User Relationship Classification of Facebook Messenger Mobile Data using WEKA

  • Amber UmairEmail author
  • Priyadarsi Nanda
  • Xiangjian He
  • Kim-Kwang Raymond Choo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11058)


Mobile devices are a wealth of information about its user and their digital and physical activities (e.g. online browsing and physical location). Therefore, in any crime investigation artifacts obtained from a mobile device can be extremely crucial. However, the variety of mobile platforms, applications (apps) and the significant size of data compound existing challenges in forensic investigations. In this paper, we explore the potential of machine learning in mobile forensics, and specifically in the context of Facebook messenger artifact acquisition and analysis. Using Quick and Choo (2017)’s Digital Forensic Intelligence Analysis Cycle (DFIAC) as the guiding framework, we demonstrate how one can acquire Facebook messenger app artifacts from an Android device and an iOS device (the latter is, using existing forensic tools. Based on the acquired evidence, we create 199 data-instances to train WEKA classifiers (i.e. ZeroR, J48 and Random tree) with the aim of classifying the device owner’s contacts and determine their mutual relationship strength.


Mobile forensics Social network information forensics Weka 



The first author is supported by the Australian Government Research Training Program Scholarship.


  1. 1.
    Anglano, C., Canonico, M., Guazzone, M.: Forensic analysis of telegram messenger on android smartphones. Digit. Invest. 23, 31–49 (2017)CrossRefGoogle Scholar
  2. 2.
    Azuaje, F.: Witten IH, Frank E: data mining: practical machine learning tools and techniques 2nd edition. BioMed. Eng. OnLine 5(1), 51 (2006). Scholar
  3. 3.
    Barmpatsalou, K., Cruz, T., Monteiro, E., Simoes, P.: Current and future trends in mobile device forensics - a survey. ACM Comput. Surv. 51, 46 (2018)CrossRefGoogle Scholar
  4. 4.
    Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefGoogle Scholar
  5. 5.
    Cahyani, N.D.W., Ab Rahman, N.H., Glisson, W.B., Choo, K.K.R.: The role of mobile forensics in terrorism investigations involving the use of cloud storage service and communication apps. Mob. Netw. Appl. 22(2), 240–254 (2017)CrossRefGoogle Scholar
  6. 6.
    Daryabar, F., Dehghantanha, A., Choo, K.K.R.: Cloud storage forensics: mega as a case study. Aust. J. Forensic Sci. 49(3), 344–357 (2017). Scholar
  7. 7.
    Dezfouli, F.N., Dehghantanha, A., Eterovic-Soric, B., Choo, K.K.R.: Investigating social networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on android and iOS platforms. Aust. J. Forensic Sci. 48(4), 469–488 (2016). Scholar
  8. 8.
    Lee, K., Palsetia, D., Narayanan, R., Patwary, M.M.A., Agrawal, A., Choudhary, A.: Twitter trending topic classification. In: IEEE 11th International Conference on Data Mining Workshops, pp. 251–258, December 2011.
  9. 9.
    Marturana, F., Me, G., Berte, R., Tacconi, S.: A quantitative approach to triaging in mobile forensics. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 582–588, November 2011.
  10. 10.
    Patil, T.R., Sherekar, S.: Performance analysis of Naive Bayes and J48 classification algorithm for data classification. Int. J. Comput. Sci. Appl. 6(2), 256–261 (2013)Google Scholar
  11. 11.
    Quick, D., Choo, K.K.R.: Pervasive social networking forensics: intelligence and evidence from mobile device extracts. J. Netw. Comput. Appl. 86, 24–33 (2017)CrossRefGoogle Scholar
  12. 12.
    Refaeilzadeh, P., Tang, L., Liu, H.: Cross-validation. In: Liu, L., Özsu, M.T. (eds.) Encyclopedia of Database Systems, pp. 532–538. Springer, Boston (2009). Scholar
  13. 13.
    Umair, A., Nanda, P., He, X.: Online social network information forensics: a survey on use of various tools and determining how cautious Facebook users are? In: IEEE Trustcom/BigDataSE/ICESS, pp. 1139–1144, August 2017.
  14. 14.
    Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of android social-messaging applications. Digit. Invest. 14, S77–S84 (2015). The Proceedings of the Fifteenth Annual DFRWS ConferenceCrossRefGoogle Scholar
  15. 15.
    Yang, T.Y., Dehghantanha, A., Choo, K.K.R., Muda, Z.: Windows instant messaging app forensics: Facebook and skype as case studies. PLoS ONE 11(3), 1–29 (2016). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of Electrical and Data EngineeringUniversity of Technology SydneySydneyAustralia
  2. 2.Department of Information Systems and Cyber SecurityThe University of Texas at San AntonioSan AntonioUSA

Personalised recommendations