Skip to main content

A Comprehensive Android Evidence Acquisition Framework

Part of the Intelligent Systems Reference Library book series (ISRL,volume 115)

Abstract

Android is the most popular operating system among all smart phones. This popularity increased the chances that, an Android phone be involved in a crime, either in possession of a criminal or in possession of a victim. There are many techniques exist which help the investigator to gather and extract evidence from the Android smart phones. Each of these techniques has some advantages, disadvantages, and limitations. Therefore the investigator should have knowledge of all available data acquisition techniques. The data that can be potential evidence presents in different part of an Android device. Therefore during the forensic acquisition process, the order of volatility should be considered. In this study we introduced a comprehensive framework for data acquisition from Android smart phones. Then we described the details of each step.

Keywords

  • Smart Phone
  • Short Message Service
  • Touch Screen
  • External Memory
  • Internal Memory

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-44270-9_15
  • Chapter length: 16 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   139.00
Price excludes VAT (USA)
  • ISBN: 978-3-319-44270-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   179.99
Price excludes VAT (USA)
Hardcover Book
USD   179.99
Price excludes VAT (USA)
Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

References

  1. Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)

    CrossRef  Google Scholar 

  2. Rivera, J., Van der Meulen, R.: Gartner says annual smartphone sales surpassed sales of feature phones for the first time in 2013. The Gartner, Egham (2014)

    Google Scholar 

  3. Eslahi, M., Var Naseri, M., Hashim, H., Tahir, N.M., Saad, E.H.M.: BYOD: Current state and security challenges. In: 2014 IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), pp. 189–192. IEEE (2014)

    Google Scholar 

  4. Misra, A., Dubey, A.: Android Security: Attacks and Defenses. CRC Press (2013)

    Google Scholar 

  5. Murphy, C.A.: Developing process for mobile device forensics (2009)

    Google Scholar 

  6. Ayers, R., Brothers, S., Jansen, W.: Guidelines on Mobile Device Forensics, vol. 800, p. 101. NIST Special Publication (2013)

    Google Scholar 

  7. Brezinski, D., Killalea, T.: Guidelines for evidence collection and archiving. Request for Comments: 3227 (2002)

    Google Scholar 

  8. Farmer, D., Venema, W.: Forensic Discovery, vol. 6. Addison-Wesley Upper Saddle River (2005)

    Google Scholar 

  9. Taylor, M., Hughes, G., Haggerty, J., Gresty, D., Almond, P.: Digital evidence from mobile telephone applications. Comput. Law Secur. Rev. 28(3), 335–339 (2012)

    CrossRef  Google Scholar 

  10. Smit, L., Stander, A., Ophoff, J.: An analysis of base station location accuracy within mobile-cellular networks. Int. J. Cyber-Secur. Digit. Forensics (IJCSDF) 1(4), 272–279 (2012)

    Google Scholar 

  11. Al-Zarouni, M.: Mobile handset forensic evidence: a challenge for law enforcement (2006)

    Google Scholar 

  12. Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. WOOT 10, 1–7 (2010)

    Google Scholar 

  13. Gutmann, P.: Data remanence in semiconductor devices. In: Proceedings of the 10th Conference on USENIX Security Symposium, vol. 10, pp. 4–4. USENIX Association (2001)

    Google Scholar 

  14. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)

    Google Scholar 

  15. Müller, T., Spreitzenbarth, M.: Frost. In: Applied Cryptography and Network Security, pp. 373–388. Springer (2013)

    Google Scholar 

  16. Cannon, T., Bradford, S.: Into the droid: gaining access to android user data. In: DefCon Hacking Conference (DefCon12), Las Vegas, Nevada, USA (2012)

    Google Scholar 

  17. Munro, K.: Android scraping: accessing personal data on mobile devices. Netw. Secur. 2014(11), 5–9 (2014)

    CrossRef  Google Scholar 

  18. Casey, E.: Handbook of Computer Crime Investigation: Forensic Tools and Technology. Academic Press (2001)

    Google Scholar 

  19. Berte, R., Dellutri, F., Grillo, A., Lentini, A., Me, G., Ottaviani, V.: A methodology for smartphones internal memory acquisition, decoding and analysis. In: Handbook of Electronic Security and Digital Forensics, p. 383 (2010)

    Google Scholar 

  20. Macht, H.: Live memory forensics on android with volatility. Friedrich-Alexander University Erlangen-Nuremberg (2013)

    Google Scholar 

  21. Sylve, J., Case, A., Marziale, L., Richard, G.G.: Acquisition and analysis of volatile memory from android devices. Digit. Invest. 8(3), 175–184 (2012)

    Google Scholar 

  22. Breeuwsma, I., et al.: Forensic imaging of embedded systems using JTAG (boundary-scan). Digit. Invest. 3(1), 32–42 (2006)

    CrossRef  Google Scholar 

  23. Sylve, J.: Android mind reading: memory acquisition and analysis with lime and volatility (2012)

    Google Scholar 

  24. Brothers, S.: How cell phone “forensic” tools actually work-cell phone tool leveling system. In: DoD Cybercrime Conference (2011)

    Google Scholar 

  25. Zhu, M.: Mobile cloud computing: implications to smartphone forensic procedures and methodologies. Ph.D. thesis. Auckland University of Technology (2011)

    Google Scholar 

  26. Hoog, A.: Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Elsevier (2011)

    Google Scholar 

  27. Breeuwsma, M., De Jongh, M., Klaver, C., Van Der Knijff, R., Roeloffs, M.: Forensic data recovery from flash memory

    Google Scholar 

  28. Casadei, F., Savoldi, A., Gubian, P.: Forensics and sim cards: an overview. Int. J. Digit. Evid. 5(1), 1–21 (2006)

    Google Scholar 

  29. Jansen, W.A., Delaitre, A.: Reference material for assessing forensic sim tools. In: 2007 41st Annual IEEE International Carnahan Conference on Security Technology, pp. 227–234. IEEE (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Amir Sadeghian .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Sadeghian, A., Zamani, M. (2017). A Comprehensive Android Evidence Acquisition Framework. In: Hassanien, A., Mostafa Fouad, M., Manaf, A., Zamani, M., Ahmad, R., Kacprzyk, J. (eds) Multimedia Forensics and Security. Intelligent Systems Reference Library, vol 115. Springer, Cham. https://doi.org/10.1007/978-3-319-44270-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44270-9_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44268-6

  • Online ISBN: 978-3-319-44270-9

  • eBook Packages: EngineeringEngineering (R0)