Forensic analysis of iOS binary cookie files.
Uloženo v:
| Název: | Forensic analysis of iOS binary cookie files. |
|---|---|
| Autoři: | Studiawan H; Department of Informatics, Institut Teknologi Sepuluh Nopember, Surabaya, Indonesia. |
| Zdroj: | Journal of forensic sciences [J Forensic Sci] 2024 May; Vol. 69 (3), pp. 1075-1087. Date of Electronic Publication: 2024 Mar 05. |
| Způsob vydávání: | Journal Article |
| Jazyk: | English |
| Informace o časopise: | Publisher: Blackwell Pub Country of Publication: United States NLM ID: 0375370 Publication Model: Print-Electronic Cited Medium: Internet ISSN: 1556-4029 (Electronic) Linking ISSN: 00221198 NLM ISO Abbreviation: J Forensic Sci Subsets: MEDLINE |
| Imprint Name(s): | Publication: 2006- : Malden, MA : Blackwell Pub. Original Publication: [Chicago, Ill.] : Callaghan and Co., 1956- |
| Výrazy ze slovníku MeSH: | Forensic Sciences*/methods , Smartphone*, Humans ; Mobile Applications ; Information Storage and Retrieval ; Software |
| Abstrakt: | iPhone operating system (iOS) devices utilize binary cookies as a data storage tool, encoding user-specific information within an often-neglected element of smartphone analysis. This binary format contains details such as cookie flags, expiration, and creation dates, domain, and value of the cookie. These data are invaluable for forensic investigations. This study presents a comprehensive methodology to decode and extract valuable data from these files, enhancing the ability to recover user activity information from iOS devices. This paper provides an in-depth forensic investigation into the structure and function of iOS binary cookie files. Our proposed forensic technique includes a combination of reverse engineering and custom-built Python scripts to decode the binary structure. The results of our research demonstrate that these cookie files can reveal an array of important digital traces, including user preferences, visited websites, and timestamps of online activities. It concludes that the forensic analysis of iOS binary cookie files can be a tool for forensic investigators and cybersecurity professionals. In the rapidly evolving domain of digital forensics, this research contributes to our understanding of less-explored data sources within iOS devices and their potential value in investigative contexts. (© 2024 American Academy of Forensic Sciences.) |
| References: | Kastrenakes J. Apple says there are now over 1 billion active iPhones. 2021. cited 2024 Feb 16. Available from https://www.theverge.com/2021/1/27/22253162/iphone‐users‐total‐number‐billion‐apple‐tim‐cook‐q1‐2021. Bowling H, Seigfried‐Spellar K, Karabiyik U, Rogers M. We are meeting on Microsoft teams: forensic analysis in windows, android, and iOS operating systems. J Forensic Sci. 2023;68(2):434–460. https://doi.org/10.1111/1556‐4029.15208. Moussa AF. Electronic evidence and its authenticity in forensic evidence. Egypt J Forensic Sci. 2021;11(1):20. https://doi.org/10.1186/s41935‐021‐00234‐6. Rieck K, Trinius P, Willems C, Holz T. Automatic analysis of malware behavior using machine learning. J Comput Secur. 2011;19(4):639–668. https://doi.org/10.3233/JCS‐2010‐0410. Ge L, Wang L. Decryption and forensic system for encrypted iPhone backup files based on parallel random search. In: Niu W, Li G, Liu J, Tan J, Guo L, Han Z, et al., editors. Proceedings Of The International Conference On Applications And Techniques In Information Security; 2015 Nov 4–6; Beijing, China. Berlin, Germany: Springer Berlin Heidelberg; 2015. p. 347–358. https://doi.org/10.1007/978‐3‐662‐48683‐2_31. Hughes K, Papadopoulos P, Pitropakis N, Smales A, Ahmad J, Buchanan WJ. Browsers' private mode: is it what we were promised? Comput Secur. 2021;10(12):165. https://doi.org/10.3390/computers10120165. Flowers C, Mansour A, Al‐Khateeb HM. Web browser artefacts in private and portable modes: a forensic investigation. Int J Electron Secur. 2016;8(2):99–117. https://doi.org/10.1504/IJESDF.2016.075583. Montasari R, Peltola P. Computer forensic analysis of private browsing modes. In: Jahankhani H, Carlile A, Akhgar B, Taal A, Hessami A, Hosseinian‐Far A, editors. Proceedings Of The 10th International Conference On Global Security, Safety And Sustainability: Tomorrow's Challenges Of Cyber Security; 15–17; London, U.K. Cham, Switzerland: Springer Cham; 2015. p. 96–109. https://doi.org/10.1007/978‐3‐319‐23276‐8_9. Ghafarian A, Seno SAH. Analysis of privacy of private browsing mode through memory forensics. Int J Comput Appl. 2015;132(16):27–34. https://doi.org/10.5120/ijca2015907693. Paligu F, Kumar A, Cho H, Varol C. BrowStExPlus: a tool to aggregate indexed DB artifacts for forensic analysis. J Forensic Sci. 2019;64(5):1370–1378. https://doi.org/10.1111/1556‐4029.14043. Cui W, Kannan J, Wang HJ. Discoverer: automatic protocol reverse engineering from network traces. proceedings of the 16th Usenix Security Symposium; 2007 Aug 6–7; Boston, Ma. Berkeley, CA: USENIX Association; 2007. p. 1–14. Caballero J, Poosankam P, Kreibich C, Song D. Dispatcher: enabling active botnet infiltration using automatic protocol reverse‐engineering. proceedings of the 16th Acm Conference On Computer And Communications Security; 2009 Nov 9–13; Chicago, Il. New York, NY: Association for Computing Machinery; 2009. p. 621–634. https://doi.org/10.1145/1653662.1653737. Gomer R, Rodrigues EM, Milic‐Frayling N, Schraefel M. Network analysis of third party tracking: user exposure to tracking cookies through search. Proceedings of the IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT); 2013 Nov 17–20; Atlanta, GA. Washington, DC: IEEE Computer Society; 2013. p. 549–556. https://doi.org/10.1109/WI‐IAT.2013.77. Englehardt S, Narayanan A. Online tracking: a 1‐million‐site measurement and analysis. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security; 2016 Oct 24–28; Vienna, Austria. New York, NY: Association for Computing Machinery; 2016. p. 1388–1401. https://doi.org/10.1145/2976749.2978313. Fouad I, Santos C, Al Kassar F, Bielova N, Calzavara S. On compliance of cookie purposes with the purpose specification principle. Proceedings of the IEEE European Symposium on Security and Privacy Workshops (EuroS & PW); 2020 Sep 7–11; online event. Washington, DC: IEEE Computer Society; 2020. p. 326–333. https://doi.org/10.1109/EuroSPW51379.2020.00051. Pantelic O, Jovic K, Krstovic S. Cookies implementation analysis and the impact on user privacy regarding GDPR and CCPA regulations. Sustain For. 2022;14(9):5015. https://doi.org/10.3390/su14095015. Watson S. Drone forensics dataset. 2020. https://www.vtolabs.com/drone‐forensics Accessed 16 Feb 2024. Studiawan H, Grispos G, Choo KKR. Unmanned aerial vehicle (UAV) forensics: the good, the bad, and the unaddressed. Comput Secur. 2023;132:103340. https://doi.org/10.1016/j.cose.2023.103340. Hickman J. iOS 13.3.1 image. 2020. cited 2024 Feb 16 Available from: https://downloads.digitalcorpora.org/corpora/mobile/ios_13_3_1/. Hickman J. iOS 13.4.1 image. 2020. cited 2024 Feb 16 Available from: https://downloads.digitalcorpora.org/corpora/mobile/ios_13_4_1/. Hickman J. iOS 14.3 image. 2021. cited 2024 Feb 16 Available from: https://app.mediafire.com/msab0viiy9ymm. Hickman J. iOS 15.3.1 image. 2023. cited 2024 Feb 16 Available from: https://downloads.digitalcorpora.org/corpora/mobile/android_13/ios_15_3_1/. Studiawan H, Ahmad T, Santoso BJ, Pratomo BA. Forensic timeline analysis of iOS devices. Proceedings of the international conference on engineering and emerging technologies; 2022 Oct 27–28; Kuala Lumpur, Malaysia. Washington, DC: IEEE Computer Society; 2022. p. 1–5. https://doi.org/10.1109/ICEET56468.2022.10007150. |
| Grant Information: | Institut Teknologi Sepuluh Nopember |
| Contributed Indexing: | Keywords: binary cookie; forensic analysis; iOS device; reverse engineering |
| Entry Date(s): | Date Created: 20240305 Date Completed: 20240425 Latest Revision: 20240425 |
| Update Code: | 20250114 |
| DOI: | 10.1111/1556-4029.15499 |
| PMID: | 38443323 |
| Databáze: | MEDLINE |
Full Text Finder 
Nájsť tento článok vo Web of Science | Abstrakt: | iPhone operating system (iOS) devices utilize binary cookies as a data storage tool, encoding user-specific information within an often-neglected element of smartphone analysis. This binary format contains details such as cookie flags, expiration, and creation dates, domain, and value of the cookie. These data are invaluable for forensic investigations. This study presents a comprehensive methodology to decode and extract valuable data from these files, enhancing the ability to recover user activity information from iOS devices. This paper provides an in-depth forensic investigation into the structure and function of iOS binary cookie files. Our proposed forensic technique includes a combination of reverse engineering and custom-built Python scripts to decode the binary structure. The results of our research demonstrate that these cookie files can reveal an array of important digital traces, including user preferences, visited websites, and timestamps of online activities. It concludes that the forensic analysis of iOS binary cookie files can be a tool for forensic investigators and cybersecurity professionals. In the rapidly evolving domain of digital forensics, this research contributes to our understanding of less-explored data sources within iOS devices and their potential value in investigative contexts.<br /> (© 2024 American Academy of Forensic Sciences.) |
|---|---|
| ISSN: | 1556-4029 |
| DOI: | 10.1111/1556-4029.15499 |