A study of user data integrity during acquisition of Android devices

Namheun Son; Yunho Lee; Dohyun Kim; Joshua I. James; Sangjin Lee; Kyung Ho Lee

doi:10.1016/j.diin.2013.06.001

A study of user data integrity during acquisition of Android devices

Namheun Son, Yunho Lee, Dohyun Kim, Joshua I. James, Sangjin Lee, Kyung Ho Lee

Research output: Contribution to conference › Paper › peer-review

30 Citations (Scopus)

Abstract

At the time of this writing, Android devices are widely used, and many studies considering methods of forensic acquisition of data from Android devices have been conducted. Similarly, a diverse collection of smartphone forensic tools has also been introduced. However, studies conducted thus far do not normally guarantee data integrity required for digital forensic investigations. Therefore, this work uses a previously proposed method of Android device acquisition utilizing 'Recovery Mode'. This work evaluates Android Recovery Mode variables that potentially compromise data integrity at the time of data acquisition. Based on the conducted analysis, an Android data acquisition tool that ensures the integrity of acquired data is developed, which is demonstrated in a case study to test tool's ability to preserve data integrity.

Original language	English
Pages	S3-S11
DOIs	https://doi.org/10.1016/j.diin.2013.06.001 https://doi.org/10.1016/j.diin.2013.06.001
Publication status	Published - 2013 Aug 1
Event	2013 Digital Forensic Research Conference, DFRWS 2013 USA - Monterey, United States Duration: 2013 Aug 4 → 2013 Aug 7

Conference

Conference	2013 Digital Forensic Research Conference, DFRWS 2013 USA
Country/Territory	United States
City	Monterey
Period	13/8/4 → 13/8/7

Keywords

Android forensics
Android Recovery Mode
Data acquisition
Data integrity
Digital forensic investigation
JTAG

ASJC Scopus subject areas

Information Systems

Access to Document

Cite this

@conference{9eb3a8bd96114cbfb1001e63f120dee6,

title = "A study of user data integrity during acquisition of Android devices",

abstract = "At the time of this writing, Android devices are widely used, and many studies considering methods of forensic acquisition of data from Android devices have been conducted. Similarly, a diverse collection of smartphone forensic tools has also been introduced. However, studies conducted thus far do not normally guarantee data integrity required for digital forensic investigations. Therefore, this work uses a previously proposed method of Android device acquisition utilizing 'Recovery Mode'. This work evaluates Android Recovery Mode variables that potentially compromise data integrity at the time of data acquisition. Based on the conducted analysis, an Android data acquisition tool that ensures the integrity of acquired data is developed, which is demonstrated in a case study to test tool's ability to preserve data integrity.",

keywords = "Android forensics, Android Recovery Mode, Data acquisition, Data integrity, Digital forensic investigation, JTAG",

author = "Namheun Son and Yunho Lee and Dohyun Kim and James, {Joshua I.} and Sangjin Lee and Lee, {Kyung Ho}",

year = "2013",

month = aug,

day = "1",

doi = "10.1016/j.diin.2013.06.001",

language = "English",

pages = "S3--S11",

note = "2013 Digital Forensic Research Conference, DFRWS 2013 USA ; Conference date: 04-08-2013 Through 07-08-2013",

}

TY - CONF

T1 - A study of user data integrity during acquisition of Android devices

AU - Son, Namheun

AU - Lee, Yunho

AU - Kim, Dohyun

AU - James, Joshua I.

AU - Lee, Sangjin

AU - Lee, Kyung Ho

PY - 2013/8/1

Y1 - 2013/8/1

N2 - At the time of this writing, Android devices are widely used, and many studies considering methods of forensic acquisition of data from Android devices have been conducted. Similarly, a diverse collection of smartphone forensic tools has also been introduced. However, studies conducted thus far do not normally guarantee data integrity required for digital forensic investigations. Therefore, this work uses a previously proposed method of Android device acquisition utilizing 'Recovery Mode'. This work evaluates Android Recovery Mode variables that potentially compromise data integrity at the time of data acquisition. Based on the conducted analysis, an Android data acquisition tool that ensures the integrity of acquired data is developed, which is demonstrated in a case study to test tool's ability to preserve data integrity.

AB - At the time of this writing, Android devices are widely used, and many studies considering methods of forensic acquisition of data from Android devices have been conducted. Similarly, a diverse collection of smartphone forensic tools has also been introduced. However, studies conducted thus far do not normally guarantee data integrity required for digital forensic investigations. Therefore, this work uses a previously proposed method of Android device acquisition utilizing 'Recovery Mode'. This work evaluates Android Recovery Mode variables that potentially compromise data integrity at the time of data acquisition. Based on the conducted analysis, an Android data acquisition tool that ensures the integrity of acquired data is developed, which is demonstrated in a case study to test tool's ability to preserve data integrity.

KW - Android forensics

KW - Android Recovery Mode

KW - Data acquisition

KW - Data integrity

KW - Digital forensic investigation

KW - JTAG

UR - http://www.scopus.com/inward/record.url?scp=85068695239&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85068695239&partnerID=8YFLogxK

U2 - 10.1016/j.diin.2013.06.001

DO - 10.1016/j.diin.2013.06.001

M3 - Paper

AN - SCOPUS:84881296322

SP - S3-S11

T2 - 2013 Digital Forensic Research Conference, DFRWS 2013 USA

Y2 - 4 August 2013 through 7 August 2013

ER -

A study of user data integrity during acquisition of Android devices

Abstract

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this