Skype Forensics in Android Devices

The discipline of smartphone forensics has recently got more attention because of the tremendous growth in the smartphones market. Smartphones, to some extent, have similar capabilities to that of PCs. They can store large amount of data and divergent categories of information. Among other mobile platforms, Android-based devices are getting more popularity. Variety of mobile Applications (Apps) are increasingly developed to mainly extend the functionally of the phones. The usage of Voice over IP (VoIP) Apps has explosively increased for their wide availability and cheap prices. As Skype is one of the most popular VoIP Apps, in this paper we investigate the artifacts of Skype calls and chats in the Android devices. We inspect both the RAM and NAND flash memories in different scenarios and time durations. Even though Skype provides secure communications over the Internet, this paper shows that Skype call and chat evidences can be truly found in the devices. To the best of our knowledge, we are the first to investigate Skype in the Android devices. General Terms Digital Forensics, Cyber Security

[1]  Mehdi Jahanirad,et al.  Security measures for VoIP application: a state of the art review , 2011 .

[2]  Nicolas Christin,et al.  Toward a general collection methodology for Android devices , 2011, Digit. Investig..

[3]  Vrizlynn L. L. Thing,et al.  Live memory forensics of mobile phones , 2010, Digit. Investig..

[4]  Golden G. Richard,et al.  Acquisition and analysis of volatile memory from android devices , 2012, Digit. Investig..

[5]  Amjad Zareen,et al.  Notice of Violation of IEEE Publication PrinciplesMobile Phone Forensics: Challenges, Analysis and Tools Classification , 2010, 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[6]  Tal Garfinkel,et al.  Data lifetime is a systems problem , 2004, EW 11.

[7]  Frank Adelstein,et al.  Visualization in testing a volatile memory forensic tool , 2011, Digit. Investig..

[8]  Edgar R. Weippl,et al.  Guess Who's Texting You? Evaluating the Security of Smartphone Messaging Applications , 2012, NDSS.

[9]  Tal Garfinkel,et al.  Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation , 2005, USENIX Security Symposium.

[10]  David M Levinson,et al.  Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering , 2009, Complex.

[11]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[12]  Jill Slay,et al.  Recovery of Skype Application Activity Data from Physical Memory , 2010, 2010 International Conference on Availability, Reliability and Security.

[13]  Peter M. Broadwell,et al.  Scrash: A System for Generating Secure Crash Information , 2003, USENIX Security Symposium.

[14]  Ewa Huebner,et al.  User data persistence in physical memory , 2007, Digit. Investig..

[15]  Mohammed I. Al-Saleh,et al.  Utilizing data lifetime of TCP buffers in digital forensics: Empirical study , 2012, Digit. Investig..

[16]  Andrew Hoog Android forensics : investigation, analysis, and mobile security for Google Android / Andrew Hoog ; John McCash, technical editor. , 2011 .

[17]  Tal Garfinkel,et al.  Understanding data lifetime via whole system simulation , 2004 .

[18]  Svein Yngvar Willassen Forensic Analysis of Mobile Phone Internal Memory , 2005, IFIP Int. Conf. Digital Forensics.

[19]  Jill Slay,et al.  Voice over IP forensics , 2008, e-Forensics '08.

[20]  Maynard Yates Practical investigations of digital forensics tools for mobile devices , 2010, InfoSecCD.

[21]  Nick L. Petroni,et al.  Volatools : Integrating Volatile Memory Forensics into the Digital Investigation Process , 2007 .