Detecting Manipulated Smartphone Data on Android and iOS Devices

Ever improving technology allows smartphones to become an integral part of people’s lives. The reliance on and ubiquitous use of smartphones render these devices rich sources of data. This data becomes increasingly important when smartphones are linked to criminal or corporate investigations. To erase data and mislead digital forensic investigations, end-users can manipulate the data and change recorded events. This paper investigates the effects of manipulating smartphone data on both the Google Android and Apple iOS platforms. The deployed steps leads to the formulation of a generic process for smartphone data manipulation. To assist digital forensic professionals with the detection of such manipulated smartphone data, this paper introduces an evaluation framework for smartphone data. The framework uses key traces left behind as a result of the manipulation of smartphone data to construct techniques to detect the changed data. The outcome of this research study successfully demonstrates the manipulation of smartphone data and presents preliminary evidence that the suggested framework can assist with the detection of manipulated smartphone data.

[1]  Ryan Harris,et al.  Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem , 2006, Digit. Investig..

[3]  Richard P. Ayers,et al.  Guidelines on Mobile Device Forensics , 2014 .

[4]  K. W. Tracy Mobile Application Development Experiences on Apple¿s iOS and Android OS , 2012, IEEE Potentials.

[5]  Gaurav Gupta,et al.  Preserving Dates and Timestamps for Incident Handling in Android Smartphones , 2014, IFIP Int. Conf. Digital Forensics.

[6]  Felix C. Freiling,et al.  Forensic Analysis of YAFFS2 , 2012, Sicherheit.

[7]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[8]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[9]  Rohit Tamma,et al.  Learning Android Forensics , 2015 .

[10]  Giuseppe Cattaneo,et al.  A Novel Anti-forensics Technique for the Android OS , 2011, 2011 International Conference on Broadband and Wireless Computing, Communication and Applications.

[11]  Lilian Mitrou,et al.  Reengineering the user: privacy concerns about personal data on smartphones , 2015, Inf. Comput. Secur..

[12]  Sangjin Lee,et al.  A recovery method of deleted record for SQLite database , 2011, Personal and Ubiquitous Computing.

[13]  Jin-Soo Kim,et al.  Tuning the Ext4 Filesystem Performance for Android-Based Smartphones , 2011, ICFCE.

[14]  Hui Liu,et al.  Novel Anti-forensics Approaches for Smart Phones , 2012, 2012 45th Hawaii International Conference on System Sciences.

[15]  Chen Liang,et al.  An Anti-Forensics Method against Memory Acquiring for Android Devices , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[16]  Kim-Kwang Raymond Choo,et al.  iOS Anti-forensics: How Can We Securely Conceal, Delete and Insert Data? , 2014, 2014 47th Hawaii International Conference on System Sciences.

[17]  Heloise Pieterse,et al.  Smartphones as Distributed Witnesses for Digital Forensics , 2014, IFIP Int. Conf. Digital Forensics.

[18]  Giuseppe Cattaneo,et al.  On the Construction of a False Digital Alibi on the Android OS , 2011, 2011 Third International Conference on Intelligent Networking and Collaborative Systems.

[19]  Gary C. Kessler,et al.  Android forensics: Simplifying cell phone examinations , 2010 .

[20]  Heloise Pieterse,et al.  Evaluating the Authenticity of Smartphone Evidence , 2017, IFIP Int. Conf. Digital Forensics.

[21]  William Bradley Glisson,et al.  Android Anti-forensics: Modifying CyanogenMod , 2014, 2014 47th Hawaii International Conference on System Sciences.

[22]  Mattia Epifani,et al.  Learning iOS Forensics , 2015 .

[23]  Gaurav Gupta,et al.  Forensic-Ready Secure iOS Apps for Jailbroken iPhones , 2015, IFIP Int. Conf. Digital Forensics.

[24]  Heloise Pieterse,et al.  Playing hide-and-seek: Detecting the manipulation of Android Timestamps , 2015, 2015 Information Security for South Africa (ISSA).