Dr Hannan Azhar, Programme Director of Computer Forensics and Security at CCCU

COVID-19 continues to drive a surge in engagement in digital activities and has brought in changes in the way we conduct our lives in this increasingly connected world. Mobile phones are an essential part of life during the pandemic while working remotely, shopping online or consulting for health advices. According to the Global System for Mobile Communications [1], there were five billion mobile users in the world by the second quarter of 2017, with a prediction that another 620 million people will become mobile phone users by 2020, together that would account for almost three quarters of the world population.

Due to the increasing popularity in mobile phones, there is naturally an increasing concern over mobile security and how safe communication between individuals or groups is. With all the opportunities for new crimes to be committed through growing technology, it is crucial to ensure law enforcement agencies have the appropriate software and methods to deal with these crimes. 

The growth of ephemeral messaging applications (EMAs) is also posing a problem to the enforcement of law, with apps being proving a concern for activities like cyberbullying or even high-end criminal activity like terrorism [2]. Criminals may use regular chatting applications, but there is a growing opportunity within the mobile application market for criminals to use ephemeral messaging applications, which allow users to send messages/multimedia etc. to each other with the messages only lasting for a certain period of time.

It has been reported that criminals are moving away from dark web interactions and onto EMAs such as Facebook Messenger, Snapchat, and Wire etc [2]. It is thought this is happening because data in these applications is known to delete itself, which is prime for criminal communications. For example, Snapchat allows users to send ‘Snaps’ to each other containing pictures, which are deleted once the recipient user closes the message. To find out if messages from such applications can indeed be recovered or not, a forensic examination of the device would be required by the law enforcement authority.

Our recent research at the University, to be appeared on the International Journal of Advances in Security [3], reports mobile forensic investigations of ephemeral data from a wide range of applications using both proprietary and freeware forensic tools. Both Android and iOS platforms were used in the investigation. The results from the investigation uncovered various artefacts from the iOS device including account information, contacts, and evidence of communication between users.  The investigation was carried out according to the four good practice guidelines of the Association of Chief Police Officers (ACPO) [2]. For example, the third principle of the guidelines state that an audit trail should be recorded throughout the investigation in a manner, such that a third party could recreate the steps taken in the investigation and get the same results.

Another recent study at the CCCU [4], utilised two mobile devices, using Android and IOS respectively, alongside a Windows 10 based laptop using an Android emulator. The applications selected for the study included various shared and device/OS specific apps, including two ephemeral apps: Snapchat and Instagram. Each device was used to gather forensically valuable data before undergoing forensic analysis, after which the data would be deleted to simulate a criminal covering their tracks and would undergo analysis once more.

The study showed detailed information of what each forensic tool could recover from the test devices, with subcategories for each specific application, device and file type. While less focussed on the tools utilised during analysis, this study put heavy focus into the realism of the forensic analysis within the experiment, going as far to consult digital forensic specialists and fifteen separate police forces within England and Wales to ensure the experiment would prove as realistic a scenario as possible.

As cybercrime continues to rise during the pandemic, so too does the need for computing professionals to lead the fight against it. There is a shortage of skills to protect computer systems from malicious attacks, human error, and exploitation of vulnerabilities. Such skills include utilising an ethical hacking approach to highlight security vulnerabilities so that they can be fixed or mitigated.

Computer Forensics involves recovering intelligence and evidence from digital devices for the purposes of remediation, litigation and/or prosecution. The aim of the Computer Forensics and Security programme is to equip students with the theoretical knowledge and practical skills needed to enter these exciting areas of Computing.

The School of Engineering, Technology and Design at Canterbury Christ Church University, where this programme is housed and taught, have close links with the College of Policing, Kent Police, HMRC and Europol and many of our students have gone on to successful careers in the Computer Forensics and Computer Security industries.

The school uses popular industry standard software and system. The programmes follow elements of the Conceive-Design-Implement-Operate (CDIO) (www.cdio.org) strategy. Canterbury Christ Church University become one of few UK universities to be accepted to the international CDIO– a community pioneered by the world-renowned Massachusetts Institute of Technology. Key to this is the industrial relevance of the programme. Students take part in a large quantity of active learning to occur using group projects and problem based learning with industrial involvement.

The CDIO scheme is a way of helping students to become workplace ready and have commercial awareness in many ways. Students will learn to work at all the stages of the typical product or service lifecycle. Students will take part in a large quantity of active learning in the form of practical focused workshops, individual/group projects and problem-based learning tasks with industrial involvement.

For more information about the Computer Forensics and Security programme please visit  https://www.canterbury.ac.uk/study-here/courses/computer-forensics-and-security.

References

[1] GSMA, “Number of Mobile Subscribers Worldwide Hits 5 Billion”, [Online]. Available from: https://www.gsma.com/newsroom/press-release/number-mobile-subscribers-worldwide-hits-5-billion/ [Accessed: 01- July- 2020].

[2] A. Chamberlain and M.A.H.B. Azhar, “Comparisons of Forensic Tools to Recover Ephemeral Data from iOS Apps Used for Cyberbullying”, The Fourth International Conference on Cyber-Technologies and Cyber-Systems, CYBER 2019, Porto, Portugal.

[3] M.A.H.B. Azhar, R. Cox and A. Chamberlain, “Forensic Investigations of Popular Ephemeral Messaging Applications on Android and iOS  Platforms”, to be appeared on the International Journal of Advances in Security , Vol 13, 2020 ; Available from:  http://www.iariajournals.org/security/index.html [Accessed: 01- July- 2020].

[4] P. Naughton and M. A. H. B. Azhar, “An Investigation on Forensic Opportunities to Recover Evidential Data from Mobile Phones and Personal Computers. The Second International Conference on Cyber-Technologies and Cyber-Systems”, CYBER 2017, Barcelona, Spain.