A Forensically Sound Adversary Model for Mobile Devices

In this paper, we propose an adversary model to facilitate forensic investigations of mobile devices (e.g. Android, iOS and Windows smartphones) that can be readily adapted to the latest mobile device technologies. This is essential given the ongoing and rapidly changing nature of mobile device technologies. An integral principle and significant constraint upon forensic practitioners is that of forensic soundness. Our adversary model specifically considers and integrates the constraints of forensic soundness on the adversary, in our case, a forensic practitioner. One construction of the adversary model is an evidence collection and analysis methodology for Android devices. Using the methodology with six popular cloud apps, we were successful in extracting various information of forensic interest in both the external and internal storage of the mobile device.

[1]  Chung-Huang Yang,et al.  Design and Implementation of Live SD Acquisition Tool in Android Smart Phone , 2011, 2011 Fifth International Conference on Genetic and Evolutionary Computing.

[2]  Jiankun Hu,et al.  A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns , 2014, IEEE Transactions on Computers.

[3]  Thomas J. Holt,et al.  Examining the Relationship Between Routine Activities and Malware Infection Indicators , 2013 .

[4]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[5]  Philip Robinson,et al.  Privacy, Security and Trust within the Context of Pervasive Computing (The Kluwer International Series in Engineering and Computer Science) , 2004 .

[6]  Kim-Kwang Raymond Choo,et al.  Mobile device forensics: a snapshot , 2013 .

[7]  Nicolas Christin,et al.  Passe-Partout: A General Collection Methodology for Android Devices , 2013, IEEE Transactions on Information Forensics and Security.

[8]  Markus Miettinen,et al.  Host-Based Intrusion Detection for Advanced Mobile Devices , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[9]  Pedro José Marrón,et al.  Exploring the Relationship Between Context and Privacy , 2005 .

[10]  Kim-Kwang Raymond Choo,et al.  Exfiltrating data from Android devices , 2015, Comput. Secur..

[11]  L. Futcher,et al.  IFIP – The International Federation for Information Processing , 2004 .

[12]  Kim-Kwang Raymond Choo,et al.  An integrated conceptual digital forensic framework for cloud computing , 2012, Digit. Investig..

[13]  Rodney McKemmish,et al.  When is Digital Evidence Forensically Sound? , 2008, IFIP Int. Conf. Digital Forensics.

[14]  Sangjin Lee,et al.  A study of user data integrity during acquisition of Android devices , 2013, Digit. Investig..

[15]  Kim-Kwang Raymond Choo,et al.  Remote Programmatic vCloud Forensics , 2014 .

[16]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[17]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[18]  Eoghan Casey,et al.  What does "forensically sound" really mean? , 2007, Digit. Investig..

[19]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[20]  M. P. F. C. A. J. Sammes BSc,et al.  Forensic Computing , 2000, Practitioner Series.

[21]  GlissonWilliam Bradley,et al.  An empirical comparison of data recovered from mobile forensic toolkits , 2013 .

[22]  Yajin Zhou,et al.  The impact of vendor customizations on android security , 2013, CCS.

[23]  Nicolas Christin,et al.  Toward a general collection methodology for Android devices , 2011, Digit. Investig..

[24]  Kim-Kwang Raymond Choo,et al.  Cloud security ecosystem , 2015, The Cloud Security Ecosystem.

[25]  Gary C. Kessler,et al.  Android forensics: Simplifying cell phone examinations , 2010 .

[26]  Klara Nahrstedt,et al.  Identity, location, disease and more: inferring your secrets from android public resources , 2013, CCS.

[27]  Tim Storer,et al.  An empirical comparison of data recovered from mobile forensic toolkits , 2013, Digit. Investig..

[28]  Kim-Kwang Raymond Choo,et al.  Mobile cloud forensics: An analysis of seven popular Android apps , 2015, The Cloud Security Ecosystem.

[29]  Kim-Kwang Raymond Choo,et al.  Conceptual evidence collection and analysis methodology for Android devices , 2015, The Cloud Security Ecosystem.