Study of identifying and managing the potential evidence for effective Android forensics

Abstract Since the advent of various IoT devices, the need for digital forensics for mobile devices that people use most closely in their daily lives has continued to grow. Besides, as Bring Your Own Device (BYOD) becomes the trend, devices store business-related information as well as privacy. Thus, mobile devices are becoming the most critical evidence of digital forensics. For practical mobile forensics, it is necessary to identify crime-related items among the many files inside the device accurately. Also, various user information for user behavior analysis from these files should be effectively extracted and managed as potential evidence to ensure integrity. This paper proposes an efficient forensics investigation method for mobile devices with Android OS, which holds the highest share in the world among mobile devices. In this paper, we studied data pre-processing (classification and identification of data), data analysis, evidence management, and Android data Taxonomy.

[1]  Eoghan Casey,et al.  Leveraging CybOX™ to standardize representation and exchange of digital forensic information , 2015, Digit. Investig..

[2]  Kim-Kwang Raymond Choo,et al.  Android Cache Taxonomy and Forensic Process , 2015, TrustCom 2015.

[3]  Soo Young Shin,et al.  Android forensics analysis: Private chat on social messenger , 2016, 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN).

[4]  Jeff H. Perkins,et al.  Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.

[5]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[6]  Xiaodong Lin,et al.  Automated forensic analysis of mobile applications on Android devices , 2018, Digit. Investig..

[7]  Simson L. Garfinkel,et al.  Digital forensics XML and the DFXML toolset , 2012, Digit. Investig..

[8]  Zhen Xu,et al.  A Dynamic Taint Analysis Tool for Android App Forensics , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[9]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[10]  Cosimo Anglano,et al.  Forensic analysis of WhatsApp Messenger on Android smartphones , 2014, Digit. Investig..

[11]  Kim-Kwang Raymond Choo,et al.  Forensic taxonomy of android productivity apps , 2017, Multimedia Tools and Applications.

[12]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[13]  Kim-Kwang Raymond Choo,et al.  Impacts of increasing volume of digital forensic data: A survey and future research challenges , 2014, Digit. Investig..

[14]  Thomas Laurenson,et al.  Towards a standardised strategy to collect and distribute application software artifacts , 2015 .

[15]  Lijun Zhang,et al.  The Forensic Analysis of WeChat Message , 2016, 2016 Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC).

[16]  Jaewoo Park,et al.  Forensic analysis of the backup database file in KakaoTalk messenger , 2017, 2017 IEEE International Conference on Big Data and Smart Computing (BigComp).

[17]  Daryl Johnson,et al.  Third Party Application Forensics on Apple Mobile Devices , 2011, 2011 44th Hawaii International Conference on System Sciences.

[18]  BarmpatsalouKonstantia,et al.  Current and Future Trends in Mobile Device Forensics , 2018 .

[19]  Nedaa Al Barghouthy,et al.  Social Networks IM Forensics: Encryption Analysis , 2013, J. Commun..

[20]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[21]  John C. S. Lui,et al.  TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime , 2016, CCS.

[22]  Sangjin Lee,et al.  Analysis of Smartphone-Based Location Information , 2012, CSA 2012.

[23]  Cosimo Anglano,et al.  Forensic analysis of Telegram Messenger on Android smartphones , 2017, Digit. Investig..

[24]  Lin Du,et al.  Forensic analysis of WeChat on Android smartphones , 2017, Digit. Investig..

[25]  Ali Dehghantanha,et al.  Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms , 2016 .

[26]  Lin Liu,et al.  DIGITAL & MULTIMEDIA SCIENCES , 2016 .

[27]  Kim-Kwang Raymond Choo,et al.  Forensic Taxonomy of Android Social Apps , 2016, Journal of forensic sciences.

[28]  Yingying Wang,et al.  Analyzing the analyzers: FlowDroid/IccTA, AmanDroid, and DroidSafe , 2018, ISSTA.

[29]  Georgios Kambourakis,et al.  A critical review of 7 years of Mobile Device Forensics , 2013, Digit. Investig..

[30]  Alex Nelson,et al.  Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language , 2017, Digit. Investig..

[31]  Sherali Zeadally,et al.  Mobile Forensics: Advances, Challenges, and Research Opportunities , 2017, IEEE Security & Privacy.

[32]  Matthew L. Dering,et al.  Composite Constant Propagation: Application to Android Inter-Component Communication Analysis , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[33]  Kim-Kwang Raymond Choo,et al.  Forensic Taxonomy of Popular Android mHealth Apps , 2015, AMCIS.

[34]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.