Repository logo
 
Profile Picture
Person

Domingues, Patrício

Metadata only
AA15-6185-C477
0000-0002-6207-6292

Filters

Reset filters

Settings

Search Results

Now showing 1 - 10 of 18
  • Digital Forensic Artifacts of FIDO2 Passkeys in Windows 11
    Publication . Domingues, Patricio; Frade, Miguel; Negrão, Miguel
    FIDO2’s passkey aims to provide a passwordless authentication solution. It relies on two main protocols – WebAuthn and CTAP2 – for authentication in computer systems, relieving users from the burden of using and managing passwords. FIDO2’s passkey leverages asymmetric cryptography to create a unique public/private key pair for website authentication. While the public key is kept at the website/application, the private key is created and stored on the authentication device designated as the authenticator. The authenticator can be the computer itself – same-device signing –, or another device – cross-device signing –, such as an Android smartphone that connects to the computer through a short-range communication method (NFC, Bluetooth). Authentication is performed by the user unlocking the authenticator device. In this paper, we report on the digital forensic artifacts left on Windows 11 systems by registering and using passkeys to authenticate on websites. We show that digital artifacts are created in Windows Registry and Windows Event Log. These artifacts enable the precise dating and timing of passkey registration, as well as the usage and identification of the websites on which they have been activated and utilized. We also identify digital artifacts created when Android smartphones are registered and used as authenticators in a Windows system. This can prove useful in detecting the existence of smartphones linked to a given individual.
    2024-07-30Conference object Open access Show more
  • Defeating Colluding Nodes in Desktop Grid Computing Platforms
    Publication . Silaghi, Gheorghe Cosmin; Araujo, Filipe; Silva, Luis Moura; Domingues, Patrício; Arenas, Alvaro E.
    Desktop Grid systems reached a preeminent place among the most powerful computing platforms in the planet. Unfortunately, they are extremely vulnerable to mischief, because computing projects exert no administrative or technical control on volunteers. These can very easily output bad results, due to software or hardware glitches (resulting from over-clocking for instance), to get unfair computational credit, or simply to ruin the project. To mitigate this problem, Desktop Grid servers replicate work units and apply majority voting, typically on 2 or 3 results. In this paper, we observe that simple majority voting is powerless against malicious volunteers that collude to attack the project. We argue that to identify this type of attack and to spot colluding nodes, each work unit needs at least 3 voters. In addition, we propose to post-process the voting pools in two steps. i) In the first step, we use a statistical approach to identify nodes that were not colluding, but submitted bad results; ii) then, we use a rather simple principle to go after malicious nodes which acted together: they might have won conflicting voting pools against nodes that were not identified in step i. We use simulation to show that our heuristic can be quite effective against colluding nodes, in scenarios where honest nodes form a majority.
    2009-08-19Journal article Open access Show more
  • Digital Forensic Artifacts of the Cortana Device Search Cache on Windows 10 Desktop
    Publication . Domingues, Patrício; Frade, Miguel
    Microsoft Windows 10 Desktop edition has brought some new features and updated other ones that are of special interest to digital forensics analysis. The search box available on the taskbar, next to the Windows start button is one of these novelties. Although the primary usage of this search box is to act as an interface to the intelligent personal digital assistant Cortana, in this paper, we study the digital forensic artifacts of the search box on machines when Cortana is explicitly disabled. Specifically, we locate, characterize and analyze the content and dynamics of the JSON-based files that are periodically generated by the Cortana device search cache system. Forensically important data from these JSON files include the number of times each installed application has been run, the date of the last execution and the content of the custom jump list of the applications. Since these data are collected per user and saved in a resilient text format, they can help in digital forensics, mostly in assisting the validation of other sources of information.
    2016-08Conference paper Restricted access Show more
  • Digital forensic artifacts of the your phone application in Windows 10
    Publication . Domingues, Patricio Rodrigues; Frade, Miguel; Andrade, Luis Miguel; Silva, João Victor
    Your Phone is a Microsoft system that comprises two applications: a smartphone app for Android 7+ smartphones and a desktop application for Windows 10/18.03+. It allows users to access their most recent smartphonestored photos/screenshots and send/receive short message service (SMS) and multimedia messaging service (MMS) within their Your Phone-linked Windows 10 personal computers. In this paper, we analyze the digital forensic artifacts created at Windows 10 personal computers whose users have the Your Phone system installed and activated. Our results show that besides the most recent 25 photos/screenshots and the content of the last 30-day of sent/received SMS/MMS, the contact database of the linked smartphone(s) is available in a accessible SQLite3 database kept at the Windows 10 system. This way, when the linked smartphone cannot be forensically analyzed, data gathered through the Your Phone artifacts may constitute a valuable digital forensic asset. Furthermore, to explore and export the main data of the Your Phone database as well as recoverable deleted data, a set of python scripts – Your Phone Analyzer (YPA) – is presented. YPA is available wrapped within an Autopsy module to assist digital practitioners to extract the main artifacts from the Your Phone system.
    2019Journal article Open access Show more
  • Analyzing TikTok from a Digital Forensics Perspective
    Publication . Domingues, Patricio; Nogueira, Ruben; Francisco, José Carlos; Frade, Miguel
    TikTok is a major hit in the digital mobile world, quickly reaching the top 10 installed applications for the two main mobile OS, iOS and Android. This paper studies Android's TikTok application from a digital forensic perspective, analyzing the digital forensic artifacts that can be retrieved on a post mortem analysis and their associations with operations performed by the user. The paper also presents FAMA (Forensic Analysis for Mobile Apps), an extensible framework for the forensic software Autopsy, and FAMA's TikTok module that collects, analyzes, and reports on the main digital forensic artifacts of TikTok's Android application. The most relevant digital artifacts of TikTok include messages exchanged between TikTok so-called ``friends'', parts of the email/phone number of registered users, data about devices, and transactions with TikTok's virtual currency. One of the results of this research is the set of forensic traces left by users' transactions with TikTok's in-app virtual currency. Another result is the detection of patterns that exist in TikTok's integer IDs, allowing to quickly link any 64-bit TikTok's integer ID to the type of resources -- user, device, video, etc. -- that it represents.
    2021-09-30Journal article Open access Show more
  • A Digital Forensic View of Windows 10 Notifications
    Publication . Domingues, Patricio; Andrade, Luís; Frade, Miguel
    Windows Push Notifications (WPN) is a relevant part of Windows 10 interaction with the user. It is comprised of badges, tiles and toasts. Important and meaningful data can be conveyed by notifications, namely by so-called toasts that can popup with information regarding a new incoming email or a recent message from a social network. In this paper, we analyze the Windows 10 Notification systems from a digital forensic perspective, focusing on the main forensic artifacts conveyed by WPN. We also briefly analyze Windows 11 first release’s WPN system, observing that internal data structures are practically identical to Windows 10. We provide an open source Python 3 command line application to parse and extract data from the Windows Push Notification SQLite3 database, and a Jython module that allows the well-known Autopsy digital forensic software to interact with the application and thus to also parse and process Windows Push Notifications forensic artifacts. From our study, we observe that forensic data provided by WPN are scarce, although they still need to be considered, namely if traditional Windows forensic artifacts are not available. Furthermore, toasts are clearly WPN’s most relevant source of forensic data.
    2022-01-31Journal article Open access Show more
  • Post-mortem digital forensic artifacts of TikTok Android App
    Publication . Domingues, Patrício; Nogueira, Ruben; Francisco, José Carlos; Frade, Miguel
    TikTok is a social network known mostly for the creation and shar ing of short videos and for its popularity for those under 30 years old. Although it has only appeared as Android and iOS apps in 2017, it has gathered a large user base, being one of the most downloaded and used app. In this paper, we study the digital forensic artifacts of TikTok’s app that can be recovered with a post mortem analysis of an Android phone, detailing the databases and XML with data that might be relevant for a digital forensic practitioner. We also provide the module tiktok.py to extract several forensic artifacts of TikTok in a digital forensic analysis of an Android phone. The module runs under Autopsy’s Android Analyzer environment. Although TikTok offers a rich set of features, it is very internet-dependent, with a large amount of its inner data kept on the cloud, and thus not easily accessible in a post mortem analysis. Nonetheless, we were able to recover messages exchanged through the app commu nications channels, the list of TikTok users that have interacted with the TikTok account used at the smartphone, photos linked to the app and in some circumstances, TikTok’s videos watched by the smartphone’s user.
    2020Conference object Open access Show more
  • Post-mortem digital forensics analysis of the Zepp Life android application
    Publication . Domingues, Patricio; Francisco, José; Frade, Miguel
    This paper studies the post-mortem digital forensic artifacts left by the Android Zepp Life (formerly Mi Fit) mobile application when used in conjunction with a Xiaomi Mi Band 6. The Mi Band 6 is a low-cost smart band device with several sensors that allow for health and activity monitoring, collecting metrics such as heart rate, blood oxygen saturation level, and step count. The device communicates via Bluetooth Low Energy with the Zepp Life application, which displays its data, provides some controls, and acts as a bridge to the Internet. We study, from a digital forensics perspective, the Android version of the mobile application in a rooted smartphone. For this purpose, we analyze the data repositories, namely its databases and XML files, and correlate the data on the smartphone with the corresponding usage of the Mi Band device. The paper also presents two open-source scripts we have developed to ease the task of forensic practitioners dealing with Zepp Life/Mi Band 6: ZL_std and ZL_autopsy. The former refers to a Python 3 script that extracts high-level views of Zepp Life data through the command-line, whereas the latter is a module that integrates ZL_std functionalities within the popular open-source Autopsy digital forensic software. Data stored on the Android companion device of a Mi Band 6 might include GPS coordinates, events and alarms, and biometric data such as heart rate, sleep time, and fitness activity, which can be valuable digital forensic artifacts.
    2023-05-12Journal article Open access Show more
  • The Digital Footprints on the Run: A Forensic Examination of Android Running Workout Applications
    Publication . Nunes, Fabian; Domingues, Patricio; Frade, Miguel
    This study applies a forensic examination to six distinct Android fitness applications centered around monitoring running activities. The applications are Adidas Running, MapMyWalk,Nike Run Club, Pumatrac, Runkeeper and Strava. Specifically, we perform a post mortem analysis of each application to find and document artifacts such as timelines and Global Positioning System (GPS) coordinates of running workouts that could prove helpful in digital forensic investigations. First, we focused on the Nike Run Club application and used the gained knowledge to analyze the other applications, taking advantage of their similarity. We began by creating a test environment and using each application during a fixed period. This procedure allowed us to gather testing data, and, to ensure access to all data generated by the apps, we used a rooted Android smartphone. For the forensic analysis, we examined the data stored by the smartphone application and documented the forensic artifacts found. To ease forensic data processing, we created several Python modules for the well-known Android Logs Events And Protobuf Parser (ALEAPP) digital forensic framework. These modules process the data sources, creating reports with the primary digital artifacts, which include the workout activities and related GPS data.
    2024-08-23Journal article Open access Show more
  • Energy-Efficient and Portable Least Squares Prediction for Image Coding on a Mobile GPU
    Publication . Cordeiro, Pedro; Falcao, Gabriel; Domingues, Patrício; Rodrigues, Nuno; Faria, Sergio
    Least squares prediction is a technique used to foresee pixel values during image coding by finding the minimum square error of neighbouring pixels. It has shown considerable quality gains especially for complex images with high variations in pixel intensities. The drawback of this technique consists of high computational complexity, consuming the most significant part of processing time and resources available, which makes it difficult to implement in fast, lossy image coders. One challenge is therefore to reduce the computational time of this predictor, namely through the use of new parallel programming techniques, making it more attractive for state-of-the-art coder-decoders. Also, new algorithmic propositions are made, trying to reduce the time spent in exchange for rate-distortion performance. These propositions are senseful since this predictor is used not only in lossless image coding, but also in lossy as well. Another aim of this article is to analyze energy efficiency among different types of platforms for this signal processing algorithm. Comparisons are provided on parallel computing processors ranging from very powerful Graphics Computing Units (GPUs) to mobile General-Purpose GPUs.
    2017-04-27Conference paper Restricted access Show more