Abstract
Criminals and terrorists have become good at using the smartphones. The traditional reactive forensics responds only after an incident. Smartphone OS should include proactive forensics support (pfs), that deals with pre-incident preparation. We designed pfs for a custom Android ROM. All configured user activities are monitored stealthily, and opportunistically transferred to the cloud for further investigation. This includes SMS, call log, browser history, etc. We also add a keylogger and call tapping facility. We built two Android apps + a PC client that authenticates a forensics investigator and permits to browse, record, save the activities of the criminal user.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
E.g., see A Glimpse of iOS 10 from a Smartphone Forensic Perspective, by Heather Mahalik, September 17, 2016, http://www.forensicswiki.org/wiki/Blackberry_Forensics, and https://www.gillware.com/forensics/windows-phone-forensics.
- 3.
E.g., see Kali Linux https://www.kali.org/ even has a boot option for forensics, https://en.wikipedia.org/wiki/List_of_digital_forensics_tools http://forensicswiki.org/wiki/Tools, and http://linoxide.com/linux-how-to/forensics-tools-linux/ July 20, 2016, .
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
References
Aiyyappan, P.S.: Android Forensic Support Framework. Master’s thesis, Amrita Vishwa Vidyapeetham, Ettimadai, Tamil Nadu, India (2015). http://cecs.wright.edu/~pmateti/Students/. Advisor: Prabhaker Mateti
Anglano, C.: Forensic analysis of WhatsApp messenger on android smartphones. Digit. Invest. 11(3), 201–213 (2014)
Anglano, C., Canonico, M., Guazzone, M.: Forensic analysis of the chat secure instant messaging application on android smartphones. Digit. Invest. 19, 44–59 (2016)
Annuzzi Jr., J., Darcey, L., Conder, S.: Introduction to Android Application Development: Android Essentials, 5 edn., p. 672. Pearson Education, Hoboken (2016)
Azfar, A., Choo, K.-K.R., Liu, L.: An android communication app forensic taxonomy. J. Forensic Sci. 61(5), 1337–1350 (2016)
Carlo, A.D.: Android Forensics with Free/Open Source Tools (2016). www.slideshare.net
CyberPunk. Android Free Forensic Toolkit (2015). http://n0where.net/Android-free-forensic-toolkit
Elenkov, N.: Android Security Internals: An In-Depth Guide to Android’s Security Architecture. No Starch Press, San Francisco (2014)
Google, Com. android.os.FileObserver Class. Google.com (201x). AOSP/../java/android/os/FileObserver.java
Grover, J.: Automated data collection and reporting from a mobile device. Digit. Invest. 10, S12–S20 (2013). https://github.com/jgrover/DroidWatch
Guido, M., Buttner, J., Grover, J.: Rapid differential forensic imaging of mobile devices. Digit. Invest. 18, S46–S54 (2016)
Hazra, S.: Stealth File Systems for Proactive Forensics on Android. Master’s thesis, Amrita Vishwa Vidyapeetham, Amritapuri, Kerala, India (2017). http://cecs.wright.edu/~pmateti/Students/. Subproject: FUSE-based Mounting of Cloud Storage. Advisor: Prabhaker Mateti
Hokke, O., Kolpa, A., van den Oever, J., Walterbos, A., Pouwelse, J.: A Self-Compiling Android Data Obfuscation Tool (2015). arXiv:1502.01625
Hoog, A.: Android Forensics: Invest. Analysis and Mobile Security for Google Android. Syngress/Elsevier, Amsterdam (2011)
Karpisek, F., Baggili, I., Breitinger, F.: WhatsApp network forensics: decrypting and understanding the WhatsApp call signaling messages. Digit. Invest. 15, 110–118 (2015)
Kong, J.: Data Extraction on MTK-based android mobile phone forensics. J. Digit. Forensics Secur. Law: JDFSL 10(4), 31 (2015)
Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, Fidelity and stealth in the DRAKVUF dynamic malware analysis system. In: 30th Annual Computer Security Applications Conference, pp. 386–395. ACM (2014)
Macht, H.: Live Memory Forensics on Android with Volatility. Master’s thesis, Friedrich-Alexander University Erlangen-Nuremberg (2013)
Mateti, P.: Design and Construction of a new Highly Secure Android ROM. Technical report, Amrita Viswa Vidyapeetham and Wright State University, Ettimadai, Tamil Nadu, India; Dayton, OH, USA (2015). http://cecs.wright.edu/~pmateti/Students/Theses/
McGovern, R.: inotifywait for Android (2012). https://github.com/mkttanabe/inotifywait-for-Android
Mylonas, A., Meletiadis, V., Tsoumas, B., Mitrou, L., Gritzalis, D.: Smartphone forensics: a proactive investigation scheme for evidence acquisition. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 249–260. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_21
Neuner, S., Voyiatzis, A.G., Schmiedecker, M., Brunthaler, S., Katzenbeisser, S., Weippl, E.R.: Time is on my side: steganography in filesystem metadata. Digit. Invest. 18, S76–S86 (2016)
Peinado, M., Kim, T.: System and Method for Providing Stealth Memory. US Patent 9,430,402 (2016)
Rao, K.M.: Proactive Forensic Support for Android Devices. Master’s thesis, Amrita Vishwa Vidyapeetham, Ettimadai, Tamil Nadu, India (2016). http://cecs.wright.edu/~pmateti/Students/. Advisor: Prabhaker Mateti
Shah, C.: An Analysis. Technical report, McAfee.com. https://blogs.mcafee.com/mcafee-labs/zeus-crimeware-toolkit/
Shortall, A., Azhar, M.A.H.B.: Forensic acquisitions of whatsapp. data on popular mobile platforms. In: 2015 Sixth International Conference on Emerging Security Technologies (EST), pp. 13–17. IEEE (2015)
Shuaibu, M.Z., Bala, A.: WhatsApp forensics and its challenges for android smartphone. Global J. Adv. Eng. Technol. Sci. 8 (2016)
Simon, L., Anderson, R.: Security analysis of android factory resets. In: 3rd Mobile Security Technologies Workshop (MoST) (2015)
Tamma, R., Tindall, D.: Learning Android Forensics. Packt Publishing, Birmingham (2015)
Terpstra, M.: WhatsApp & Privacy. Master’s thesis, Radboud University Nijmegen, Netherlands (2013)
Thakur, N.S.: Forensic Analysis of WhatsApp on Android Smartphones. Master’s thesis, University of New Orleans (2013)
Yaghmour, K.: Embedded Android: Porting, Extending, and Customizing, p. 95472. O’Reilly Media Inc., Sebastopol (2013)
Zimmermann, C., Spreitzenbarth, M., Schmitt, S., Freiling, F.C.: Forensic analysis of YAFFS2. In: Sicherheit, pp. 59–69 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Rao, K.M., Aiyyappan, P.S., Mateti, P. (2017). Adding Continuous Proactive Forensics to Android. In: Thampi, S., MartÃnez Pérez, G., Westphall, C., Hu, J., Fan, C., Gómez Mármol, F. (eds) Security in Computing and Communications. SSCC 2017. Communications in Computer and Information Science, vol 746. Springer, Singapore. https://doi.org/10.1007/978-981-10-6898-0_28
Download citation
DOI: https://doi.org/10.1007/978-981-10-6898-0_28
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-6897-3
Online ISBN: 978-981-10-6898-0
eBook Packages: Computer ScienceComputer Science (R0)