also the need for validation. Since the rate of change in digital evidence and also database forensics is fast, it is important to have the newest insights in the field in this book. I was excited to read this book with many viewpoints on database forensics in instant messaging, SQL databases, mobile phones and IoT devices. Case examples are important to explore and give insights for future cases in this field. As a forensic scientist at the Netherlands Forensic Institute, as well as my chair Forensic Data Science at the University of Amsterdam, this is a valuable book for researchers, teaching and practitioners in the field. The book has covered different expert knowledge and can also be used as an excellent reference in these fields. Zeno Geradts Forensic Scientist, Netherlands Forensic Institute Chair of Forensic Data Science University of Amsterdam Amsterdam, The Netherlands v Acknowledgements This book would not have been possible for the amazing students enrolled in the Master of Science (M.Sc.) in Forensic Computing and Cybercrime Investiga- tion program at the University College Dublin, Ireland—Katherine Moser, Jayme Winkelman, Benno Krause, Daniel Meier, Shuo Yan and Jacques Boucher, who were willing to dedicate their time and efforts to work on the research, share their findings and co-author chapters in this book. We are also extremely grateful to Springer and their staff for their support in this project. They have been most accommodating of our schedule and helping to keep us on track. We would like to thank our family and our loved ones for their unending support. To Thanh Thoa and Tri Nhien! vii Contents 1 Databases in Digital Forensics ................................... 1 1.1 Introduction .............................................. 1 1.2 Organization of This Book .................................. 1 References ..................................................... 2 2 Database Forensics ............................................. 3 2.1 Introduction to Databases ................................... 3 2.1.1 What Is a Database? ................................. 3 2.1.2 Database Management System (DBMS) ................ 5 2.1.3 Database Types and Users ............................ 6 2.2 Relational Databases ....................................... 7 2.2.1 Basic Concepts ..................................... 7 2.2.2 Database Design .................................... 9 2.3 Structured Query Language (SQL) ........................... 10 2.3.1 SQL and SQLite .................................... 10 2.3.2 SQLite Basic Commands ............................ 10 2.4 Database Forensics ........................................ 11 2.5 Examples ................................................ 14 2.5.1 IOS Database Investigation ........................... 14 2.5.2 WhatsApp Database Forensics ........................ 19 2.6 Summary ................................................ 24 References ..................................................... 25 3 Signal Instant Messenger Forensics .............................. 27 3.1 Introduction .............................................. 27 3.2 Basic Features ............................................ 29 3.2.1 Signal Messenger ................................... 29 3.2.2 Disappearing Messages .............................. 29 3.2.3 Delete for Everyone ................................. 30 3.2.4 View-Once Media ................................... 30 3.2.5 Mark as Unread .................................... 30 3.2.6 Show in Suggestions ................................ 31 3.2.7 Backup and Restore Messages ........................ 31 ix x Contents 3.3 Related Work ............................................. 31 3.4 Forensic Methods ......................................... 36 3.4.1 Experimental Platforms .............................. 36 3.4.2 Datasets ........................................... 38 3.4.3 Forensic Scenarios .................................. 38 3.4.4 Forensic Acquisition and Analysis of Signal ............ 45 3.4.5 Forensic Analysis ................................... 54 3.5 Findings and Discussion .................................... 55 3.5.1 Signal Account Take Over ............................ 55 3.5.2 Signal Activity Monitoring with Linked Device ......... 57 3.5.3 Signal Group Chat .................................. 58 3.5.4 Use Signal as Source of OSINT ....................... 60 3.5.5 Forensic Acquisition and Analysis of Signal ............ 62 3.6 Discussion ............................................... 87 3.6.1 General Process to Handle Signal ..................... 87 3.6.2 Signal Data and Database ............................ 88 3.6.3 Signal Investigation Without Physical Devices .......... 89 3.7 Summary ................................................ 90 References ..................................................... 91 4 Forensic Analysis of the qTox Messenger Databases ............... 93 4.1 Introduction .............................................. 93 4.2 Background Concepts ...................................... 94 4.2.1 QTox Client ........................................ 94 4.2.2 The Tox ID ........................................ 95 4.3 Related Work ............................................. 96 4.4 Why qTox Database Forensics? .............................. 99 4.5 Methodology ............................................. 100 4.5.1 Artifact Definitions .................................. 100 4.5.2 Experimental Environments .......................... 100 4.5.3 Data Population .................................... 104 4.5.4 Acquisition of Data ................................. 106 4.5.5 Forensic Analysis of Data ............................ 110 4.6 Findings and Discussions ................................... 113 4.6.1 Recovered Artifacts Found in the Image Files ........... 113 4.6.2 Recovered Artifacts Found in the Memory Dump ........ 116 4.6.3 Recovered Artifacts Found in the Database Files ........ 119 4.6.4 Discussion ......................................... 120 4.7 Summary ................................................ 122 References ..................................................... 122 5 PyBit Forensic Investigation ..................................... 125 5.1 Introduction .............................................. 125 5.2 Basic Features ............................................ 126 5.2.1 Bitmessage Concept ................................. 126 5.2.2 Data Encryption .................................... 126 Contents xi 5.2.3 BitMessage Networking Concept ...................... 129 5.2.4 BitMessage Implementations and Applications .......... 136 5.3 Criminal Usage of the BitMessage System and Investigation Challenges ............................................... 138 5.3.1 Illegal Transactions ................................. 138 5.3.2 Blackmailing of Politicians and Celebrities ............. 139 5.3.3 Command and Control Communication of the Chimera Malware ............................. 139 5.3.4 Investigation Issues ................................. 139 5.4 Adopted Approach ........................................ 140 5.4.1 Identification of Recipients ........................... 140 5.4.2 Network Surveillance ................................ 156 5.4.3 Forensic Information Gathering ....................... 160 5.5 Summary ................................................ 171 References ..................................................... 173 6 Database Forensics for Analyzing Data Loss in Delayed Extraction Cases ............................................... 175 6.1 Introduction .............................................. 175 6.2 Background .............................................. 178 6.2.1 iOS SQLite Databases ............................... 178 6.2.2 SQLite Vacuuming .................................. 178 6.3 Methodology ............................................. 179 6.4 Database Analyzing of iOS ................................. 181 6.4.1 iPhones for Conducting the Research .................. 181 6.4.2 Platforms and Forensic Tools ......................... 182 6.4.3 Extraction Phase and Timeline ........................ 183 6.4.4 Artifacts of Interest .................................. 184 6.4.5 Analysis Approaches ................................ 185 6.5 Experiments and Findings .................................. 187 6.5.1 iOS Application and Database Analysis ................ 188 6.5.2 Timeline and iOS Analysis ........................... 219 6.6 Discussion and Analysis .................................... 225 6.6.1 Comparison Analysis ................................ 225 6.6.2 iOS Application and Database Analysis ................ 227 6.6.3 Timeline and iOS Analysis ........................... 229 6.7 Summary ................................................ 230 References ..................................................... 232 7 IoT Database Forensics—A Case Study with Video Door Bell Analysis ....................................................... 233 7.1 Introduction .............................................. 233 7.2 Related Work ............................................. 234 7.3 Why Video Doorbell Analysis? .............................. 235 7.4 Methodology ............................................. 236

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.