The week's pick
Reseach Article
Security Vulnerabilities of Skype Application Artifacts: A Digital Forensic Approach
| International Journal of Applied Information Systems |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 12 - Number 18 |
| Year of Publication: 2019 |
| Authors: S. Idowu, Ehiwe D. Dominic, S. O. Okolie, N. Goga |
10.5120/ijais2019451784
|
S. Idowu, Ehiwe D. Dominic, S. O. Okolie, N. Goga . Security Vulnerabilities of Skype Application Artifacts: A Digital Forensic Approach. International Journal of Applied Information Systems. 12, 18 ( January 2019), 5-10. DOI=10.5120/ijais2019451784
Abstract
Social network platforms and apps have gained popularity partly because of the ease by which users are able to sign up on the platform. This is in addition to the open source nature of majority of these software applications. By making use of these social network platforms and applications, users consent to the disclosure of information that may be used to recreate their profile, to reconstruct events that have taken place, and provide most times geo-location information that can be used to track or trace participants. In this study, presentation of the potential security vulnerabilities that can be associated with the digital artifacts harvested from Skype, a social network app in use by millions of subscribers worldwide is made. The study methodology involved set up of a forensic workstation for the acquisition and examination of the digital artifacts obtained from Skype application installed on a test Infinix HotNote Smartphone running Android OS version 5.5 that was utilized for this study. Following the National Institute of Science & Technology (NIST) guideline, the chain-of-custody of the performed activities was documentation. A key finding of this study indicates the acquired and examined stored user data and other metadata information are stored in plain and clear text formats. The security implication for this is significant as the ease or potential for a cyber-criminal activity becomes heightened. Therefore, the implementation of a robust and secure data encryption standard for protecting stored user records is recommended. While there are different types of encryption algorithms that may be utilized for achieving user security and privacy requirements, the decision to enforce any of the known standards can be taken following global application security standards for implementing security of software applications.
References
- Al Muttawa, N., Al Awadhi, I., Baggili, I., & Marrington, A. ” Forensic artifacts of Facebook’s instant messaging service”, Internet Technology and Secured Transactions (ICITST), 2011 International Conference for (pp. 771-776). IEEE.
- A. Mahajan, M. Dahiya, and H. Sanghvi, “Forensic Analysis of Instant Messenger Applications on Android Devices,” International Journal of Computer Applications, vol. 68, no. 8, pp. 38–44, 2013
- Al Muttawa, N., Baggili, I., & Marrington, A. ” Forensic analysis of social networking applications on mobile devices”, 2012, Digital Investigation, 9, S24-S33.
- C. Carpene, “Looking to iPhone backup files for evidence extraction,” in Proceedings of the 9th Australian Digital Forensics Conference, 2011, pp. 16–32.
- H. Chu, S. Yang, S. Wang, and J. Park, “The Partial Digital Evidence Disclosure in Respect to the Instant Messaging Embedded in Viber Application Regarding an Android Smart Phone,” in Proceedings of the 4th FTRA International Conference on Information Technology Convergence and Services (ITCS-12), 2012, pp. 171–178.
- M. Kiley, S. Dankner, and M. Rogers, “Forensic Analysis of Volatile Instant Messaging,” in in Advances in Digital Forensics IV, vol. 285, 2008, pp. 129–138.
- The Register, “Italian crooks use Skype to frustrate wiretaps,” 2009.
- Europol, “Threat Assessment - Italian organised crime,” 2013.
Index Terms
Keywords