Android Anti-forensics: Modifying CyanogenMod

Mobile devices implementing Android operating systems inherently create opportunities to present environments that are conducive to anti-forensic activities. Previous mobile forensics research focused on applications and data hiding anti-forensics solutions. In this work, a set of modifications were developed and implemented on a CyanogenMod community distribution of the Android operating system. The execution of these solutions successfully prevented data extractions, blocked the installation of forensic tools, created extraction delays and presented false data to industry accepted forensic analysis tools without impacting normal use of the device. The research contribution is an initial empirical analysis of the viability of operating system modifications in an anti-forensics context along with providing the foundation for future research.Comment: Karlsson, K.-J. and W.B. Glisson, Android Anti-forensics: Modifying CyanogenMod in Hawaii International Conference on System Sciences (HICSS-47). 2014, IEEE Computer Society Press: Hawai

Revisión sobre la forensía digital en dispositivos móvil con sistemas operativos Android

Esta investigación está enfocada en los procedimientos, mecanismos y metodologías de análisis forense digital en dispositivos móviles, con la intención de contar con un manual o metodología para el manejo de evidencias digitales en estos dispositivos. Por otra parte, trataremos las herramientas de software libre y privativas utilizadas para el análisis forense de smartphones con sistemas operativos Android. Como resultado se detectaron métodos de antiforensía que impiden la adquisición de los artefactos en los teléfonos inteligentes. En consecuencia, identificados técnicas antiforensía como técnicas criptográficas empleadas por los cibercriminales para esconder sus huellas o evidencias

Smartphone as an Agent of Anti-forensics: A Case of Workplace Environment in Kenya

Computer anti-forensic techniques work to ensure that forensic evidence left behind after a digital crime is not easily uncovered by forensic investigators, if they are to uncover them, there will be a considerable delay. Smartphones have become a common device within an organization’s workforce where employees interact with highly confidential data that they access using their laptop computers at the workplace. This has led to the use of smartphones to commit digital crimes at the workplace.  The primary objective of this study is to find out whether the use of smartphones at workplace environment in Kenya may be exploited to advance activities that may derail forensic investigations in the event of a digital crime. We also set to establish data security risks within organization and other techniques and/or methods by which smartphones may be used to exfiltrate data. Finally, we shall analyze research areas that require further attention from researchers to enhance defense and guard against smartphones data exfiltration. To achieve these objectives, we shall implement and test an android mobile software prototype, developed using android studio to send data exfiltration attempt to a web-based user interface when an employee within an organization uploads data above a set authorized limit. We shall review existing literature to understand other techniques that may be used to exfiltrate data from organizations as well as analyze research areas that require further attention from researchers to enhance defense and guard against data exfiltration through smartphones usage. We collected a total of two thousand five hundred and eighty-four records of data exfiltration attempts from our eleven sampled population. Of these records, One thousand eight hundred and ninety-one happened in the evening hours while six hundred and seven in the afternoon hours, then finally, eighty-six records were registered in the morning hours.  In conclusion, the research study, has revealed that there exist challenges in reporting smartphone-based data exfiltration attempts while using the mobile-based software prototype.Data exfiltration attempts was observed to happen within organization’s workplace, with evening hours being the most affected by this vice with a figure of over one thousand data exfiltration attempts. We also noted that there exists, at least three categories of data security risks that organizations are exposed to when employees have their smartphones within the workplace. We recorded an additional eleven other techniques and methods by which a smartphone may be used to steal data from an organization

Taxonomy for Anti-Forensics Techniques & Countermeasures

Computer Forensic Tools are used by forensics investigators to analyze evidence from the seized devices collected at a crime scene or from a person, in such ways that the results or findings can be used in a court of law. These computer forensic tools are very important and useful as they help the law enforcement personnel to solve crimes. Computer criminals are now aware of the forensics tools used; therefore, they use countermeasure techniques to efficiently obstruct the investigation processes. By doing so, they make it difficult or almost impossible for investigators to uncover the evidence. These techniques, used against the computer forensics processes, are called Anti-forensics. This paper describes some of the many anti-forensics’ method, techniques and tools using a taxonomy. The taxonomy classified anti-forensics into different levels and different categories: WHERE, WHICH, WHAT, and HOW. The WHERE level indicates where anti-forensics can occur during an investigation. The WHICH level indicates which anti-forensics techniques exist. The WHAT level defines the exact method used for each technique. Finally, the HOW level indicates the tools used. Additionally, some countermeasures were proposed

Advances of mobile forensic procedures in Firefox OS

The advancement of smartphone technology has attracted many companies in developing mobile operating system (OS). Mozilla Corporation recently released Linux-based open source mobile OS, named Firefox OS. The emergence of Firefox OS has created new challenges, concentrations and opportunities for digital investigators. In general, Firefox OS is designed to allow smartphones to communicate directly with HTML5 applications using JavaScript and newly introduced WebAPI. However, the used of JavaScript in HTML5 applications and solely no OS restriction might lead to security issues and potential exploits. Therefore, forensic analysis for Firefox OS is urgently needed in order to investigate any criminal intentions. This paper will present an overview and methodology of mobile forensic procedures in forensically sound manner for Firefox OS

Android forensics: Automated data collection and reporting from a mobile device

As Android smartphones gain popularity, industry and government will face increasing pressure to integrate them into their environments. The implementation of these devices on an enterprise can save on costs and add capabilities previously unavailable; however, the organizations that incorporate this technology must be prepared to mitigate the associated risks. These devices can contain vast amounts of personal and work-related data that can impact internal investigations, including (but not limited to) those of policy violations, intellectual property theft, misuse, embezzlement, sabotage, and espionage. Physical access has been the traditional method for retrieving data useful to these investigations from Android devices, with the exception of some limited collection abilities in commercial mobile device management systems and remote enterprise forensics tools. As part of this thesis, a prototype enterprise monitoring system for Android smartphones was developed to continuously collect many of the data sets of interest to incident responders, security auditors, proactive security monitors, and forensic investigators. Many of the data sets covered were not found in other available enterprise monitoring tools. The prototype system neither requires root access privileges nor exploiting weaknesses in the Android architecture for proper operation, thereby increasing interoperability among Android devices and avoiding a spyware classification for the system. An anti-forensics analysis on the system was performed to identify and further strengthen areas vulnerable to tampering. The results of this research include the release of the first open-source Android enterprise monitoring solution of its kind, a comprehensive guide of data sets available for collection without elevated privileges, and the introduction of a novel design strategy implementing various Android application components useful for monitoring on the Android platform

SECURING AMERICA’S HUMANITARIAN MISSION: HOW MOBILE TECHNOLOGY CAN ENHANCE REFUGEE VETTING

The security vetting of refugees proves problematic, as refugees are often without documents to verify their identity. However, refugees are often in possession of mobile devices that could serve as a proof of identity. If the United States Refugee Admissions Program (USRAP) implemented a mobile phone vetting program, it could assist in identifying nefarious actors while expediting the security vetting process. Three policy alternatives were analyzed for a mobile phone screening program in the USRAP: (1) maintain the status quo of applicants’ mobile phones not being screened, (2) implement mandatory screening of all applicants’ mobile phones, and (3) administer a threat-based targeted approach where only the phones of applicants whose cases have fraud and/or national security indicators are screened. The alternatives were evaluated by efficiency (time and cost), risk to national security, and ethical consideration. Ultimately, a threat-based targeted approach was determined to be the best policy alternative, as it optimized efficiency, minimized risk to national security, and limited arbitrariness of mobile phone screening.Civilian, Department of Homeland SecurityApproved for public release. Distribution is unlimited

Comparative Overview of Forensic Analysis of Computers and Mobile Devices

Ovaj završni rad prikazuje značajke forenzičke analize računala i mobilnih uređaja. Također, opisane su osnove računalne tehnologije i jedna od metodologija forenzičke analize računala. Stalnim razvojem mobilnih uređaja, došlo je do pojave novih digitalnih dokaza, ali i potrebe za novom granom digitalne forenzike, mobilne forenzike. U ovom radu usporedno su prikazane mogućnosti forenzičkih alata za računala s forenzičkim alatima za mobilne uređaje, prikazane su prednosti i nedostatci jedne i druge strane. Usporedbom takvih alata, lako je izvedivo procijeniti mogućnosti pojedinog alata te utvrditi u kojim okruženjima je moguća njihova upotreba. Osim navedenih alata, postojeće su i metode antiforenzike čije mogućnosti su uspješne na jednoj razini, a to je u prikrivanju dokaza i stvaranju poteškoća tijekom provedbe forenzičke analize.In this bachelor's thesis, the beginning showed features of computer forensic analysis. The basis of computer technology is represented along with one of the methodologies for computer forensic analysis. With the emergence of mobile device, new digital evidence proved that there is a need for a new branch of forensic, mobile forensic. In this thesis, we compared the possibilities of forensic , tools for computers and mobile devices, together with their advantages and disadvantages. By comparing the tools, it is possible to evaluate the capabilities of each tool and in which environments it can be used. Apart from the tools, it is possible to see the possibilities of anti-forensics methods that are somewhat successful in concealing evidence and creating problems during implementation of forensic analysis

Comparative Overview of Forensic Analysis of Computers and Mobile Devices

Ovaj završni rad prikazuje značajke forenzičke analize računala i mobilnih uređaja. Također, opisane su osnove računalne tehnologije i jedna od metodologija forenzičke analize računala. Stalnim razvojem mobilnih uređaja, došlo je do pojave novih digitalnih dokaza, ali i potrebe za novom granom digitalne forenzike, mobilne forenzike. U ovom radu usporedno su prikazane mogućnosti forenzičkih alata za računala s forenzičkim alatima za mobilne uređaje, prikazane su prednosti i nedostatci jedne i druge strane. Usporedbom takvih alata, lako je izvedivo procijeniti mogućnosti pojedinog alata te utvrditi u kojim okruženjima je moguća njihova upotreba. Osim navedenih alata, postojeće su i metode antiforenzike čije mogućnosti su uspješne na jednoj razini, a to je u prikrivanju dokaza i stvaranju poteškoća tijekom provedbe forenzičke analize.In this bachelor's thesis, the beginning showed features of computer forensic analysis. The basis of computer technology is represented along with one of the methodologies for computer forensic analysis. With the emergence of mobile device, new digital evidence proved that there is a need for a new branch of forensic, mobile forensic. In this thesis, we compared the possibilities of forensic , tools for computers and mobile devices, together with their advantages and disadvantages. By comparing the tools, it is possible to evaluate the capabilities of each tool and in which environments it can be used. Apart from the tools, it is possible to see the possibilities of anti-forensics methods that are somewhat successful in concealing evidence and creating problems during implementation of forensic analysis