Julián García Murias
A forensic analysis of streaming platforms on Android OS
García Murias, Julián; Levick, Douglas; Mckeown, Sean
Abstract
This work builds on existing research in streamed video reconstruction on the Android OS, which previously demonstrated that caching occurs in most cases for the Chrome and Firefox Web browsers. Prior work also outlined that streaming application caching behaviour is dependent on both the implementation of the service, as well as the actions taken by the user, with contrasting results between replaying videos and viewing live content. We conduct a forensic investigation for the Twitch, Facebook, Reddit, Instagram and Periscope Android applications, with a focus on the application specific folders in the /data/data directory. Applications were populated with data by creating accounts and viewing a mixture of live and replay (recorded) video streams, with a focus on attempting to recover video fragments or identifiers for particular streams/videos. As users may take action to hinder forensic endeavours, additional videos were viewed to identify baseline caching and overwriting behaviour on each application. Additionally, An-droid's 'Cache clear' operation was evaluated for its anti-forensic potential. While Android seems to produce different behaviour for live and recorded streams, which is consistent with prior work, our findings suggest that An-droid applications typically retain few, or no, video artefacts, which contrasts with their browser based counterparts. Cache clearing also appears to be a powerful, and trivial, anti-forensics step for clearing locally cached media in each application. We suggest that, going forward, new applications should be tested on a variety of platforms, as it appears that they do not necessarily leave behind consistent forensic traces across versions.
Citation
García Murias, J., Levick, D., & Mckeown, S. (2023). A forensic analysis of streaming platforms on Android OS. Forensic Science International: Digital Investigation, 44, Article 301485. https://doi.org/10.1016/j.fsidi.2022.301485
Journal Article Type | Article |
---|---|
Acceptance Date | Nov 21, 2022 |
Online Publication Date | Dec 6, 2022 |
Publication Date | 2023-03 |
Deposit Date | Nov 21, 2022 |
Publicly Available Date | Dec 6, 2022 |
Journal | Forensic Science International: Digital Investigation |
Publisher | Elsevier |
Peer Reviewed | Peer Reviewed |
Volume | 44 |
Article Number | 301485 |
DOI | https://doi.org/10.1016/j.fsidi.2022.301485 |
Keywords | Streamed video forensics; Android application forensics; cached video forensics |
Public URL | http://researchrepository.napier.ac.uk/Output/2963262 |
Files
A Forensic Analysis Of Streaming Platforms On Android OS
(2.3 Mb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
You might also like
A Comparative Analysis of Honeypots on Different Cloud Platforms
(2021)
Journal Article
Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment
(2020)
Conference Proceeding
Using Amazon Alexa APIs as a Source of Digital Evidence
(2020)
Conference Proceeding
Forensic Considerations for the High Efficiency Image File Format (HEIF)
(2020)
Conference Proceeding
Microtargeting or Microphishing? Phishing Unveiled
(2020)
Conference Proceeding