Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.1.67

Research on Efficient Live Evidence Analysis System Based on User Activity Using Android Logging System  

Hong, Il-Young (Graduate School of Information Security, Korea University)
Lee, Sang-Jin (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.1, 2012 , pp. 67-80 More about this Journal
Abstract
Recently as the number of smartphone user is growing rapidly, android is also getting more interest in digital forensic. However, there is not enough research on digital data acquisition and analysis based on android platform's unique characteristics so far. Android system stores all the related recent systemwide logs from the system components to applications in volatile memory, and therefore, the logs can potentially serve as important evidences. In this paper, we propose a digital data acquisition and analysis system for android which extracts meaningful information based on the correlation of android logs and user activities from a device at runtime. We also present an efficient search scheme to facilitate realtime analysis on site. Finally, we demonstrate how the proposed system can be used to reconstruct the sequence of user activities in a more intuitive manner, and show that the proposed search scheme can reduce overall search and analysis time approximately 10 times shorter than the normal regular search method.
Keywords
Digital Forensic; Mobile Forensic; Android; Log analysis; Volatile Memory;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 구본민, 김주영, 이태림, 신상욱, "Android & iOS 기반 스마트폰의 디지털 증거 수집 및 분석", 정보보호학회논문지, 21(1), pp. 167-175, 2011년 2월.
2 ACPO, "Good Practice Guide for Computer-Based Electronic Evidence", 2007.
3 A. Case, "Forensic Memory Analysis of Android's Dalvik Virtual Machine", Source Conference, http://www.slideshare.net/SOURCEConference/forensic-memory-analysis-of-androids-dalvik-virtual-machine, Jun. 2011.
4 A. Hoog, "Android forensics", Mobile Forensics World 2009, http://www.scribd.com/doc/64763914/MFW2009-HOOG-AndroidForensics, May 2009.
5 "Android Application Component", http://developer.android.com/guide/topics/fundamentals.html
6 "Android Logging System", http://elinux.org/Android_Logging_System
7 D. Mohindra, "Android, Incident Response and Forensics", http://www1.webng.com/dhruv/material/android_report.pdf, 2008.
8 D. Brezinski and T. Killalea, " Guidelines for Evidence Collection and Archiving", RFC 3227, Feb. 2002.
9 J. Lessard and G.C. Kessler, "Android Forensics:Simplifying Cell Phone Examinations", Small Scale Digital Device Forensics Journal, Vol. 4, No.1, ISSN#1941-6164, Sep. 2010.
10 NIJ, "Electronic Crime Scene Investigation: A Guide for the First Responders, Second Edition", pp. 26, Apr. 2008.
11 SWGDE, "Best Practices for Computer Forensics", pp. 3-4, Jul. 2006.
12 S. Maus, H. Hoofken and M. Schuba, "Forensic Analysis of Geodata in Android Smartphones", International Conference on Cybercrime, Security and Digital Forensics, http://www.schuba.fh-aachen.de/papers/11-cyberforensics.pdf, Jun. 2011.
13 T. Maguire, "IR Process & Smart Phones", The 2011 Digital Forensics and Incident Response Summit, https://files.sans.org/summit/forensics11/PDFs/IR%20%20Smart%20Phones.pdf, Jun, 2011.
14 V.L.L. Thing, Kian-Yong Ng and Ee-Chien Chang, "Live memory forensics of mobile phones", Digital Investigation 7, pp. 74-82, Aug. 2010.   DOI
15 W. Jansen and R. Ayers, "Guidelines on Cell Phone Forensics", NIST, pp. 34, 2007.
16 X. Lee, "Design and Implementation of Forensic System in Android Smart Phone", The 5th Jointed Workshop on Information Security, http://crypto.nknu.edu.tw/publications/2010JWIS_Android.pdf, Aug. 2010.