Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.1.95

A Study on Mobile Forensic Data Acquisition Method Based on Manufacturer's Backup Mobile App  

Choi, Jaewon (Graduate School of Information Security, Koea University)
Kim, Seung-joo (Graduate School of Information Security, Koea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.1, 2018 , pp. 95-110 More about this Journal
Abstract
With the widespread use of smartphones, various personal information of users is being recorded on a smartphone in real time. For the purpose of preventing the loss of important personal information of users, manufacturer provides a smartphone backup applications. Recently, not only backup programs for PC but also backup mobile apps for smart phones have been provided. From the point of view acquiring forensic data, it is important not to compromise the acquisition possibilities and the integrity of the original data. Especially, in the case of Android smartphones, various studies are being carried out to acquire the data without damaging the integrity of the original data. However, there are limitations to apply the existing research methods. In this paper, we describe the process of acquiring data using the backup mobile app provided by the manufacturer without compromising the integrity of the latest smartphone.
Keywords
digital forensic; data acquisition; android; smartphone; backup app;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 G. Lee, H. Hwang, K. Kim and T. Chang, "Analysis Scheme on Backup Files of Samsung Smartphone available in Forensic," KIPS Transactions on Computer and Communication Systems, 2(8), pp. 349-356, Aug. 2013   DOI
2 J. Rongen and Z. Geradts, "Extraction and Forensic Analysis of Artifacts on Wearables," International Journal of Forensic Science and Pathology, vol. 5, no. 1, pp. 312-318, Jan. 2017
3 J. Park, H. Chung, Y. Son and S. Lee, "Design and Implementation of Analysis Techniques for Fragmented Pages in the Flash Memory Image of Smartphones," Journal of the Korea Institute of Information Security and Cryptology, 22(4), pp. 827-839, Jan. 2012
4 S. Jeon, K. Byun, J. Bang, G. Lee and S. Lee, "The Method of Recovery for Deleted Record in the Unallocated Space of SQLite Database," Journal of the Korea Institute of Information Security and Cryptology, 21(3), pp. 143-154, Jun. 2011
5 MD5sum, "Generate MD5 hashes of files," [Internet], http://www.pc-tools.net/win32/md5sums/
6 B.R. Joshi and R. Hubbard, "Forensics Analysis of Solid State Drive (SSD)," 2016 Universal Technology Management Conference (UTMC), pp. 1-12, May. 2016
7 M. Saxena and M.M. Swift, "FlashVM: Virtual Memory Management on Flash," USENIX Annual Technical Conference, Jun. 2010
8 MD-NEXT, [Internet], http://www.hancomgmd.com/product/mobile-forensic-solution/mobile-forensic-software/#md_next
9 Final Mobile Forensic, [Internet], http://www.finaldata.co.kr/mobile/
10 UFED Supported Devices, [Internet], http://lang.cellebrite.com/mobile-forensics/support/ufed-supported-devices
11 S.Y. Willassen, "Forensics and the GSM mobile telephone system," International Journal of Digital Evidence, vol. 2, no. 1, Jan. 2003
12 GSMA, "Global Mobile Trends," [Internet], https://www.gsma.com/globalmobiletrends
13 Google, "Android 7.0 Nougat," [Internet], https://developer.android.com/about/versions/nougat/index.html
14 K. Kim, D. Hong and J. Ryu, "Forensic Data Acquisition from Cell Phone using JTAG Interface," Proceedings of the 2008 International Conference on Security & Management, pp. 410-414, Jul. 2008.
15 L. Pierce and S. Tragoudas, "Multi-level secure JTAG architecture," On-Line Testing Symposium (IOLTS) IEEE 17th International, pp. 208-209, Jul. 2011.
16 E. Casey and G.J. Stellatos. "The impact of full disk encryption on digital forensics," ACM SIGOPS Operating Systems Review, vol. 42, no. 3, pp. 93-98, Apr. 2008   DOI
17 ARM, "TrustZone," [Internet], https://developer.arm.com/technologies/trustzone
18 Samsung, "Knox," [Internet], https://www.samsungknox.com/en/knox-platfo rm/knox-security
19 J.S. Dwoskin and R.B. Lee. "Hardware-rooted trust for secure key management and transient trust," CCS '17 Proceedings of the 14th ACM conference on Computer and communications security, pp. 389-400, Oct. 2007.
20 Google, "Verified Boot," [Internet], https://source.android.com/security/verifiedboot/
21 T. Vidas, C. Zhang and N. Christin. "Toward a general collection methodology for Android devices," Digital Investigation, vol. 8, pp. S14-S24, Aug. 2011   DOI
22 N. Son, Y. Lee, D. Kim, J. James, S. Lee and K. Lee, "A study of user data integrity during acquisition of Android devices," Digital Investigation, vol. 10, pp. S3-S11, Aug. 2013   DOI
23 Google, "Android Debug Bridge," [Internet], https://developer.android.com/studio/command-line/adb.html?hl=ko
24 Z. Jovanovic and D. Redd, Android forensics techniques, International Academy of Design and Technology, Bulleproof, Jan. 2012
25 Google, "Android Full Disk Encryption," [Internet], https://source.android.com/security/encryption/full-disk
26 R.E. Tulloss, "IEEE Standard Test Access Port and Boundary-Scan Architecture," IEEE 1149.1-1990, Feb. 1990
27 Riff Box, "Flasher," [Internet], http://www.riffbox.org/
28 Octupus, "Octopus Box," [Internet], https://octoplusbox.com/en/features/jtag/
29 S. Yang, J. Choi, K. Kim and T. Chang, "New acquisition method based on firmware update protocols for Android smartphones," Digital Investigation, vol. 14, no. 1, pp. S68-S76, Aug. 2015   DOI
30 E. Nikolay, "Android Backup Extractor," [Internet], https://github.com/nelenkov/android-backup-extractor
31 A. Hoog, Android forensics: investigation, analysis and mobile security for Google Android, 1st Ed., Syngress, Jun. 2011