Georgia Southern University Digital Commons@Georgia Southern Electronic Theses and Dissertations Graduate Studies, Jack N. Averitt College of Spring 2018 Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data Majeed Kayode Raji Follow this and additional works at: https://digitalcommons.georgiasouthern.edu/etd Part of the Business Analytics Commons, Business Intelligence Commons, Computational Engineering Commons, and the Other Engineering Commons Recommended Citation Raji, Majeed Kayode, "Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data" (2018). Electronic Theses and Dissertations. 1879. https://digitalcommons.georgiasouthern.edu/etd/1879 This thesis (open access) is brought to you for free and open access by the Graduate Studies, Jack N. Averitt College of at Digital Commons@Georgia Southern. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of Digital Commons@Georgia Southern. For more information, please contact [email protected]. DIGITAL FORENSIC TOOLS & CLOUD-BASED MACHINE LEARNING FOR ANALYZING CRIME DATA by MAJEED KAYODE RAJI (Under the Direction of Hayden Wimmer) ABSTRACT Digital forensics is a branch of forensic science in which we can recreate past events using forensic tools for a legal measure. Also, the increase in the availability of mobile devices has led to their use in criminal activities. Moreover, the rate at which data is being generated has been on the increase which has led to big data problems. With cloud computing, data can now be stored, processed and analyzed as they are generated. This thesis document consists of three studies related to data analysis. The first study involves analyzing data from an Android smartphone while making a comparison between two forensic tools; Paraben E3: DS and Autopsy. At the end of the study, it was concluded that most of the activities performed on a rooted Android device can be found in its internal memory. In the second study, the Snapchat application was analyzed on a rooted Android device to see how well it handles privacy issues. The result of the study shows that some of the predefined activities performed on the Snapchat application as well as user information can be retrieved using Paraben E3: DS forensic tool. The third study, machine learning services on Microsoft Azure and IBM Watson were used in performing predictive analysis to uncover their performance. At the end of the experiments, the Azure machine learning studio was seen to be more user- friendly and builds models faster compared to the SSPS Modeler in the IBM Watson Studio. This research is important as data needs to be analyzed in order to generate insights that can aid organizations or police departments in making the best decisions when analyzing crime data. INDEX WORDS: Digital forensics, Autopsy, Paraben E3: DS, Android, Smartphone, Big data, Cloud, Machine learning, Azure, IBM DIGITAL FORENSIC TOOLS & CLOUD-BASED MACHINE LEARNING FOR ANALYZING CRIME DATA by MAJEED RAJI B.Eng., Covenant University, Nigeria, 2014 A Thesis Submitted to the Graduate Faculty of Georgia Southern University in Partial Fulfillment of the Requirements for the Degree MASTER OF SCIENCE STATESBORO, GEORGIA © 2019 MAJEED RAJI All Rights Reserved 1 DIGITAL FORENSIC TOOLS & CLOUD-BASED MACHINE LEARNING FOR ANALYZING CRIME DATA by MAJEED RAJI Major Professor: Hayden Wimmer Committee: Lei Chen Weitian Tong Electronic Version Approved: May 2019 2 DEDICATION I dedicate this to my family for believing in me and their willingness to invest their money on me getting the best education. 3 ACKNOWLEDGMENTS Towards the completion of my thesis, I would like to acknowledge the efforts of my professors, friends, parents and my siblings. I would also like to give special thanks to Dr. Hayden Wimmer and Dr. Lei Chen for their utmost guidance, and Dr. Weitian Tong for his valuable feedback. 4 TABLE OF CONTENTS ACKNOWLEDGMENTS ............................................................................................................................ 3 TABLE OF FIGURES .................................................................................................................................. 8 LIST OF TABLES ........................................................................................................................................ 9 1 INTRODUCTION ................................................................................................................................ 10 2 LITERATURE REVIEW ..................................................................................................................... 12 2.1 Study 1: Analyzing Data from an Android Smartphone while Comparing between Two Forensic Tools ......................................................................................................... 12 2.2 Study 2: Digital Forensic Analysis of Snapchat Application on a Rooted Android Smartphone ...................................................................................................................... 14 2.3 Study 3: Cloud-Based Machine Learning of Crime Data ......................................... 16 3 STUDY 1: ANALYZING DATA FROM AN ANDROID SMARTPHONE WHILE COMPARING BETWEEN TWO FORENSIC TOOLS ..................................................................................................... 20 3.1 Introduction ............................................................................................................... 20 3.2 Methodology ............................................................................................................. 20 3.2.1 Testing Environment and Equipment ............................................................. 21 3.2.2 Analysis and Testing ....................................................................................... 22 3.2.2.1 Rooting ................................................................................................... 22 3.2.2.2 Scenario .................................................................................................. 22 5 3.2.2.3 FileSystem Acquisition........................................................................... 23 3.2.2.4 Analysis .................................................................................................. 24 3.3 Results ....................................................................................................................... 24 3.3.1 Facebook Artifacts ........................................................................................... 25 3.3.2 Twitter Artifacts ............................................................................................... 25 3.3.3 WhatsApp Artifact ........................................................................................... 26 3.3.4 Google Drive Artifacts ..................................................................................... 26 3.3.5 Other Artifacts .................................................................................................. 27 3.3.6 Summary .......................................................................................................... 27 3.4 Implication for Practice ............................................................................................. 28 3.5 Conclusion ................................................................................................................. 28 3.6 Future Work .............................................................................................................. 29 4 STUDY 2: DIGITAL FORENSIC ANALYSIS OF SNAPCHAT APPLICATION ON A ROOTED ANDROID SMARTPHONE ...................................................................................................................... 30 4.1 Introduction ............................................................................................................... 30 4.2 Methodology ............................................................................................................. 30 4.2.1 Testing Environment and Tools ....................................................................... 31 4.2.2 Analysis and Testing ........................................................................................ 31 4.2.2.1 Rooting ................................................................................................... 31 4.2.2.2 User Activities ........................................................................................ 31 4.2.2.3 Filesystem Acquisition ........................................................................... 32 6 4.2.2.4 Examination and Analysis ...................................................................... 33 4.3 Results ....................................................................................................................... 34 4.4 Conclusion ................................................................................................................. 35 4.5 Future Work .............................................................................................................. 36 5 STUDY 3: CLOUD-BASED MACHINE LEARNING OF CRIME DATA ....................................... 37 5.1 Introduction ............................................................................................................... 37 5.2 Methodology ............................................................................................................. 39 5.2.1 Data Preparation ..............................................................................................