A Comprehensive Survey on Artifact Recovery from Social Media Platforms: Approaches and Future Research Directions
Abstract
:1. Introduction
2. Background
- What are the current state-of-the-art artifact recovery techniques used in digital forensics from social media applications?
- What are the trends in research related to artifact recovery in social media applications?
- What are the current gaps in the literature that need to be focused on?
- What are the future research directions for artifact recovery from social media applications in digital forensics, and how can these techniques be improved to serve the needs of digital forensics practitioners better?
3. Preliminary Information
3.1. Research Objectives
- Artifact analysis: Investigating digital traces and artifacts left behind by social media platforms upon conducting user activity.
- Recovering deleted chats: Recovering deleted chats on social media platforms to reconstruct digital interactions.
- Decrypting messages/traffic: Research on methodologies for decrypting encrypted messages and network traffic within social media applications.
- Comparison of tools: Evaluating different forensic tools on social media investigations, identifying their strengths and weaknesses.
- Artifact correlation: Establishing connections among different types of digital artifacts collected during the examination.
- Tool creation: Creating software for social media forensics.
- Creating a forensic taxonomy: Developing comprehensive taxonomies and categorizations to classify various types of digital evidence and artifacts encountered in social media investigations.
- Database structure and analysis: Analyzing the underlying structure of social media databases to gain insights into data storage and retrieval mechanisms.
- Source code analysis: Analyzing the source code of social media applications to uncover vulnerabilities, backdoors, or hidden features that may have forensic significance.
3.2. Common Digital Forensics Frameworks
- Association of Chief Police Officers (ACPO): The ACPO framework is widely adopted in law enforcement agencies in the United Kingdom. It outlines procedures and best practices for handling digital evidence in criminal investigations [92].
- McKemmish Framework: Developed by Margaret McKemmish, this framework focuses on the digital preservation aspect of forensic investigations. It emphasizes the need to maintain the integrity and authenticity of digital evidence over time [153].
- Digital Forensic Research Workshop (DFRWS): DFRWS is a community-driven organization that has contributed significantly to developing digital forensic standards and methodologies. Its framework consists of six stages, namely identification, preservation, collection, examination, analysis, and presentation [154].
- National Institute of Justice (NIJ): The NIJ framework caters to the specific needs of the criminal justice community in the United States. It addresses forensic procedures, evidence handling, and the integration of digital evidence into the criminal justice system [155].
- iPhone Forensic Framework (iFF): Existing commercial solutions and approaches in the field of iPhone forensics tend to be costly and complex, often demanding supplementary hardware for the investigative process. Consequently, Husain et al. [156] introduced a simple framework for iPhone forensic examination, comprising three main stages: data retrieval, data examination, and data presentation. This framework proved to be effective in extracting evidence from an iPhone.
- International Digital Forensics Investigation Framework 2 (IDFIF 2): IDFIF 2 is an updated version of the IDFIF framework intended to enhance the global standardization of digital forensic practices. It focuses on promoting international cooperation and consistency in digital investigations [157].
3.3. Analysis Focus
- Disk: The disk is essentially the storage of a device, primarily the hard drive and solid-state drives in computers and NAND flash chips in phones. The data in the disk provide numerous artifacts from social media applications, such as user-identifiable information, timestamps, media (photos and videos), chats, and much more.
- Memory: Memory refers to the volatile storage areas of a device, such as the Random Access Memory (RAM). Almost all applications use volatile memory to store data temporarily, such as the current state, open applications, active processes, etc. This provides access to real-time information, such as passwords, user activities, and more, making it valuable for investigations.
- Network: Analyzing network data involves monitoring and capturing network traffic exchanged. It allows investigators to track and analyze data in transit, potentially uncovering valuable evidence related to social media activities. This aspect is crucial as it involves real-time communication.
3.4. Experimental Setup
- Rooting or Jailbreaking: One of the critical decisions researchers make is whether to root (for Android) or jailbreak (for iOS) the mobile device under investigation. Rooting or jailbreaking grants the researcher elevated privileges and access to parts of the device that are typically restricted. This decision can significantly impact the types of data that can be accessed and the methods employed for data extraction.
- Virtual device environment: Some experiments are conducted in a controlled environment using virtual devices or emulators. These virtual environments mimic the behavior of real devices and can be useful for testing and research without affecting physical devices.
- Web browser: Another approach involves conducting experiments through a web browser interface. This method can be advantageous for studying web-based applications and online social media user activities and the subsequent traces of evidence the browser leaves.
3.5. Digital Forensics Tools
4. Methodology
Organization of the Research
- User information: This category contains artifacts that reveal critical data points on a user’s personal information.
- User activities: This group of artifacts reveals information about user activities on social media platforms.
- Metadata: Metadata consists of crucial information like timestamps and geolocation, providing valuable context to other artifacts retrieved.
- Password: This category refers to the user account password being recovered.
- Encryption key: Encryption key artifacts are commonly recovered from studies focusing on database decryption of social media applications. They are used to decrypt the database.
5. Memory Analysis Focus
- program data (data related to currently running applications);
- process data (data related to currently running processes such as open files and data for execution);
- user data (data generated or modified by the users);
- network data (network connections);
- graphics data (video and graphics data including contents of the screen and graphics used in applications);
- user sessions (Information about user sessions, including user login credentials, active user profiles, and session-related data);
- browser data (data related to open tabs, history, cookies, and cached web content).
5.1. Memory Acquisition
5.2. Memory Analysis
5.3. Artifact Recovery from Memory
Ref | Application | R | VD | Tools | Artifacts | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Platform | Acquisition | Analysis | User Information | User activities | Metadata | Password | Encryption key | ||||
Windows | [57] | Digsby | N | N | N/A | Encase | ✓ | ✓ | ✓ | × | × |
[60] | N | N | DumpIt | WinHex | ✓ | ✓ | × | ✓ | × | ||
[76] | Skype | N | Y | N/A | RSA keyfinder, AES Keyfinder, Volatility, Hex editor | × | × | × | ✓ | ✓ | |
[77] | N | N | Helix | FTK Toolkit, HxD | ✓ | ✓ | ✓ | × | × | ||
[83] | Google Hangouts | N | N | DumpIt | Volatility, WinHex | ✓ | ✓ | × | × | ✓ | |
[84] | Line | N | N | Ramcapturer, FTK Imager | WinHex | × | ✓ | ✓ | × | × | |
[126] | IMO | N | N | Custom python script | Volatility, Windbg | ✓ | ✓ | ✓ | × | × | |
[145] | Digsby | N | N | N/A | WinHex | ✓ | × | × | ✓ | × | |
[149] | Telegram | N | Y | Windows memory extractor | IM artifact finder | × | ✓ | ✓ | ✓ | × | |
[150] | Skype, WhatsApp, Viber, Facebook | N | N | DumpIt | Strings | ✓ | ✓ | ✓ | × | × | |
Android | [33] | Y | Y | Memfetch | Volatility | × | ✓ | ✓ | × | × | |
[34] | Skype | Y | Y | ADB, DDMS | Eclipse memory analyzer, grep | × | ✓ | × | × | × | |
[35] | Wickr | Y | N | Android tool memory dump | Strings | ✓ | × | × | × | × | |
[36] | Wickr, Telegram | N | N | Memory dump app | String, grep | ✓ | × | × | × | × | |
[37] | Line | Y | Y | N/A | Winhex, EnCase | ✓ | ✓ | × | × | × | |
[38] | KIK | N | Y | ADB | Grep, JHAT | × | ✓ | × | × | × | |
[78] | Viber | N | N | Android SDK | FTK Toolkit | ✓ | × | × | × | × | |
[80] | Skype, MSN | N | N | Android SDK | FTK Toolkit | ✓ | × | × | × | × | |
[81] | N | N | Lime | WinHex, Volatility | × | ✓ | × | × | × | ||
[82] | Facebook, Viber, WhatsApp | Y | N | Lime, ADB | Custom script | ✓ | ✓ | ✓ | × | × | |
[130] | Private text messaging, Wickr | Y | N | N/A | N/A | × | × | × | ✓ | × | |
[134] | ChatSecure | Y | Y | Lime | Volatility | × | × | × | × | ✓ | |
Linux | [25] | Facebook, twitter, google+, telegram, openwapp, LINE | N | N | Lime | FTK Toolkit, HxD | ✓ | ✓ | × | ✓ | × |
[85] | Discord, Slack | N | Y | N/A | Volatility, WxHexeditor | ✓ | ✓ | × | × | × | |
iOS | [150] | Skype, WhatsApp, Viber, Facebook | N | N | DumpIt | Strings | ✓ | ✓ | ✓ | × | × |
6. Network Analysis Focus
6.1. Common Research Aims for Network Forensics
6.2. Common Network Forensics Tools
6.3. Network Forensics Artifacts
7. Disk Analysis Focus
7.1. Experimental Setup
7.1.1. Virtualized Environments
7.1.2. Rooting (Android)
7.1.3. Jailbreaking (iPhones)
7.2. Disk Forensic Analysis Tools
- 1.
- Free tools: Our analysis reveals that the choice of free data acquisition tools is contingent upon the operating system under examination. For Windows, FTK Imager emerges as the predominant option, while iOS investigations frequently employ iTunes, and Android device data acquisition commonly relies on ADB (Android Debug Bridge) [134] and backup utilities. Conversely, analysis tools exhibit a higher degree of consistency in their utilization across various operating systems. Hex editors and DB Browser for SQLite rank as the most widely used analysis tools, with a notable exception being plist editors, which are specifically tailored for examining .plist files—these are key/value persistent storage files—found on iOS and macOS operating systems.
- 2.
- Proprietary tools: Proprietary tools represent closed-source software applications that are developed and exclusively owned by specific organizations. Typically, these tools necessitate the acquisition of licenses for authorized usage. Moreover, the outcomes produced by these tools are generally accepted in a court of law, making it difficult to dispute their findings. Notable players in the field of digital forensics software include Cellebrite, Magnet Forensics, Belkasoft, and Oxygen Forensics, among others. These companies often categorize their software offerings based on distinct functionalities. For instance, Cellebrite distinguishes between the Cellebrite UFED (Universal Forensic Extraction Device), tailored for data extraction, and the Cellebrite PA (Physical Analyzer), designed for in-depth analysis. Similarly, Magnet Forensics offers the Magnet AXIOM Process for data acquisition and the Magnet AXIOM Examine for comprehensive analysis [67,127,134]. Other proprietary tools renowned for their data extraction capabilities encompass XRY, MOBILedit Forensics, Wondershare Dr.Fone, and Belkasoft Evidence Centre.
7.3. Disk Forensic Acquisition
- 1.
- Logical acquisition: Logical acquisition involves extracting data at a higher level of abstraction, which mainly includes specific files and data from the device. However, it does not capture deleted files or data stored in unallocated disk space. Logical acquisitions are commonly conducted using ADB and backup applications [36,39,40,52,170,172]. These tools help researchers extract application-specific files, directories, and user data. Android Debug Bridge (ADB) is a command-line tool used for managing Android devices. ADB facilitates communication between a computer and an Android device over a USB connection or a network connection (Wi-Fi or Ethernet). Additionally, there are many backup applications that allow users to backup data—including application data—mainly to the device’s internal memory, to an external SD card, or to some designated cloud storage. These data can then be analyzed using forensic tools.
- 2.
- Full File system acquisition: Full file system extraction is an acquisition in which all the data and metadata related to a device’s file system are collected and preserved as part of an investigation. This method captures the complete hierarchical structure of files, directories, and associated file attributes, such as timestamps, permissions, and file sizes. On the other hand, physical acquisition involves the creation of a bit-for-bit copy or clone of the entire device, which yields more information than a logical extraction would [32].
- 3.
- Physical acquisition: A physical acquisition is a common type of acquisition conducted by researchers [64,111]. It typically provides more evidence than full file system acquisition [69] because it captures not only the file system structures but also the entire contents of the storage device at a lower level, including unallocated space, deleted files, and fragmented data. Tools such as Cellebrite UFED are most prominently used for full file system and physical extractions [64].
7.4. Disk Forensic Analysis
- 1.
- Manual analysis: Manual analysis pertains to the investigator’s non-automated (manual) efforts in searching for populated artifacts. Manual and automated digital forensics analyses differ in how they handle digital evidence. Manual analysis relies on human expertise, where forensic investigators actively examine evidence, search for relevant artifacts, and make informed judgments based on their experience. While this approach is flexible and customizable, it is time-consuming and requires specialized knowledge and skills. To conduct manual analysis, most researchers use DB Browser for SQLite to analyze the database files [111,115,118,128] and hex editors such as HxD or WinHex [27,28,59,60,111,147].
- 2.
- Automated analysis: Automated analysis relies on specialized software tools and scripts to process and analyze digital evidence without direct human intervention. Automated analysis is usually conducted by specialized tools such as Oxygen forensics, Cellebrite UFED Physical analyzer, and others [32,55,65]. Many research articles have employed proprietary tools for automatically analyzing social media data. The most commonly used tools for analysis are MOBILedit, Belkasoft Evidence Center, Oxygen Forensics, Cellebrite Physical Analyzer, Magnet AXIOM, and Internet Evidence Finder [56,109,112,123,128].
- 3.
- Source code analysis: While data analysis of social media applications is the most common way to retrieve artifacts in SMF investigations, Gregorio et al. [23,32] proposed a methodology that will supplement the analysis of artifacts with steps such as studying open knowledge sources (books, related blogs, technical papers) and the source code of the application. It is seen that this methodology yields a broad amount of information. Consequently, it becomes important to delve into open knowledge and dissect the source code to comprehend the data extracted from application artifacts. The collective implementation of these three steps streamlines analysis and traceability and also mitigates reliance on forensic tools. Although this analysis methodology yielded more artifacts than the artifact analysis step yielded alone, there are some limitations to this methodology. In some cases, it is not possible to apply some of the steps due to a lack of information in the open knowledge sources, information from non-trusted sources, or a lack of public source code.
Windows-Specific Forensic Analysis
- 1.
- Windows registry: Analyzing the registry during a forensic investigation in Windows systems is crucial. The registry encapsulates a wealth of information that includes system configurations, user activities, and program execution records. Registry information can be extracted and examined from a forensic image, i.e., a disk copy of the original evidence. To that end, authors of [28,60] also analyze the registry during their forensic investigation. Some of the major tools used for registry analysis are Registry Editor and Regshot. Some of the artifacts revealed from registry analysis include information on the application, such as the model ID and install time [28,60]. Other prominent artifacts include contact photos retrieved from LinkedIn [60].
- 2.
- Windows Phone: Besides Windows systems, researchers have also explored conducting forensic analysis on Windows Phones. While conducting a forensic analysis of WhatsApp data on a Windows phone, Shortall et al. [65] acquired data using the DD command. This was because, at the time of writing, no tool could be used to acquire data from a Windows Phone. A few years later, while analyzing Telegram on the same platform, Gregorio et al. [32] opted for a physical acquisition using Cellebrite UFED Touch. Both experiments involved analysis using the tools Cellebrite UFED Physical Analyzer and Oxygen forensics, but unfortunately, almost no artifacts were recovered. In the case of WhatsApp, the authors recovered media and an encrypted database, but for Telegram, no artifacts were recovered.
7.5. Aims of Disk Forensic Analysis
7.5.1. Organization of Data
7.5.2. Artifact Analysis
7.5.3. Analysis of Privacy Features
7.5.4. Reconstruction of Artifacts
7.5.5. Decryption of Databases
7.5.6. Creating Tools
7.5.7. Browser Analysis
8. Trends in Social Media Forensics
9. Challenges and Future Research Focus in SMF
- 1.
- Social media data in the cloud: The field of social media forensics is developing quickly, and one aspect that has not been given much attention is the investigation of evidence stored in the cloud. With the increasing number of people using social media apps that keep their data in the cloud, it is now vital to concentrate on analyzing cloud data. However, cloud storage presents a significant difficulty for digital forensic investigators, as traditional forensic methods may not be enough to access and analyze cloud data [128]. Therefore, it is crucial to conduct research into the digital forensics of social media app cloud data to create more effective ways of recovering and analyzing artifacts. This research will enhance the efficiency of digital forensic investigations and help tackle the emerging challenges related to cloud-based digital evidence.
- 2.
- Lack of standard methodology for conducting social media forensics analysis: It is crucial to create a comprehensive framework for social media forensics to guide future research [177]. While there are existing frameworks like NIST, NIJ, and ACPO that researchers use for digital forensic extraction and analysis, they are not tailored to the unique challenges presented by social media applications. Therefore, a new framework that specifically addresses the collection and analysis of data from social media platforms is necessary. This framework should offer a thorough approach to artifact recovery and tackle the unique challenges that arise from social media platforms.
- 3.
- Lack of specialized tools for social media forensics: There is a need for further research on integrating social media data into traditional forensic tools. Most current digital forensics tools are not equipped to handle social media data effectively. Therefore, it is necessary to explore methods of integrating social media data into traditional forensics tools to enhance analysis and artifact recovery.
- 4.
- Vast amounts of social media data: One particular area that could be addressed is the analysis of deleted and hidden data. Social media platforms allow users to delete or conceal their data, and it is essential to explore the potential for artifact recovery from such data. In addition, social media platform APIs can be used as a source of data for artifacts. These APIs offer a way to access the data stored on social media platforms, and their potential for artifact recovery in digital forensics has yet to be fully explored. Future research can focus on investigating these APIs and their potential for artifact recovery.
- 5.
- Heterogeneous and disparate sources of data: They pose significant challenges for investigators and analysts. On social media applications, digital evidence is created in a variety of forms, including text, photographs, videos, and location-based information. Hence, the huge volume and disparity of data across many platforms makes it a difficult undertaking to efficiently acquire, analyze, and document this information. Investigators must deal with data consistency, dependability, and authenticity difficulties. Furthermore, individuals’ differing privacy settings and data access rights hamper the recovery and investigation of digital evidence. As a result, dealing with the challenges of processing diverse and divergent data sources in social media forensics necessitates not just strong technological skills, but also a thorough awareness of legal and ethical aspects of the digital investigative process.
- 6.
- Adaptation of Machine Learning and Deep Learning models in SMF: The use of machine learning models is highly promising for automating the process of artifact extraction from social media platforms. Specifically, deep learning models can be trained to identify relevant patterns and features within social media data, which can greatly enhance the efficiency and accuracy of artifact recovery. However, using these models may require technical expertise that some digital forensic professionals may not possess.
10. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Ma, B.; Tao, Z.; Ma, R.; Wang, C.; Li, J.; Li, X. A High-Performance Robust Reversible Data Hiding Algorithm Based on Polar Harmonic Fourier Moments. IEEE Trans. Circuits Syst. Video Technol. 2023; early access. [Google Scholar] [CrossRef]
- Chaffey, D. Global Social Media Statistics Research Summary 2022 [June 2022]. 2023. Available online: https://www.smartinsights.com/social-media-marketing/social-media-strategy/new-global-social-media-research/ (accessed on 12 May 2023).
- Alqatawna, J.; Madain, A.; Al-Zoubi, A.; Al-Sayyed, R. Online social networks security: Threats, attacks, and future directions. In Social Media Shaping e-Publishing and Academia; Springer: Berlin/Heidelberg, Germany, 2017; pp. 121–132. [Google Scholar]
- Rathore, S.; Sharma, P.K.; Loia, V.; Jeong, Y.S.; Park, J.H. Social network security: Issues, challenges, threats, and solutions. Inf. Sci. 2017, 421, 43–69. [Google Scholar] [CrossRef]
- Fire, M.; Goldschmidt, R.; Elovici, Y. Online social networks: Threats and solutions. IEEE Commun. Surv. Tutor. 2014, 16, 2019–2036. [Google Scholar] [CrossRef]
- Patel, P.; Kannoorpatti, K.; Shanmugam, B.; Azam, S.; Yeo, K.C. A theoretical review of social media usage by cyber-criminals. In Proceedings of the 2017 International Conference on Computer Communication and Informatics (ICCCI), Coimbatore, India, 5–7 January 2017; pp. 1–6. [Google Scholar]
- Al Mutawa, N.; Baggili, I.; Marrington, A. Forensic analysis of social networking applications on mobile devices. Digit. Investig. 2012, 9, S24–S33. [Google Scholar] [CrossRef]
- Luo, W.; Liu, J.; Liu, J.; Fan, C. An analysis of security in social networks. In Proceedings of the 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, Chengdu, China, 12–14 December 2009; pp. 648–651. [Google Scholar]
- Norden, S. How the Internet Has Changed the Face of Crime. 2013. Available online: https://scholarscommons.fgcu.edu/esploro/outputs/doctoral/How-the-Internet-has-Changed-the/99383341581306570 (accessed on 12 May 2023).
- Dredge, R.; Gleeson, J.; De la Piedad Garcia, X. Cyberbullying in social networking sites: An adolescent victim’s perspective. Comput. Hum. Behav. 2014, 36, 13–20. [Google Scholar] [CrossRef]
- Garfinkel, S.L. Digital forensics research: The next 10 years. Digit. Investig. 2010, 7, S64–S73. [Google Scholar] [CrossRef]
- Basumatary, B.; Kalita, H.K. Social media forensics—A holistic review. In Proceedings of the 2022 9th International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India, 23–25 March 2022; pp. 590–597. [Google Scholar]
- Reddy, S.T.; Mothe, R.; Sunil, G.; Harshavardhan, A.; Korra, S.N. Collecting the evidences and forensic analysis on social networks: Disputes and trends in research. Stud. Rosenthal. J. Study Res. 2019, XII, 183–192. [Google Scholar]
- Browning, J.G. Digging for the digital dirt: Discovery and use of evidence from social media sites. SMU Sci. Tech. Law Rev. 2010, 14, 465. [Google Scholar]
- Zainudin, N.M.; Merabti, M.; Llewellyn-Jones, D. Online social networks as supporting evidence: A digital forensic investigation model and its application design. In Proceedings of the 2011 International Conference on Research and Innovation in Information Systems, Kuala Lumpur, Malaysia, 23–24 November 2011; pp. 1–6. [Google Scholar]
- Keyvanpour, M.; Moradi, M.; Hasanzadeh, F. Digital forensics 2.0: A review on social networks forensics. In Computational Intelligence in Digital Forensics: Forensic Investigation and Applications; Springer: Cham, Switzerland, 2014; pp. 17–46. [Google Scholar]
- Damshenas, M.; Dehghantanha, A.; Mahmoud, R. A survey on digital forensics trends. Int. J. Cyber-Secur. Digit. Forensics 2014, 3, 209–235. [Google Scholar]
- Arshad, H.; Jantan, A.; Omolara, E. Evidence collection and forensics on social networks: Research challenges and directions. Digit. Investig. 2019, 28, 126–138. [Google Scholar] [CrossRef]
- Tso, Y.C.; Wang, S.J.; Huang, C.T.; Wang, W.J. iPhone social networking for evidence investigations using iTunes forensics. In Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication, Kuala Lumpur, Malaysia, 20–22 February 2012; pp. 1–7. [Google Scholar]
- Gao, F.; Zhang, Y. Analysis of WeChat on iPhone. In Proceedings of the 2nd International Symposium on Computer, Communication, Control and Automation, Shijiazhuang, China, 22–24 February 2013; Atlantis Press: Amsterdam, The Netherlands, 2013; pp. 278–281. [Google Scholar]
- Al Mushcab, R.; Gladyshev, P. Forensic analysis of instagram and path on an iPhone 5s mobile device. In Proceedings of the 2015 IEEE Symposium on Computers and Communication (ISCC), Larnaca, Cyprus, 6–9 July 2015; pp. 146–151. [Google Scholar]
- Ovens, K.M.; Morison, G. Forensic analysis of kik messenger on ios devices. Digit. Investig. 2016, 17, 40–52. [Google Scholar] [CrossRef]
- Gregorio, J.; Alarcos, B.; Gardel, A. Forensic analysis of Telegram messenger desktop on macOS. Int. J. Res. Eng. Sci. 2018, 6, 39–48. [Google Scholar]
- Iqbal, A.; Marrington, A.; Baggili, I. Forensic artifacts of the ChatON Instant Messaging application. In Proceedings of the 2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE), Hong Kong, China, 21–22 November 2013; pp. 1–6. [Google Scholar]
- Yusoff, M.N.; Dehghantanha, A.; Mahmod, R. Forensic investigation of social media and instant messaging services in Firefox OS: Facebook, Twitter, Google+, Telegram, OpenWapp, and Line as case studies. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications; Elsevier: Amsterdam, The Netherlands, 2017; pp. 41–62. [Google Scholar]
- Majeed, A.; Zia, H.; Imran, R.; Saleem, S. Forensic analysis of three social media apps in windows 10. In Proceedings of the 2015 12th International Conference on High-Capacity Optical Networks and Enabling/Emerging Technologies (HONET), Islamabad, Pakistan, 21–23 December 2015; pp. 1–5. [Google Scholar]
- Lee, C.; Chung, M. Digital forensic analysis on Window8 style UI instant messenger applications. In Computer Science and Its Applications; Springer: Berlin/Heidelberg, Germany, 2015; pp. 1037–1042. [Google Scholar]
- Majeed, A.; Saleem, S. Forensic analysis of social media apps in windows 10. NUST J. Eng. Sci. 2017, 10, 37–45. [Google Scholar]
- Moffitt, K.; Karabiyik, U.; Hutchinson, S.; Yoon, Y.H. Discord forensics: The logs keep growing. In Proceedings of the 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 27–30 January 2021; pp. 0993–0999. [Google Scholar]
- Schipper, G.C.; Seelt, R.; Le-Khac, N.A. Forensic analysis of Matrix protocol and Riot. im application. Forensic Sci. Int. Digit. Investig. 2021, 36, 301118. [Google Scholar] [CrossRef]
- Paligu, F.; Varol, C. Microsoft Teams desktop application forensic investigations utilizing IndexedDB storage. J. Forensic Sci. 2022, 67, 1513–1533. [Google Scholar] [CrossRef]
- Gregorio, J.; Gardel, A.; Alarcos, B. Forensic analysis of telegram messenger for windows phone. Digit. Investig. 2017, 22, 88–106. [Google Scholar] [CrossRef]
- Thakur, N.S. Forensic Analysis of WhatsApp on Android Smartphones. 2013. Available online: https://scholarworks.uno.edu/td/1706/ (accessed on 12 May 2023).
- Al-Saleh, M.I.; Forihat, Y.A. Skype forensics in android devices. Int. J. Comput. Appl. 2013, 78, 38–44. [Google Scholar] [CrossRef]
- Barton, T.; Azhar, M. Forensic analysis of the recovery of Wickr’s ephemeral data on Android platforms. In Proceedings of the First International Conference on Cyber-Technologies and Cyber-Systems, IARIA, Venice, Italy, 9–13 October 2016; pp. 35–40. [Google Scholar]
- Azhar, M.; Barton, T.E.A. Forensic analysis of secure ephemeral messaging applications on android platforms. In Proceedings of the International Conference on Global Security, Safety, and Sustainability; Springer: Berlin/Heidelberg, Germany, 2017; pp. 27–41. [Google Scholar]
- Chang, M.S.; Chang, C.Y. Forensic analysis of LINE messenger on android. J. Comput. 2018, 29, 11–20. [Google Scholar]
- Al-Rawashdeh, A.M.; Al-Sharif, Z.A.; Al-Saleh, M.I.; Shatnawi, A.S. A post-mortem forensic approach for the kik messenger on android. In Proceedings of the 2020 11th International Conference on Information and Communication Systems (ICICS), Irbid, Jordan, 7–9 April 2020; pp. 079–084. [Google Scholar]
- Satrya, G.B.; Daely, P.T.; Shin, S.Y. Android forensics analysis: Private chat on social messenger. In Proceedings of the 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN), Vienna, Austria, 5–8 July 2016; pp. 430–435. [Google Scholar]
- Satrya, G.B.; Nugroho, M.A. Digital forensics study of internet messenger: Line artifact analysis in Android OS. In Proceedings of the 2016 International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC), Bandung, Indonesia, 13–15 September 2016; pp. 23–29. [Google Scholar]
- Norouzizadeh Dezfouli, F.; Dehghantanha, A.; Eterovic-Soric, B.; Choo, K.K.R. Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms. Aust. J. Forensic Sci. 2016, 48, 469–488. [Google Scholar] [CrossRef]
- Walnycky, D.; Baggili, I.; Marrington, A.; Moore, J.; Breitinger, F. Network and device forensic analysis of android social-messaging applications. Digit. Investig. 2015, 14, S77–S84. [Google Scholar] [CrossRef]
- Sudozai, M.; Saleem, S.; Buchanan, W.J.; Habib, N.; Zia, H. Forensics study of IMO call and chat app. Digit. Investig. 2018, 25, 5–23. [Google Scholar] [CrossRef]
- Zhang, H.; Chen, L.; Liu, Q. Digital forensic analysis of instant messaging applications on android smartphones. In Proceedings of the 2018 International Conference on Computing, Networking and Communications (ICNC), Maui, HI, USA, 5–8 March 2018; pp. 647–651. [Google Scholar]
- Nicoletti, M.; Bernaschi, M. Forensic analysis of Microsoft Skype for Business. Digit. Investig. 2019, 29, 159–179. [Google Scholar] [CrossRef]
- Mahajan, A.; Dahiya, M.; Sanghvi, H.P. Forensic analysis of instant messenger applications on android devices. arXiv 2013, arXiv:1304.4915. [Google Scholar] [CrossRef]
- Riadi, I. Forensic investigation technique on android’s blackberry messenger using nist framework. Int. J. Cyber-Secur. Digit. Forensics 2017, 6, 198–206. [Google Scholar] [CrossRef]
- Alyahya, T.; Kausar, F. Snapchat analysis to discover digital forensic artifacts on android smartphone. Procedia Comput. Sci. 2017, 109, 1035–1040. [Google Scholar] [CrossRef]
- Azfar, A.; Choo, K.K.R.; Liu, L. Forensic taxonomy of android social apps. J. Forensic Sci. 2017, 62, 435–456. [Google Scholar] [CrossRef] [PubMed]
- Ashawa, M.; Ogwuche, I. Forensic data extraction and analysis of left artifacts on emulated android phones: A case study of instant messaging applications. Seizure 2017, 19, 16. [Google Scholar] [CrossRef]
- Riadi, I.; Yudhana, A.; Putra, M.C.F. Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method. Sci. J. Inform. 2018, 5, 235–247. [Google Scholar] [CrossRef]
- Tri, M.K.; Riadi, I.; Prayudi, Y. Forensics acquisition and analysis method of imo messenger. Int. J. Comput. Appl. 2018, 179, 9–14. [Google Scholar]
- Alisabeth, C.; Pramadi, Y.R. Forensic analysis of instagram on android. In Proceedings of the IOP Conference Series: Materials Science and Engineering; IOP Publishing: Bristol, UK, 2020; Volume 1007, p. 012116. [Google Scholar]
- Akinbi, A.; Ojie, E. Forensic analysis of open-source XMPP/Jabber multi-client instant messaging apps on Android smartphones. SN Appl. Sci. 2021, 3, 1–14. [Google Scholar] [CrossRef]
- Hermawan, T.; Suryanto, Y.; Alief, F.; Roselina, L. Android forensic tools analysis for unsend chat on social media. In Proceedings of the 2020 3rd International Seminar on Research of Information Technology and Intelligent Systems (ISRITI), Yogyakarta, Indonesia, 10–11 December 2020; pp. 233–238. [Google Scholar]
- Ardiningtias, S.R. A Comparative Analysis of Digital Forensic Investigation Tools on Facebook Messenger Applications. J. Cyber Secur. Mobil. 2022, 11, 655–672. [Google Scholar]
- Yasin, M.; Kausar, F.; Aleisa, E.; Kim, J. Correlating messages from multiple IM networks to identify digital forensic artifacts. Electron. Commer. Res. 2014, 14, 369–387. [Google Scholar] [CrossRef]
- Chang, M.; Chang, C.Y. Twitter social network forensics on Windows 10. Int. J. Innov. Sci. Eng. Technol. 2016, 3, 55–60. [Google Scholar]
- Chang, M.S.; Chang, C.Y. Line messenger forensics on windows 10. J. Comput. 2019, 30, 114–125. [Google Scholar]
- Bashir, S.; Abbas, H.; Shafqat, N.; Iqbal, W.; Saleem, K. Forensic Analysis of LinkedIn’s Desktop Application on Windows 10 OS. In Proceedings of the 16th International Conference on Information Technology-New Generations (ITNG 2019); Springer: Berlin/Heidelberg, Germany, 2019; pp. 57–62. [Google Scholar]
- Yang, T.Y.; Dehghantanha, A.; Choo, K.K.R.; Muda, Z. Windows instant messaging app forensics: Facebook and Skype as case studies. PLoS ONE 2016, 11, e0150300. [Google Scholar] [CrossRef]
- Mahr, A.; Cichon, M.; Mateo, S.; Grajeda, C.; Baggili, I. Zooming into the pandemic! A forensic analysis of the Zoom Application. Forensic Sci. Int. Digit. Investig. 2021, 36, 301107. [Google Scholar] [CrossRef]
- Khalid, Z.; Iqbal, F.; Kamoun, F.; Hussain, M.; Khan, L.A. Forensic Analysis of the Cisco WebEx Application. In Proceedings of the 2021 5th Cyber Security in Networking Conference (CSNet), Abu Dhabi, United Arab Emirates, 12–14 October 2021; pp. 90–97. [Google Scholar]
- Le-Khac, N.A.; Sgaras, C.; Kechadi, T. Forensic acquisition and analysis of Tango VoIP. In Proceedings of the International Conference on Challenges in IT, Engineering and Technology (ICCIET 2014), Phuket, Thailand, 17–18 July 2014. [Google Scholar]
- Shortall, A.; Azhar, M.H.B. Forensic acquisitions of WhatsApp data on popular mobile platforms. In Proceedings of the 2015 Sixth International Conference on Emerging Security Technologies (EST), Braunschweig, Germany, 3–5 September 2015; pp. 13–17. [Google Scholar]
- Awan, F.A. Forensic examination of social networking applications on smartphones. In Proceedings of the 2015 Conference on Information Assurance and Cyber Security (CIACS), Rawalpindi, Pakistan, 18 December 2015; pp. 36–43. [Google Scholar]
- Aji, M.P.; Riadi, I.; Lutfhi, A. The digital forensic analysis of snapchat application using XML records. J. Theor. Appl. Inf. Technol. 2017, 95. [Google Scholar]
- Keim, Y.; Hutchinson, S.; Shrivastava, A.; Karabiyik, U. Forensic Analysis of TikTok Alternatives on Android and iOS Devices: Byte, Dubsmash, and Triller. Electronics 2022, 11, 2972. [Google Scholar] [CrossRef]
- Bowling, H.; Seigfried-Spellar, K.; Karabiyik, U.; Rogers, M. We are meeting on Microsoft Teams: Forensic analysis in Windows, Android, and iOS operating systems. J. Forensic Sci. 2023, 68, 434–460. [Google Scholar] [CrossRef]
- Azab, A.; Watters, P.; Layton, R. Characterising network traffic for skype forensics. In Proceedings of the 2012 Third Cybercrime and Trustworthy Computing Workshop, Ballarat, Australia, 29–30 October 2012; pp. 19–27. [Google Scholar]
- Karpisek, F.; Baggili, I.; Breitinger, F. WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages. Digit. Investig. 2015, 15, 110–118. [Google Scholar] [CrossRef]
- Yusoff, M.N.; Dehghantanha, A.; Mahmod, R. Network Traffic Forensics on Firefox Mobile OS: Facebook, Twitter, and Telegram as Case Studies. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications; Elsevier: Amsterdam, The Netherlands, 2017; pp. 63–78. [Google Scholar]
- Bhatt, A.J.; Gupta, C.; Mittal, S. Network forensics analysis of iOS social networking and messaging Apps. In Proceedings of the 2018 Eleventh International Conference on Contemporary Computing (IC3), Noida, India, 2–4 August 2018; pp. 1–6. [Google Scholar]
- Cents, R.; Le-Khac, N.A. Towards a New Approach to Identify WhatsApp Messages. In Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 December–1 January 2020; pp. 1895–1902. [Google Scholar]
- Afzal, A.; Hussain, M.; Saleem, S.; Shahzad, M.K.; Ho, A.T.; Jung, K.H. Encrypted Network Traffic Analysis of Secure Instant Messaging Application: A Case Study of Signal Messenger App. Appl. Sci. 2021, 11, 7789. [Google Scholar] [CrossRef]
- Simon, M.; Slay, J. Recovery of skype application activity data from physical memory. In Proceedings of the 2010 International Conference on Availability, Reliability and Security, Krakow, Poland, 15–18 February 2010; pp. 283–288. [Google Scholar]
- Chu, H.C.; Deng, D.J.; Park, J.H. Live data mining concerning social networking forensics based on a facebook session through aggregation of social data. IEEE J. Sel. Areas Commun. 2011, 29, 1368–1376. [Google Scholar] [CrossRef]
- Chu, H.C.; Yang, S.W.; Wang, S.J.; Park, J.H. The partial digital evidence disclosure in respect to the instant messaging embedded in viber application regarding an android smart phone. In Information Technology Convergence, Secure and Trust Computing, and Data Management; Springer: Berlin/Heidelberg, Germany, 2012; pp. 171–178. [Google Scholar]
- Sgaras, C.; Kechadi, M.; Le-Khac, N.A. Forensics acquisition and analysis of instant messaging and VoIP applications. In Computational Forensics; Springer: Berlin/Heidelberg, Germany, 2012; pp. 188–199. [Google Scholar]
- Chu, H.C.; Lo, C.H.; Chao, H.C. The disclosure of an Android smartphone’s digital footprint respecting the Instant Messaging utilizing Skype and MSN. Electron. Commer. Res. 2013, 13, 399–410. [Google Scholar] [CrossRef]
- Zhou, F.; Yang, Y.; Ding, Z.; Sun, G. Dump and analysis of android volatile memory on wechat. In Proceedings of the 2015 IEEE International Conference on Communications (ICC), London, UK, 8–12 June 2015; pp. 7151–7156. [Google Scholar]
- Nisioti, A.; Mylonas, A.; Katos, V.; Yoo, P.D.; Chryssanthou, A. You can run but you cannot hide from memory: Extracting IM evidence of Android apps. In Proceedings of the 2017 IEEE Symposium on Computers and Communications (ISCC), Heraklion, Crete, Greece, 3–6 July 2017; pp. 457–464. [Google Scholar]
- Kazim, A.; Almaeeni, F.; Al Ali, S.; Iqbal, F.; Al-Hussaeni, K. Memory forensics: Recovering chat messages and encryption master key. In Proceedings of the 2019 10th International Conference on Information and Communication Systems (ICICS), Irbid, Jordan, 11–13 June 2019; pp. 58–64. [Google Scholar]
- Riadi, I.; Sunardi, S.; Rauli, M.E. Live forensics analysis of line app on proprietary operating system. Kinetik Game Technol. Inf. Syst. Comput. Netw. Comput. Electron. Control 2019, 4, 305–314. [Google Scholar] [CrossRef]
- Davis, M.; McInnes, B.; Ahmed, I. Forensic investigation of instant messaging services on linux OS: Discord and Slack as case studies. Forensic Sci. Int. Digit. Investig. 2022, 42, 301401. [Google Scholar] [CrossRef]
- Kiley, M.; Dankner, S.; Rogers, M. Forensic analysis of volatile instant messaging. In Proceedings of the IFIP International Conference on Digital Forensics; Springer: Berlin/Heidelberg, Germany, 2008; pp. 129–138. [Google Scholar]
- Husain, M.I.; Sridhar, R. iForensics: Forensic analysis of instant messaging on smart phones. In Proceedings of the International Conference on Digital Forensics and Cyber Crime; Springer: Berlin/Heidelberg, Germany, 2009; pp. 9–18. [Google Scholar]
- Al Mutawa, N.; Al Awadhi, I.; Baggili, I.; Marrington, A. Forensic artifacts of Facebook’s instant messaging service. In Proceedings of the 2011 International Conference for Internet Technology and Secured Transactions, Abu Dhabi, United Arab Emirates, 11–14 December 2011; pp. 771–776. [Google Scholar]
- Baca, M.; Cosic, J.; Cosic, Z. Forensic analysis of social networks (case study). In Proceedings of the ITI 2013 35th International Conference on Information Technology Interfaces, Dubrovnik, Croatia, 24–27 June 2013; pp. 219–223. [Google Scholar]
- Actoriano, B.; Riadi, I. Forensic Investigation on WhatsApp Web Using Framework Integrated Digital Forensic Investigation Framework Version 2. Int. J. Cyber-Secur. Digit. Forensics (IJCSDF) 2018, 7, 410–419. [Google Scholar]
- Cloyd, T.; Osborn, T.; Ellingboe, B.; Glisson, W.B.; Choo, K.K.R. Browser analysis of residual facebook data. In Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), New York, NY, USA, 1–3 August 2018; pp. 1440–1445. [Google Scholar]
- Horsman, G. ACPO principles for digital evidence: Time for an update? Forensic Sci. Int. Rep. 2020, 2, 100076. [Google Scholar] [CrossRef]
- Paligu, F.; Varol, C. Browser forensic investigations of whatsapp web utilizing indexeddb persistent storage. Future Internet 2020, 12, 184. [Google Scholar] [CrossRef]
- Chang, M.S.; Yen, C.P. LinkedIn Social Media Forensics on Windows 10. Int. J. Netw. Secur. 2020, 22, 321–330. [Google Scholar]
- Pandela, T.; Riadi, I. Browser forensics on web-based tiktok applications. Int. J. Comput. Appl. 2020, 175, 47–52. [Google Scholar] [CrossRef]
- Gupta, K.; Varol, C.; Zhou, B. Digital forensic analysis of discord on google chrome. Forensic Sci. Int. Digit. Investig. 2023, 44, 301479. [Google Scholar] [CrossRef]
- Cusack, B.; Alshaifi, S. Mining Social Networking Sites for Digital Evidence. In Proceedings of the 13th Australian Digital Forensics Conference, Perth, WA, Australia, 30 November–2 December 2015; pp. 15–21. [Google Scholar]
- Chang, M.S. Evidence gathering of instagram on windows 10. Int. J. Innov. Sci. Eng. Technol. 2016, 3. [Google Scholar]
- Chang, M.S.; Yen, C.P. Forensic Analysis of Social Networks Based on Instagram. Int. J. Netw. Secur. 2019, 21, 850–860. [Google Scholar]
- Al-Duwairi, B.; Shatnawi, A.S.; Jaradat, H.; Al-Musa, A.; Al-Awadat, H. On the Digital Forensics of Social Networking Web-based Applications. In Proceedings of the 2022 10th International Symposium on Digital Forensics and Security (ISDFS), Istanbul, Turkey, 6–7 June 2022; pp. 1–6. [Google Scholar]
- Iqbal, F.; Khalid, Z.; Marrington, A.; Shah, B.; Hung, P.C. Forensic investigation of Google Meet for memory and browser artifacts. Forensic Sci. Int. Digit. Investig. 2022, 43, 301448. [Google Scholar] [CrossRef]
- Idowu, S.; Dominic, E.D.; Okolie, S.; Goga, N. Security vulnerabilities of skype application artifacts: A digital forensic approach. Int. J. Appl. Inf. Syst 2019, 12, 5–10. [Google Scholar]
- Iqbal, A.; Alobaidli, H.; Almarzooqi, A.; Jones, A. LINE IM app forensic analysis. In Proceedings of the 12th International Conference on High-Capacity Optical Networks and Enabling/Emerging Technologies (HONET-ICT 2015), Islamabad, Pakistan, 21–23 December 2015. [Google Scholar]
- Kara, İ. Digital forensic analysis of discord mobile application on android based smartphones. Acta Infol. 2022, 6, 189–198. [Google Scholar] [CrossRef]
- Khoa, N.H.; Duy, P.T.; Do Hoang, H.; Pham, V.H. Forensic analysis of tiktok application to seek digital artifacts on android smartphone. In Proceedings of the 2020 RIVF International Conference on Computing and Communication Technologies (RIVF), Ho Chi Minh City, Vietnam, 14–15 October 2020; pp. 1–5. [Google Scholar]
- Domingues, P.; Nogueira, R.; Francisco, J.C.; Frade, M. Post-mortem digital forensic artifacts of TikTok Android App. In Proceedings of the 15th International Conference on Availability, Reliability and Security (ARES), Virtual, 25–28 August 2020; pp. 1–42. [Google Scholar]
- Agrawal, A.K.; Sharma, A.; Khatri, P. Digital forensic analysis of Facebook app in virtual environment. In Proceedings of the 2019 6th International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India, 13–15 March 2019; pp. 660–664. [Google Scholar]
- Ntonja, M.; Ashawa, M. Examining artifacts generated by setting Facebook Messenger as a default SMS application on Android: Implication for personal data privacy. Secur. Priv. 2020, 3, e128. [Google Scholar] [CrossRef]
- Yudhana, A.; Riadi, I.; Anshori, I. Identification of Digital Evidence Facebook Messenger on Mobile Phone With National Institute of Standards Technology (Nist) Method. J. Ilm. Kursor 2018, 9. [Google Scholar] [CrossRef]
- Pambayun, S.; Riadi, I. Investigation on instagram android-based using digital forensics research workshop framework. Int. J. Comput. Appl. 2020, 175, 15–21. [Google Scholar] [CrossRef]
- Kumar, S.T.; Karabiyik, U. Instagram Forensic Analysis Revisited: Does anything really vanish? In Proceedings of the 2021 International Symposium on Networks, Computers and Communications (ISNCC), Dubai, United Arab Emirates, 31 October–2 November 2021; pp. 1–6. [Google Scholar]
- Ichsan, A.N.; Riadi, I. Mobile Forensic on Android-Based IMO Messenger Services Using Digital Forensic Research Workshop (DFRWS) Method. Int. J. Comput. Appl. 2021, 174, 34–40. [Google Scholar] [CrossRef]
- Mehrotra, T.; Mehtre, B. Forensic analysis of Wickr application on android devices. In Proceedings of the 2013 IEEE International Conference on Computational Intelligence and Computing Research, Madurai, India, 26–28 December 2013; pp. 1–6. [Google Scholar]
- AlZahrani, A.; Wani, M.A.; Bhat, W.A. Forensic analysis of Twitch video streaming activities on Android. J. Forensic Sci. 2021, 66, 1721–1741. [Google Scholar] [CrossRef]
- Akbal, E.; Baloglu, I.; Tuncer, T.; Dogan, S. Forensic analysis of BiP Messenger on android smartphones. Aust. J. Forensic Sci. 2020, 52, 590–609. [Google Scholar] [CrossRef]
- Manna, F.; Agrawal, A.K. Forensic Analysis of Blue Talk (Random Chat). In Artificial Intelligence and Communication Technologies; Soft Computing Research Society: New Delhi, India, 2023; pp. 83–89. [Google Scholar]
- Irawan, T.; Riadi, I. Mobile Forensic Signal Instant Messenger Services in Case of Web Phishing using National Institute of Standards and Technology Method. Int. J. Comput. Appl. 2022, 184, 30–40. [Google Scholar] [CrossRef]
- Prayogo, A.G.; Riadi, I. Digital Forensic Signal Instant Messages Services in Case of Cyberbullying using Digital Forensic Research Workshop Method. Int. J. Comput. Appl. 2022, 184, 21–29. [Google Scholar] [CrossRef]
- Krishnapriya, S.; Priyanka, V.; Kumar, S.S. Forensic Extraction and Analysis of Signal Application in Android Phones. In Proceedings of the 2021 International Conference on Forensics, Analytics, Big Data, Security (FABS), Bengaluru, India, 21–22 December 2021; Volume 1, pp. 1–6. [Google Scholar]
- Agrawal, V.; Tapaswi, S. Forensic analysis of Google Allo messenger on Android platform. Inf. Comput. Secur. 2019, 27, 62–80. [Google Scholar] [CrossRef]
- Azfar, A.; Choo, K.K.R.; Liu, L. An android social app forensics adversary model. In Proceedings of the 2016 49th Hawaii International Conference on System Sciences (HICSS), Koloa, HI, USA, 5–8 January 2016; pp. 5597–5606. [Google Scholar]
- Lone, A.H.; Badroo, F.A.; Chudhary, K.R.; Khalique, A. Implementation of forensic analysis procedures for whatsapp and viber android applications. Int. J. Comput. Appl. 2015, 128, 26–33. [Google Scholar]
- Dargahi, T.; Dehghantanha, A.; Conti, M. Forensics analysis of Android mobile VoIP apps. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications; Elsevier: Amsterdam, The Netherlands, 2017; pp. 7–20. [Google Scholar]
- Onovakpuri, P.E. Forensics Analysis of Skype, Viber and WhatsApp Messenger on Android Platform. Int. J. Cyber-Secur. Digit. Forensics 2018, 7, 119–132. [Google Scholar] [CrossRef]
- Rathi, K.; Karabiyik, U.; Aderibigbe, T.; Chi, H. Forensic analysis of encrypted instant messaging applications on Android. In Proceedings of the 2018 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey, 22–25 March 2018; pp. 1–6. [Google Scholar]
- Ababneh, A.; Awwad, M.A.; Al-Saleh, M.I. IMO forensics in android and windows systems. In Proceedings of the 2017 8th International Conference on Information, Intelligence, Systems & Applications (IISA), Larnaca, Cyprus, 27–30 August 2017; pp. 1–6. [Google Scholar]
- Salamh, F.E.; Karabiyik, U.; Rogers, M.K. Asynchronous forensic investigative approach to recover deleted data from instant messaging applications. In Proceedings of the 2020 International Symposium on Networks, Computers and Communications (ISNCC), Montreal, QC, Canada, 20–22 October 2020; pp. 1–6. [Google Scholar]
- Vasilaras, A.; Dosis, D.; Kotsis, M.; Rizomiliotis, P. Retrieving deleted records from Telegram. Forensic Sci. Int. Digit. Investig. 2022, 43, 301447. [Google Scholar] [CrossRef]
- Kim, G.; Park, M.; Lee, S.; Park, Y.; Lee, I.; Kim, J. A study on the decryption methods of telegram X and BBM-Enterprise databases in mobile and PC. Forensic Sci. Int. Digit. Investig. 2020, 35, 300998. [Google Scholar] [CrossRef]
- Kim, G.; Kim, S.; Park, M.; Park, Y.; Lee, I.; Kim, J. Forensic analysis of instant messaging apps: Decrypting Wickr and private text messaging data. Forensic Sci. Int. Digit. Investig. 2021, 37, 301138. [Google Scholar] [CrossRef]
- Choi, J.; Park, J.; Kim, H. Forensic analysis of the backup database file in KakaoTalk messenger. In Proceedings of the 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), Jeju Island, Republic of Korea, 13–16 February 2017; pp. 156–161. [Google Scholar]
- Choi, J.; Yu, J.; Hyun, S.; Kim, H. Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems: Case study with KakaoTalk, NateOn and QQ messenger. Digit. Investig. 2019, 28, S50–S59. [Google Scholar] [CrossRef]
- Gudipaty, L.; Jhala, K. Whatsapp forensics: Decryption of encrypted whatsapp databases on non rooted android devices. J. Inf. Technol. Softw. Eng. 2015, 5, 2. [Google Scholar]
- Anglano, C.; Canonico, M.; Guazzone, M. Forensic analysis of the ChatSecure instant messaging application on android smartphones. Digit. Investig. 2016, 19, 44–59. [Google Scholar] [CrossRef]
- Wu, S.; Zhang, Y.; Wang, X.; Xiong, X.; Du, L. Forensic analysis of WeChat on Android smartphones. Digit. Investig. 2017, 21, 3–10. [Google Scholar] [CrossRef]
- Son, J.; Kim, Y.W.; Oh, D.B.; Kim, K. Forensic analysis of instant messengers: Decrypt Signal, Wickr, and Threema. Forensic Sci. Int. Digit. Investig. 2022, 40, 301347. [Google Scholar] [CrossRef]
- Meißner, T.; Kröger, K.; Creutzburg, R. Client-side Skype forensics: An overview. Multimed. Content Mob. Devices 2013, 8667, 272–283. [Google Scholar]
- Umar, R.; Riadi, I.; Zamroni, G.M. A comparative study of forensic tools for WhatsApp analysis using NIST measurements. Int. J. Adv. Comput. Sci. Appl. 2017, 8, 69–75. [Google Scholar] [CrossRef]
- Riadi, I.; Sunardi, S.; Fauzan, A. Examination of digital evidence on android-based line messenger. Int. J. Cyber-Secur. Digit. Forensics (IJCSDF) 2018, 7, 337–343. [Google Scholar] [CrossRef]
- Raji, M.; Wimmer, H.; Haddad, R.J. Analyzing data from an android smartphone while comparing between two forensic tools. In Proceedings of the SoutheastCon 2018, St. Petersburg, FL, USA, 19–22 April 2018; pp. 1–6. [Google Scholar]
- Muflih, G.Z.; Sunardi, S.; Riadi, I.; Yudhana, A.; Azmi, H.I. Comparison of Forensic Tools on Social Media Services Using the Digital Forensic Research Workshop Method (DFRWS). JIKO (Jurnal Inform. Dan Komputer) 2023, 6. [Google Scholar] [CrossRef]
- Anglano, C.; Canonico, M.; Guazzone, M. Forensic analysis of telegram messenger on android smartphones. Digit. Investig. 2017, 23, 31–49. [Google Scholar] [CrossRef]
- Anglano, C. Forensic analysis of WhatsApp Messenger on Android smartphones. Digit. Investig. 2014, 11, 201–213. [Google Scholar] [CrossRef]
- Anglano, C.; Canonico, M.; Guazzone, M. The android forensics automator (anfora): A tool for the automated forensic analysis of android applications. Comput. Secur. 2020, 88, 101650. [Google Scholar] [CrossRef]
- Yasin, M.; Abulaish, M. DigLA—A Digsby log analysis tool to identify forensic artifacts. Digit. Investig. 2013, 9, 222–234. [Google Scholar] [CrossRef]
- Casser, T.; Ketel, M. Developing a forensics tool for social media. In Proceedings of the 2014 ACM Southeast Regional Conference, Kennesaw, GA, USA, 28–29 March 2014; pp. 1–4. [Google Scholar]
- Motyliński, M.; MacDermott, Á.; Iqbal, F.; Hussain, M.; Aleem, S. Digital forensic acquisition and analysis of discord applications. In Proceedings of the 2020 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI), Sharjah, United Arab Emirates, 3–5 November 2020; pp. 1–7. [Google Scholar]
- Barradas, D.; Brito, T.; Duarte, D.; Santos, N.; Rodrigues, L. Forensic analysis of communication records of messaging applications from physical memory. Comput. Secur. 2019, 86, 484–497. [Google Scholar] [CrossRef]
- Fernández-Álvarez, P.; Rodríguez, R.J. Extraction and analysis of retrievable memory artifacts from Windows Telegram Desktop application. Forensic Sci. Int. Digit. Investig. 2022, 40, 301342. [Google Scholar] [CrossRef]
- Thantilage, R.D.; Le Khac, N.A. Framework for the retrieval of social media and instant messaging evidence from volatile memory. In Proceedings of the 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), Rotorua, New Zealand, 5–8 August 2019; pp. 476–482. [Google Scholar]
- Yan, S.; Choo, K.K.R.; Le-Khac, N.A. Signal instant messenger forensics. In A Practical Hands-On Approach to Database Forensics; Springer: Berlin/Heidelberg, Germany, 2022; pp. 27–92. [Google Scholar]
- Kent, K.; Chevalier, S.; Grance, T.; Dang, H. Sp 800-86. Guide to Integrating Forensic Techniques into Incident Response. 2006. Available online: https://csrc.nist.gov/pubs/sp/800/86/final (accessed on 12 May 2023).
- McKemmish, R. What Is Forensic Computing? Australian Institute of Criminology Canberra: Canberra, Australia, 1999. [Google Scholar]
- Baryamureeba, V.; Tushabe, F. The enhanced digital investigation process model. In Proceedings of the Digital Forensic Research Conference, Baltimore, MD, USA, 11–13 August 2004. [Google Scholar]
- Garvey, T.; LaBerge, J.W.G. Forensic Intelligence Models: Assessment of Current Practices in the United and Internationally. Available online: https://nij.ojp.gov/library/publications/forensic-intelligence-models-assessment-current-practices-united-states-and (accessed on 12 May 2023).
- Husain, M.I.; Baggili, I.; Sridhar, R. A simple cost-effective framework for iPhone forensic analysis. In Proceedings of the Digital Forensics and Cyber Crime: Second International ICST Conference, ICDF2C 2010, Abu Dhabi, United Arab Emirates, 4–6 October 2010; Springer: Berlin/Heidelberg, Germany, 2011; pp. 27–37. [Google Scholar]
- Ruuhwan, R.; Riadi, I.; Prayudi, Y. Evaluation of integrated digital forensics investigation framework for the investigation of smartphones using soft system methodology. Int. J. Electr. Comput. Eng. 2017, 7, 2806–2817. [Google Scholar] [CrossRef]
- Inoue, H.; Adelstein, F.; Joyce, R.A. Visualization in testing a volatile memory forensic tool. Digit. Investig. 2011, 8, S42–S51. [Google Scholar] [CrossRef]
- Ghafarian, A.; Fredy, J. Investigating Instagram Privacy Through Memory Forensics. In Proceedings of the Science and Information Conference; Springer: Berlin/Heidelberg, Germany, 2023; pp. 1263–1273. [Google Scholar]
- Garcia, G.L. Forensic physical memory analysis: An overview of tools and techniques. In Proceedings of the TKK T-110.5290 Seminar on Network Security, TKK, Helsinki, Finland, 11–12 October 2007; Volume 207, pp. 305–320. [Google Scholar]
- Oberlo. Most Popular Web Browsers in 2022. Oberlo. 2022. Available online: https://www.oberlo.com/statistics/browser-market-share (accessed on 11 September 2022).
- Sikos, L.F. Packet analysis for network forensics: A comprehensive survey. Forensic Sci. Int. Digit. Investig. 2020, 32, 200892. [Google Scholar] [CrossRef]
- Montasari, R.; Hill, R.; Carpenter, V.; Montaseri, F. Digital forensic investigation of social media, acquisition and analysis of digital evidence. Int. J. Strateg. Eng. (IJoSE) 2019, 2, 52–60. [Google Scholar] [CrossRef]
- Nikkel, B.J. Generalizing sources of live network evidence. Digit. Investig. 2005, 2, 193–200. [Google Scholar] [CrossRef]
- Umrani, A.; Javed, Y.; Iftikhar, M. Network forensic analysis of Twitter application on Android OS. In Proceedings of the 2022 International Conference on Frontiers of Information Technology (FIT), Islamabad, Pakistan, 12–13 December 2022; pp. 249–254. [Google Scholar]
- Beale, J.; Orebaugh, A.; Ramirez, G. Wireshark & Ethereal Network Protocol Analyzer Toolkit; Elsevier: Amsterdam, The Netherlands, 2006. [Google Scholar]
- Sanders, C. Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems; No Starch Press: San Francisco, CA, USA, 2017. [Google Scholar]
- Clarke, N.; Li, F.; Furnell, S. A novel privacy preserving user identification approach for network traffic. Comput. Secur. 2017, 70, 335–350. [Google Scholar] [CrossRef]
- Afanasyev, M.; Kohno, T.; Ma, J.; Murphy, N.; Savage, S.; Snoeren, A.C.; Voelker, G.M. Privacy-preserving network forensics. Commun. ACM 2011, 54, 78–87. [Google Scholar] [CrossRef]
- Al Mushcab, R.; Gladyshev, P. The significance of different backup applications in retrieving social networking forensic artifacts from Android-based mobile devices. In Proceedings of the 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), Cape Town, South Africa, 15–17 November 2015; pp. 66–71. [Google Scholar]
- Hweidi, R.F.A.; Jazzar, M.; Eleyan, A.; Bejaoui, T. Forensics Investigation on Social Media Apps and Web Apps Messaging in Android Smartphone. In Proceedings of the 2023 International Conference on Smart Applications, Communications and Networking (SmartNets), Instanbul, Turkey, 25–27 July 2023; pp. 1–7. [Google Scholar]
- Makate, A.; Muduva, M.; Chaudhary, N.K.; Chiwariro, R. Setting the Tone for Sound Forensic Investigations on Android-Based Social Media Platforms. Int. J. Res. Appl. Sci. Eng. Technol. 2023, 11. [Google Scholar] [CrossRef]
- Khweiled, R.; Jazzar, M.; Eleyan, A.; Bejaoui, T. Using SQLite Structure Analysis To Retrieve Unsent Messages On WhatsApp Messaging Application. In Proceedings of the 2022 International Conference on Smart Applications, Communications and Networking (SmartNets), Palapye, Botswana, 29 November–1 December 2022; pp. 01–06. [Google Scholar]
- Kobsa, A.; Patil, S.; Meyer, B. Privacy in instant messaging: An impression management model. Behav. Inf. Technol. 2012, 31, 355–370. [Google Scholar] [CrossRef]
- Mistry, N.; Vora, S. Cloud and Social Media Forensics. In Modern Forensic Tools and Devices: Trends in Criminal Investigation; John Wiley & Sons: Hoboken, NJ, USA, 2023; pp. 41–63. [Google Scholar]
- Horsman, G. Reconstructing streamed video content: A case study on YouTube and Facebook Live stream content in the Chrome web browser cache. Digit. Investig. 2018, 26, S30–S37. [Google Scholar] [CrossRef]
- Al-Mousa, M.R.; Al-Zaqebah, Q.; Al-Ghanim, M.; Samara, G.; Al-Matarneh, S.; Asassfeh, M. Examining Digital Forensic Evidence for Android Applications. In Proceedings of the 2022 International Arab Conference on Information Technology (ACIT), Abu Dhabi, United Arab Emirates, 22–24 November 2022; pp. 1–8. [Google Scholar]
Research Objective | References |
---|---|
Artifact Analysis | [7,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125] |
Recovering deleted chats | [126,127,128] |
Decrypting databases/traffic | [40,72,83,129,130,131,132,133,134,135,136] |
Comparison of tools | [47,51,56,109,112,127,128,137,138,139,140,141] |
Artifact correlation | [67,77,134,142,143] |
Tool creation | [33,93,144,145,146,147,148,149] |
Creating a forensic taxonomy | [49,150,151] |
Database structure and analysis | [36,52,131] |
Source code analysis | [23,32,142] |
Ref | Application | Browser | VD | Tools | Artifacts | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Google Chrome | Firefox | Internet Explorer | Microsoft Edge | Acquisition | Analysis | User Information | User activities | Metadata | Password | |||
[25] | Facebook, Twitter, Google+, Telegram | × | ✓ | × | × | N | Lime | FTK Toolkit, HxD | ✓ | ✓ | ✓ | ✓ |
[58] | ✓ | × | ✓ | × | Y | N/A | Winhex, Memoryze, FTK Imager | ✓ | ✓ | × | ✓ | |
[94] | ✓ | ✓ | × | ✓ | N | Mandiant | FTK Imager | ✓ | ✓ | × | ✓ | |
[98] | ✓ | × | ✓ | × | Y | N/A | Winhex | ✓ | ✓ | × | × | |
[99] | ✓ | ✓ | ✓ | × | Y | N/A | WinHex | ✓ | ✓ | × | × | |
[100] | TikTok | ✓ | × | × | × | N | DumpIt | HxD | × | ✓ | × | × |
[101] | Google Meet | ✓ | ✓ | × | ✓ | Y | Volatility | Strings, FTK Imager | ✓ | ✓ | × | × |
[148] | Facebook, Skype, Twitter, Hangouts, WhatsApp, Telegram | ✓ | ✓ | × | ✓ | Y | N/A | Strings, grep | ✓ | ✓ | ✓ | × |
Purpose | Ref | Application | System | R | Tools | Artifacts | |
---|---|---|---|---|---|---|---|
Wireshark | Others | ||||||
Traffic characterization | [43] | IMO | Android, iOS | Y | ✓ | N/A | Chats, Calls, Ports, IP add. |
[70] | Skype | Windows | N | ✓ | Netpeeker | Logins, Calls, Codec, Port | |
[74] | Android | N | ✓ | N/A | Chats | ||
[75] | Signal | Android | N | ✓ | N/A | Chats, Media, Calls, IP add. | |
Traffic decryption | [71] | Android | N | ✓ | Pidgin | Calls, Phone no., Codec | |
Artifacts | [39] | Line | Android | Y | N | Logcat, Shark for root | Protocol, IP add. |
[40] | Telegram, Line, Kakaotalk | Android | Y | ✓ | Logcat | Timestamp, Protocol, IP add. | |
[41] | Facebook, Twitter, Google+, Linkedin | Android, iOS | N | ✓ | N/A | IP add., Domain name, Timestamp, Protocol, Certificate | |
[42] | Whatsapp, Viber, Instagram, Snapchat, Facebook | Android, iOS | N | ✓ | Network miner, Netwitness Investigator | Chats, Media, Location, Password, Server links | |
[45] | Skype | Windows | Y | N | Microsoft message analyzer, Snooper | Calls, protocol, Codec, Phone no. | |
[72] | Facebook, Twitter, Telegram | Firefox OS | N | ✓ | Network miner, Microsoft network monitor | IP add., Port, Certificate, Timestamps | |
[73] | Telegram, Viber, Snapchat, Discord, etc. | iOS | N | ✓ | Charles proxy, Burp suite, Network miner | Chats, Location, Contacts, Password |
OS | Purpose | Artifacts | Tools | |
---|---|---|---|---|
Acquisition | Analysis | |||
Windows | Artifact Recovery | User Activities [129,130,131] | Free | Free |
FTK Imager | HxD, WinHex | |||
User Information and User Activities [26,32,60,66,69,137] | Backup | Proprietary | ||
My Backup | Oxygen forensics, UFED PA | |||
User Information, User Activities, and Metadata [27,28,29,59,93,147] | Proprietary | Registry | ||
Magnet AXIOM process, UFED Touch | Regshot, Reg decoder, Registry editor | |||
Database Decryption | [129,130,131] | Ollydbg, JEB compiler, IDA Pro, Hopper | HxD | |
iOS/Mac | Artifact Recovery | User Activities [64] | Free | Free |
User Information and User Activities [21,23,24,43,65,66,67,69] | iTunes | DB Browser for SQLite, pslist editor, HxD | ||
User Information, User Activities, and Metadata [19,20,22,41,68,170] | Proprietary | Proprietary | ||
Cellebrite UFED, UFED Touch | Magnet AXIOM examine, UFED PA | |||
Database Decryption | [35,37,39,127] | Ollydbg, JEB compiler, IDA Pro, Hopper | HxD | |
Android (rooted) | Artifact Recovery | User Activities [35,37,39,127] | Free | Free |
User Information, and User Activities [24,34,68,102,103,106,107,116,117,118,125,138,142] | ADB, My Backup Pro, Titanium backup, Helium backup | HxD, WinHex, DB Browser for SQLite | ||
Proprietary | Proprietary | |||
User Information, User Activities, and Metadata [27,43,66,88,104,105,108,109,110,112,114,115,119,120,128,139,140,170] | Magnet Axiom Process, Magnet Acquire, MOBILedit forensic, UFED Touch, UFED 4PC, XRY | Oxygen forensics, Magnet Axiom examine, UFED PA | ||
Database Decryption | [39,134,135,136] | Ollydbg, JEB compiler, IDA Pro, Dex2jar | HxD | |
Android (non-rooted) | Artifact Recovery | User Activities [42,52,55,64] | Proprietary | Free |
User Information and User Activities [41,48,53,65,67,144] | Cellebrite UFED, Oxygen forensics, MOBILedit forensics, Magnet AXIOM process, Wondershare Dr.Fone, XRY | DB Browser for SQLite, SQLite Viewer, Autopsy, AccessData FTK, HxD | ||
User Information, User Activities, and Metadata [36,47,49,50,51,54,56,143] | Proprietary | |||
Magnet AXIOM examine, Belkasoft evidence centre, UFED PA |
Ref | Application | Browser | VD | Tools | Artifacts | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Google Chrome | Firefox | Internet Explorer | Microsoft Edge | Microsoft Edge | Acquisition | Analysis | User Information | User activities | Metadata | Password | |||
[86] | AIM, Meebo, E-buddy, Google Talk | × | × | ✓ | × | × | N | FTK Imager | FTK Toolkit | ✓ | ✓ | ✓ | × |
[87] | AIM, Yahoo, Google Talk | × | × | × | × | ✓ | N | iTunes | DB Browser for SQLite, MobileSyncBrowser | ✓ | × | ✓ | ✓ |
[88] | ✓ | ✓ | ✓ | × | × | N | Encase | Encase | ✓ | ✓ | ✓ | × | |
[89] | × | × | ✓ | × | × | Y | N/A | Internet Evidence Finder | × | ✓ | ✓ | × | |
[90] | ✓ | × | × | × | × | N | FTK Imager | DB Browser for SQLite | ✓ | × | ✓ | × | |
[91] | ✓ | ✓ | ✓ | × | × | N | N/A | FTK Toolkit | ✓ | ✓ | × | × | |
[93] | ✓ | × | × | × | × | N | N/A | BrowSwEx | × | ✓ | ✓ | × | |
[94] | ✓ | ✓ | × | ✓ | × | N | FTK Imager | FTK Imager | ✓ | ✓ | × | × | |
[95] | TikTok | ✓ | × | × | × | × | N | FTK Imager | FTK Imager, VideoCacheView, Browser History Capture | ✓ | ✓ | × | × |
[96] | Discord | ✓ | × | × | × | × | N | N/A | DB Browser for SQLite, ChromeCacheView, HxD | ✓ | ✓ | ✓ | × |
[98] | ✓ | × | ✓ | × | × | Y | N/A | DB Browser for SQLite, WinHex | ✓ | ✓ | ✓ | × | |
[99] | ✓ | ✓ | ✓ | × | × | Y | N/A | DB Browser for SQLite, WinHex | ✓ | ✓ | × | × | |
[100] | TikTok | ✓ | × | × | × | × | N | N/A | DB Browser for SQLite, History examiner, HxD, VideoCacheViewer | ✓ | ✓ | × | × |
[101] | Google Meet | ✓ | ✓ | × | ✓ | × | Y | FTK Imager | ChromeCacheView, ChromeCookiesView, DB Browser for SQLite, Autopsy | ✓ | ✓ | ✓ | × |
[176] | Youtube, Facebook | ✓ | × | × | × | × | N | N/A | ChromeCacheView, X-ways | × | ✓ | × | × |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Gupta, K.; Oladimeji, D.; Varol, C.; Rasheed, A.; Shahshidhar, N. A Comprehensive Survey on Artifact Recovery from Social Media Platforms: Approaches and Future Research Directions. Information 2023, 14, 629. https://doi.org/10.3390/info14120629
Gupta K, Oladimeji D, Varol C, Rasheed A, Shahshidhar N. A Comprehensive Survey on Artifact Recovery from Social Media Platforms: Approaches and Future Research Directions. Information. 2023; 14(12):629. https://doi.org/10.3390/info14120629
Chicago/Turabian StyleGupta, Khushi, Damilola Oladimeji, Cihan Varol, Amar Rasheed, and Narasimha Shahshidhar. 2023. "A Comprehensive Survey on Artifact Recovery from Social Media Platforms: Approaches and Future Research Directions" Information 14, no. 12: 629. https://doi.org/10.3390/info14120629