Introduction to Mobile Apps Forensics


In today’s society, mobile apps have become increasingly commonplace. These applications have a wide range of uses – covering games, communication, education and privacy. This blog will explore the popular applications Periscope, Yik Yak, Snapchat and Private Photo (Calculator%), and our goal is to determine what forensic artifacts are recoverable from each application based on the operating system used (i.e. Android and iOS).


The team behind this project will be using both an Android Nexus 7 and an iPhone 5 to generate data for each of the applications. A cellebrite UFED Touch will be used to image the devices, while a UFED Logical Analyzer and SQLite browser will be used to perform an analysis.

A baseline image has been taken of each device so our team can properly identify any artifacts left by the apprlications. While generating data, a record of timestamps and inputs will be kept to be compared to the analyzed images.

The questions our project seeks to answer are:

  • Is there a difference in how these applications store data between iOS and Android devices?
  • Is there a difference in the data recovered based on the method of extraction?
  • Are conversations, photos, or video recoverable?
  • Which application is the least secure?


The hope for this project is that the findings will improve the skills of Vermont’s digital forensic community by providing information on how to examine cases involving live streaming and privacy mobile apps.

More Research Projects
The Leahy Center Inventory Project
Social Media Footprint Awareness
My Experience on The VPN Comparison Team