Abstract
The field of Android forensics is evolving rapidly, with older forensic techniques becoming irrelevant within a short time. In this paper, we identify the challenges faced by the investigation agencies during examination of Android devices. We classify the existing techniques into Proactive Forensics and Reactive Forensics techniques. We also identify the application based, permission based and extraction based challenges faced by existing Android forensic tools. The results of this work illustrate the drawbacks of existing Android forensic tools and identify the areas where more research is necessary to deal with the dynamic nature of the Android ecosystem.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Mahajan, A., Dahiya, M.S., Sanghvi, H.P.: Forensic analysis of instant messenger applications on Android devices. arXiv preprint arXiv:1304.4915 (2013)
Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of Android social-messaging applications. Digit. Invest. 14, 77–84 (2015). Elsevier
Karpisek, F., Baggili, I., Breitinger, F.: WhatsApp network forensics: decrypting and understanding the WhatsApp call signaling messages. Digit. Invest. 15, 110–118 (2015). Elsevier
Do, Q., Martini, B., Choo, K.-K.R.: A cloud-focused mobile forensics methodology. IEEE Cloud Comput. 2, 60–65 (2015). IEEE
Sylve, J., Case, A., Marziale, L., Richard, G.G.: Acquisition and analysis of volatile memory from android devices. Digit. Invest. 8, 175–184 (2012). Elsevier
Aouad, L.M., Kechadi, T.M.: Android forensics: a physical approach. In: Proceedings of the International Conference on Security and Management (SAM), The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp) (2012)
Grover, J.: Android forensics: automated data collection and reporting from a mobile device. Digit. Invest. 10, 12–20 (2013). Elsevier
Akarawita, I.U., Perera, A.B., Atukorale, A.: ANDROPHSY-forensic framework for Android. In: 2015 Fifteenth International Conference on Advances in ICT for Emerging Regions (ICTer). IEEE (2015)
Freiling, F., Spreitzenbarth, M., Schmitt, S.: Forensic analysis of smartphones: the Android Data Extractor Lite (ADEL). In: Proceedings of the Conference on Digital Forensics, Security and Law. Association of Digital Forensics, Security and Law (2011)
Andriotis, P., Oikonomou, G., Tryfonas, T.: Forensic analysis of wireless networking evidence of Android smartphones. In: IEEE international workshop on Information forensics and security (WIFS), pp. 109–114. IEEE (2012)
Müller, T., Spreitzenbarth, M.: FROST. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 373–388. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_23
Thing, V.L.L., Ng, K.-Y., Chang, E.-C.: Live memory forensics of mobile phones. Digit. Invest. 7, 74–82 (2010). Elsevier
Mylonas, A., Meletiadis, V., Tsoumas, B., Mitrou, L., Gritzalis, D.: Smartphone forensics: a proactive investigation scheme for evidence acquisition. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 249–260. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_21
Vidas, T., Zhang, C., Christin, N.: Toward a general collection methodology for android devices. Digit. Invest. 8, 14–24 (2011). Elsevier
Aiyyappan, P.S.: Android forensic support framework. Masters Thesis, Advisor: Prabhaker Mateti, Amrita Vishwa Vidyapeetham, Ettimadai, Tamil Nadu, India (2015). http://cecs.wright.edu/~pmateti/Students/
Rao, M.K.: Proactive forensic support for Android devices. Masters thesis, Advisor: Prabhaker Mateti, Amrita Vishwa Vidyapeetham, Ettimadai, Tamil Nadu, India (2016). http://cecs.wright.edu/~pmateti/Students/
Roy, N., Ranjan, K., Anshul, K., Aneja, L.: Android phone forensic: tools and techniques. In: International Conference on Communication and Automation, pp. 605–610. IEEE (2016)
Rao, V., Chakravarthy, A.S.N.: Survey on Android forensic tools and methodologies. Int. J. Comput. Appl. 154, 17–21 (2016). Foundation of Computer Science (FCS), New York
Hoog, A.: Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Elsevier, Amsterdam (2011)
Valin, J.-M., Maxwell, G., Terriberry, T.B., Vos, K.: High-quality, low-delay music coding in the Opus codec. arXiv preprint arXiv:1602.04845 (2016)
Mappr - Latergram Location Editor for Instagram. On the iTunes App Store
Full-Disk Encryption, Android Open Source Project. https://source.android.com/security/encryption/full-disk
File-Based Encryption, Android Open Source Project. https://source.android.com/security/encryption/file-based/
Secret Space Encryptor is a password manager, text encryption and file encryption all-in-one solution. http://www.paranoiaworks.mobi/
The Wickr instant messaging app allows users to exchange end-to-end encrypted and content-expiring messages. https://wickr.com/
FireChat is a proprietary mobile app, developed by Open Garden, which uses wireless mesh networking to enable smartphones to connect via Bluetooth, WiFi. https://www.opengarden.com/firechat.html/
The GSMK CryptoPhone 500i is an Android-based secure mobile phone with 360 mobile device security for secure messaging and voice over IP communication on any network. http://www.cryptophone.de/en/products/mobile/cp500i
Telegram is a free cloud-based instant messaging service. Telegram also provides optional end-to-end-encrypted messaging. http://telegram.org/
RIFF Box - “Best JTAG Box in this Galaxy.” http://www.riffbox.org/
HTCI Chip-Off Forensic Tools. http://forensicstore.com/product/forensic-hardware/htci-chip-off-tools/
The UP-828P Series universal programmer to acquire data from a variety of flash storage devices. http://www.teeltech.com/mobile-device-forensic-software/up-828-programmer/
UFED Touch platform is a portable digital forensics solution. http://www.cellebrite.com/Mobile-Forensics/Products/ufed-touch2/
The Volatility Foundation - Open Source Memory Forensics. http://www.volatilityfoundation.org/
Andriller performs read-only, forensically sound, non-destructive acquisition from Android devices. https://www.andriller.com/
Gartner says worldwide sales of smartphones grew 7 percent in the fourth quarter of 2016. http://www.gartner.com/newsroom/id/3609817
Andy, G.: Whatsapp just switched on end-to-end encryption for hundreds of millions of users. http://www.wired.com/2014/11/whatsapp-encrypted-messaging/
Timberg, C., Miller, G.: FBI blasts Apple, Google for locking police out of phones, The Washington Post (2014)
Platform Architecture. https://source.android.com/images/android_framework
Android Free Forensic Toolkit. https://n0where.net/android-free-forensic-toolkit/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Hazra, S., Mateti, P. (2017). Challenges in Android Forensics. In: Thampi, S., Martínez Pérez, G., Westphall, C., Hu, J., Fan, C., Gómez Mármol, F. (eds) Security in Computing and Communications. SSCC 2017. Communications in Computer and Information Science, vol 746. Springer, Singapore. https://doi.org/10.1007/978-981-10-6898-0_24
Download citation
DOI: https://doi.org/10.1007/978-981-10-6898-0_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-6897-3
Online ISBN: 978-981-10-6898-0
eBook Packages: Computer ScienceComputer Science (R0)