Home   >   CSC-OpenAccess Library   >    Manuscript Information
A Comparison Study of Android Mobile Forensics for Retrieving Files System
Aiman AL-Sabaawi, Ernest Foo
Pages - 148 - 166     |    Revised - 31-07-2019     |    Published - 31-08-2019
Volume - 13   Issue - 4    |    Publication Date - August 2019  Table of Contents
Mobile Forensics, Android Forensics, Digital Forensics, Mobile Security.
A comparison study of the Android forensic field in terms of Android forensic process for acquiring and analysing an Android disk image is presented. The challenges of Android forensics, including the complexity of the Android application, different procedures and tools for obtaining data, difficulties with hardware set up, using expensive commercial tools for acquiring logical data that fail to retrieve physical data acquisition are described in this paper. To solve these challenges and achieve high accuracy and integrity in Android forensic processes, a new open source technique is investigated. Manual, Logical and physical acquisition techniques are used to acquire data from an Android mobile device (Samsung Android 4.2.2). The mobile phone is identified by taking photos of the device and its individual components, including the memory expansion card, and labelling them with identifying information. Following the manual acquisition, logical acquisition is conducted using the AFLogical application in the ViaExtract tool (by Now secure) installed on a Santoku Linux Virtual Machine. The image file is then created using the AccessData FTK imager tool for physical acquisition. Four tools are utilized to analyse recovered data: one using ViaExtract on a Santoku Linux Virtual Machine, two using the AccessData FTK Imager, and one using file carving in Autopsy on a Kali Linux Virtual Machine. The results of the analysis demonstrate that the technique can retrieve Contacts, photos, Videos, Call Logs, and SMSs. Also, the EaseUS Data Recovery Wizard Free tool is used for the recovery of files from the LOST.DIRon external memory.
1 Google Scholar 
2 refSeek 
3 BibSonomy 
4 ResearchGate 
5 Doc Player 
6 Scribd 
7 SlideShare 
A. Gunnar, D.G. Olav and S. Axelsson. "Forensics acquisition analysis and circumvention of samsung secure boot enforced common criteria mode," in Digital Investigation 24, 2018, pp. S60-S67.
A.A.-R.F. Al-Sabaawi and E. Foo. "Android mobile forensics for files system," presented at the International Conference on Cybercrime and Computer Forensics, Gold Coast, Australia, 2017.
A.A.M. Alamin and A.B.A. Mustafa. "A Survey on Mobile Forensic for Android Smartphones." IOSR Journal of Computer Engineering (IOSR-JCE), 17(2), pp. 15-19, 2015.
C. Tassone, B. Martini, K. Raymon and J. Slay. "Mobile device forensics: A snapshot." Trends and Issues in Crime and Criminal Justice, (460), pp. 1-7, 2013.
C.A. Murphy. "Developing process for mobile device forensics". Accessed on, 11, 2009.
Developers. "Get the Google USB Driver." Internet: www.developer.android.com/425 studio/run/winusb.html, 2016.
F. Kausar. "New research directions in the area of smart phone forensicanalysis." International Journal of Computer Networks & Communications, vol. 6, pp. 99, 2014.
F. Peijun, L. Qingbao, Z. Ping and C. Zhifeng. "Logical acquisition method based on data migration for android mobile devices," in Digital Investigation, 2018.
H. Srivastava and S. Tapaswi. "Logical acquisition and analysis of data from android mobile devices." Information & Computer Security. 23(5), pp. 450-475, 2015.
K.A. Al-Dulaimi and A.A.R. Al-Saba'awi. "Handprint Recognition Technique Based in Image Segmentation for Recognize." International Journal of Computer Information Systems, 2(6), pp. 7-12, 2011.
L. Rocha. "Computer forensics and investigation methodology - 8 steps." Internet: www.countuponsecurity.com/2014/08/06/computer-forensics-and-investigation-methodology-8-steps, 2014.
L. Vogel. "Getting started with android development - tutorial." Internet: www.vogella.com/tutorials/Android/article.html, 2009.
L. Xiaodong, C. Ting, Z. Tong, Y. Kun and F. Wei. "Automated forensic of mobile applications on android devices." Digital Investigation, vol. 26, pp. S59-S66, 2018.
L. Xue, C. Qian, H. Zhou, X. Luo, Y. Zhou, Y. Shao and A.T. Chan. "NDroid: Toward tracking information flows across multiple Android contexts." IEEE Transactions on Information Forensics and Security, 14(3), pp. 814-828, 2018.
N. Mace, S. Perica, C. Du_san, F. Igor and B. Mitko. "Android forensic and anti-forensic techniques: a survey," in The Eighth International Conference on Business Information Security, (BISEC2016), 2016.
R. Ayers. "Mobile device forensics," in NIST Mobile Forensics Workshopand Webcast, 2014.
R. Venkateswara and C. ASN. "Survey on android forensic tools and methodologies." International Journal of Computer Applications, vol. 154, pp. 17-21, 2016.
S. Bommisetty, R. Tamma and H. Mahalik. "Practical mobile forensics." Packt Publishing Ltd, 2014.
S. Tahiri. "Android Forensic Logical Acquisition." Internet: www.resources.infosecinstitute.com/android-forensic-logical-acquisition, 2016.
Santoku. "How to use aogical ose for logical forensics of an android device." Internet: www.santoku-linux.com/howto/howto-use-aflogical-ose-logical-forensics-android/, 2016.
Sunphinx. "Mobile Device Forensics. Retrieved from Sunphinx Mobilite & Ceber Securite." Internet: www.sunphinx.com/en/mobile-device-forensics.html, 2016.
Mr. Aiman AL-Sabaawi
School of Electrical Engineering and Computer Science, Queensland University of Technology, Brisbane - Australia
Dr. Ernest Foo
School of Information and Communication Technology, Griffith University Brisbane - Australia