**5. Results and analysis of malicious apps**

Virtual demonstration of crime investigation that was carried specifically discussed a total of 9805 forensic messages that may be indicative of unlawful activities in cyber laws with the participants. Further simulations showed that there are intrusion detectors, such as Snort IDS that organizations can install within the gateway to their networks in order to instantly report and log malicious events as they are occurring or migrating in and out of the networks with the participants. The experiments simulated that SIDS is capable of tracking malware apps and to further expose potential perpetrators of illegal probing of cyber physical systems. The results also showed the existence of malicious apps that intended to spy specific ports of digital devices, unlawful propagation of packets with extremely long parameters; intrusions with invalid File Transfer Protocol (FTP) commands at Disk Operating System (DOS) command line, intrusions that intend to flout the loading of certain web pages and hypertext links and intrusions that spy the Hypertext Transfer Protocol (HTTP) addresses were tracked by intrusion detectors. Furthermore, it was demonstrated that detectives can trail and arrest all the suspects of malware apps through the sources of malicious activities. The sources (or addresses) of illegal FTP messages that have packets with extended payloads that exceed beyond
