Skip to main content

Research Repository

Advanced Search

A forensic analysis of streaming platforms on Android OS

Murias, Julián García; Levick, Douglas; McKeown, Sean


Julián García Murias

Douglas Levick


This work builds on existing research in streamed video reconstruction on the Android OS, which previously demonstrated that caching occurs in most cases for the Chrome and Firefox Web browsers. Prior work also outlined that streaming application caching behaviour is dependent on both the implementation of the service, as well as the actions taken by the user, with contrasting results between replaying videos and viewing live content. We conduct a forensic investigation for the Twitch, Facebook, Reddit, Instagram and Periscope Android applications, with a focus on the application specific folders in the /data/data directory. Applications were populated with data by creating accounts and viewing a mixture of live and replay (recorded) video streams, with a focus on attempting to recover video fragments or identifiers for particular streams/videos. As users may take action to hinder forensic endeavours, additional videos were viewed to identify baseline caching and overwriting behaviour on each application. Additionally, An-droid's 'Cache clear' operation was evaluated for its anti-forensic potential. While Android seems to produce different behaviour for live and recorded streams, which is consistent with prior work, our findings suggest that An-droid applications typically retain few, or no, video artefacts, which contrasts with their browser based counterparts. Cache clearing also appears to be a powerful, and trivial, anti-forensics step for clearing locally cached media in each application. We suggest that, going forward, new applications should be tested on a variety of platforms, as it appears that they do not necessarily leave behind consistent forensic traces across versions.

Journal Article Type Article
Acceptance Date Nov 21, 2022
Online Publication Date Dec 6, 2022
Publication Date 2023-03
Deposit Date Nov 21, 2022
Publicly Available Date Dec 6, 2022
Publisher Elsevier
Peer Reviewed Peer Reviewed
Volume 44
Article Number 301485
Keywords Streamed video forensics; Android application forensics; cached video forensics
Public URL


You might also like

Downloadable Citations