Abstract
Android is the most popular operating system among all smart phones. This popularity increased the chances that, an Android phone be involved in a crime, either in possession of a criminal or in possession of a victim. There are many techniques exist which help the investigator to gather and extract evidence from the Android smart phones. Each of these techniques has some advantages, disadvantages, and limitations. Therefore the investigator should have knowledge of all available data acquisition techniques. The data that can be potential evidence presents in different part of an Android device. Therefore during the forensic acquisition process, the order of volatility should be considered. In this study we introduced a comprehensive framework for data acquisition from Android smart phones. Then we described the details of each step.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)
Rivera, J., Van der Meulen, R.: Gartner says annual smartphone sales surpassed sales of feature phones for the first time in 2013. The Gartner, Egham (2014)
Eslahi, M., Var Naseri, M., Hashim, H., Tahir, N.M., Saad, E.H.M.: BYOD: Current state and security challenges. In: 2014 IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), pp. 189–192. IEEE (2014)
Misra, A., Dubey, A.: Android Security: Attacks and Defenses. CRC Press (2013)
Murphy, C.A.: Developing process for mobile device forensics (2009)
Ayers, R., Brothers, S., Jansen, W.: Guidelines on Mobile Device Forensics, vol. 800, p. 101. NIST Special Publication (2013)
Brezinski, D., Killalea, T.: Guidelines for evidence collection and archiving. Request for Comments: 3227 (2002)
Farmer, D., Venema, W.: Forensic Discovery, vol. 6. Addison-Wesley Upper Saddle River (2005)
Taylor, M., Hughes, G., Haggerty, J., Gresty, D., Almond, P.: Digital evidence from mobile telephone applications. Comput. Law Secur. Rev. 28(3), 335–339 (2012)
Smit, L., Stander, A., Ophoff, J.: An analysis of base station location accuracy within mobile-cellular networks. Int. J. Cyber-Secur. Digit. Forensics (IJCSDF) 1(4), 272–279 (2012)
Al-Zarouni, M.: Mobile handset forensic evidence: a challenge for law enforcement (2006)
Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. WOOT 10, 1–7 (2010)
Gutmann, P.: Data remanence in semiconductor devices. In: Proceedings of the 10th Conference on USENIX Security Symposium, vol. 10, pp. 4–4. USENIX Association (2001)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)
Müller, T., Spreitzenbarth, M.: Frost. In: Applied Cryptography and Network Security, pp. 373–388. Springer (2013)
Cannon, T., Bradford, S.: Into the droid: gaining access to android user data. In: DefCon Hacking Conference (DefCon12), Las Vegas, Nevada, USA (2012)
Munro, K.: Android scraping: accessing personal data on mobile devices. Netw. Secur. 2014(11), 5–9 (2014)
Casey, E.: Handbook of Computer Crime Investigation: Forensic Tools and Technology. Academic Press (2001)
Berte, R., Dellutri, F., Grillo, A., Lentini, A., Me, G., Ottaviani, V.: A methodology for smartphones internal memory acquisition, decoding and analysis. In: Handbook of Electronic Security and Digital Forensics, p. 383 (2010)
Macht, H.: Live memory forensics on android with volatility. Friedrich-Alexander University Erlangen-Nuremberg (2013)
Sylve, J., Case, A., Marziale, L., Richard, G.G.: Acquisition and analysis of volatile memory from android devices. Digit. Invest. 8(3), 175–184 (2012)
Breeuwsma, I., et al.: Forensic imaging of embedded systems using JTAG (boundary-scan). Digit. Invest. 3(1), 32–42 (2006)
Sylve, J.: Android mind reading: memory acquisition and analysis with lime and volatility (2012)
Brothers, S.: How cell phone “forensic” tools actually work-cell phone tool leveling system. In: DoD Cybercrime Conference (2011)
Zhu, M.: Mobile cloud computing: implications to smartphone forensic procedures and methodologies. Ph.D. thesis. Auckland University of Technology (2011)
Hoog, A.: Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Elsevier (2011)
Breeuwsma, M., De Jongh, M., Klaver, C., Van Der Knijff, R., Roeloffs, M.: Forensic data recovery from flash memory
Casadei, F., Savoldi, A., Gubian, P.: Forensics and sim cards: an overview. Int. J. Digit. Evid. 5(1), 1–21 (2006)
Jansen, W.A., Delaitre, A.: Reference material for assessing forensic sim tools. In: 2007 41st Annual IEEE International Carnahan Conference on Security Technology, pp. 227–234. IEEE (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Sadeghian, A., Zamani, M. (2017). A Comprehensive Android Evidence Acquisition Framework. In: Hassanien, A., Mostafa Fouad, M., Manaf, A., Zamani, M., Ahmad, R., Kacprzyk, J. (eds) Multimedia Forensics and Security. Intelligent Systems Reference Library, vol 115. Springer, Cham. https://doi.org/10.1007/978-3-319-44270-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-44270-9_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44268-6
Online ISBN: 978-3-319-44270-9
eBook Packages: EngineeringEngineering (R0)