Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(2.66MB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
A Comparison Study of Android Mobile Forensics for Retrieving Files System
Aiman AL-Sabaawi, Ernest Foo
Pages - 148 - 166     |    Revised - 31-07-2019     |    Published - 31-08-2019
Volume - 13   Issue - 4    |    Publication Date - August 2019  Table of Contents
MORE INFORMATION
KEYWORDS
Mobile Forensics, Android Forensics, Digital Forensics, Mobile Security.
ABSTRACT
A comparison study of the Android forensic field in terms of Android forensic process for acquiring and analysing an Android disk image is presented. The challenges of Android forensics, including the complexity of the Android application, different procedures and tools for obtaining data, difficulties with hardware set up, using expensive commercial tools for acquiring logical data that fail to retrieve physical data acquisition are described in this paper. To solve these challenges and achieve high accuracy and integrity in Android forensic processes, a new open source technique is investigated. Manual, Logical and physical acquisition techniques are used to acquire data from an Android mobile device (Samsung Android 4.2.2). The mobile phone is identified by taking photos of the device and its individual components, including the memory expansion card, and labelling them with identifying information. Following the manual acquisition, logical acquisition is conducted using the AFLogical application in the ViaExtract tool (by Now secure) installed on a Santoku Linux Virtual Machine. The image file is then created using the AccessData FTK imager tool for physical acquisition. Four tools are utilized to analyse recovered data: one using ViaExtract on a Santoku Linux Virtual Machine, two using the AccessData FTK Imager, and one using file carving in Autopsy on a Kali Linux Virtual Machine. The results of the analysis demonstrate that the technique can retrieve Contacts, photos, Videos, Call Logs, and SMSs. Also, the EaseUS Data Recovery Wizard Free tool is used for the recovery of files from the LOST.DIRon external memory.
1 Google Scholar 
2 refSeek 
3 BibSonomy 
4 ResearchGate 
5 Doc Player 
6 Scribd 
7 SlideShare 
1 L. Xiaodong, C. Ting, Z. Tong, Y. Kun and F. Wei. "Automated forensic of mobile applications on android devices." Digital Investigation, vol. 26, pp. S59-S66, 2018.
2 A.A.-R.F. Al-Sabaawi and E. Foo. "Android mobile forensics for files system," presented at the International Conference on Cybercrime and Computer Forensics, Gold Coast, Australia, 2017.
3 N. Mace, S. Perica, C. Du_san, F. Igor and B. Mitko. "Android forensic and anti-forensic techniques: a survey," in The Eighth International Conference on Business Information Security, (BISEC2016), 2016.
4 L. Vogel. "Getting started with android development - tutorial." Internet: www.vogella.com/tutorials/Android/article.html, 2009.
5 F. Kausar. "New research directions in the area of smart phone forensicanalysis." International Journal of Computer Networks & Communications, vol. 6, pp. 99, 2014.
6 A. Gunnar, D.G. Olav and S. Axelsson. "Forensics acquisition analysis and circumvention of samsung secure boot enforced common criteria mode," in Digital Investigation 24, 2018, pp. S60-S67.
7 A.A.M. Alamin and A.B.A. Mustafa. "A Survey on Mobile Forensic for Android Smartphones." IOSR Journal of Computer Engineering (IOSR-JCE), 17(2), pp. 15-19, 2015.
8 R. Venkateswara and C. ASN. "Survey on android forensic tools and methodologies." International Journal of Computer Applications, vol. 154, pp. 17-21, 2016.
9 R. Ayers. "Mobile device forensics," in NIST Mobile Forensics Workshopand Webcast, 2014.
10 C.A. Murphy. "Developing process for mobile device forensics". Accessed on, 11, 2009.
11 F. Peijun, L. Qingbao, Z. Ping and C. Zhifeng. "Logical acquisition method based on data migration for android mobile devices," in Digital Investigation, 2018.
12 L. Xue, C. Qian, H. Zhou, X. Luo, Y. Zhou, Y. Shao and A.T. Chan. "NDroid: Toward tracking information flows across multiple Android contexts." IEEE Transactions on Information Forensics and Security, 14(3), pp. 814-828, 2018.
13 S. Bommisetty, R. Tamma and H. Mahalik. "Practical mobile forensics." Packt Publishing Ltd, 2014.
14 L. Rocha. "Computer forensics and investigation methodology - 8 steps." Internet: www.countuponsecurity.com/2014/08/06/computer-forensics-and-investigation-methodology-8-steps, 2014.
15 Developers. "Get the Google USB Driver." Internet: www.developer.android.com/425 studio/run/winusb.html, 2016.
16 S. Tahiri. "Android Forensic Logical Acquisition." Internet: www.resources.infosecinstitute.com/android-forensic-logical-acquisition, 2016.
17 Santoku. "How to use aogical ose for logical forensics of an android device." Internet: www.santoku-linux.com/howto/howto-use-aflogical-ose-logical-forensics-android/, 2016.
18 H. Srivastava and S. Tapaswi. "Logical acquisition and analysis of data from android mobile devices." Information & Computer Security. 23(5), pp. 450-475, 2015.
19 Sunphinx. "Mobile Device Forensics. Retrieved from Sunphinx Mobilite & Ceber Securite." Internet: www.sunphinx.com/en/mobile-device-forensics.html, 2016.
20 C. Tassone, B. Martini, K. Raymon and J. Slay. "Mobile device forensics: A snapshot." Trends and Issues in Crime and Criminal Justice, (460), pp. 1-7, 2013.
21 K.A. Al-Dulaimi and A.A.R. Al-Saba'awi. "Handprint Recognition Technique Based in Image Segmentation for Recognize." International Journal of Computer Information Systems, 2(6), pp. 7-12, 2011.
Mr. Aiman AL-Sabaawi
School of Electrical Engineering and Computer Science, Queensland University of Technology, Brisbane - Australia
a.alsabaawi@student.qut.edu.au
Dr. Ernest Foo
School of Information and Communication Technology, Griffith University Brisbane - Australia