Android Anti-forensics: Modifying CyanogenMod

Mobile devices implementing Android operating systems inherently create opportunities to present environments that are conducive to anti-forensic activities. Previous mobile forensics research focused on applications and data hiding anti-forensics solutions. In this work, a set of modifications were developed and implemented on a CyanogenMod community distribution of the Android operating system. The execution of these solutions successfully prevented data extractions, blocked the installation of forensic tools, created extraction delays and presented false data to industry accepted forensic analysis tools without impacting normal use of the device. The research contribution is an initial empirical analysis of the viability of operating system modifications in an anti-forensics context along with providing the foundation for future research.

[1]  Wayne Jansen,et al.  Guidelines on Cell Phone Forensics , 2007 .

[2]  Tim Storer,et al.  An empirical comparison of data recovered from mobile forensic toolkits , 2013, Digit. Investig..

[3]  Giuseppe Cattaneo,et al.  A Novel Anti-forensics Technique for the Android OS , 2011, 2011 International Conference on Broadband and Wireless Computing, Communication and Applications.

[4]  Tim Storer,et al.  Investigating Information Security Risks of Mobile Device Use within Organizations , 2013, AMCIS.

[5]  Gianluigi Me,et al.  Android anti-forensics through a local paradigm , 2010, Digit. Investig..

[6]  Ryan Harris,et al.  Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem , 2006, Digit. Investig..

[7]  Gary C. Kessler,et al.  Anti-Forensics and the Digital Investigator , 2007 .

[8]  Hui Liu,et al.  Are We Relying Too Much on Forensics Tools? , 2011, SERA.

[9]  Tim Storer,et al.  A comparison of forensic evidence recovery techniques for a windows mobile smart phone , 2011, Digit. Investig..

[10]  Tim Storer,et al.  Using Smartphones as a Proxy for Forensic Evidence Contained in Cloud Storage Services , 2013, 2013 46th Hawaii International Conference on System Sciences.

[11]  Hui Liu,et al.  Novel Anti-forensics Approaches for Smart Phones , 2012, 2012 45th Hawaii International Conference on System Sciences.

[12]  Shiuh-Jeng Wang,et al.  The Partial Digital Evidence Disclosure in Respect to the Instant Messaging Embedded in Viber Application Regarding an Android Smart Phone , 2012, ITCS.

[13]  Juanru Li,et al.  Android Malware Forensics: Reconstruction of Malicious Events , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[14]  Tim Storer,et al.  Electronic retention: what does your mobile phone reveal about you? , 2011, International Journal of Information Security.

[15]  Giuseppe Cattaneo,et al.  On the Construction of a False Digital Alibi on the Android OS , 2011, 2011 Third International Conference on Intelligent Networking and Collaborative Systems.