TY - GEN
T1 - Forensic analysis of android phone using Ext4 file system journal log
AU - Kim, Dohyun
AU - Park, Jungheum
AU - Lee, Keun Gi
AU - Lee, Sangjin
PY - 2012
Y1 - 2012
N2 - As announcing Android OS 2.3, Gingerbread, Google changed the existing file system, yaffs2 to ext2 and adopted it as official file system in android phone. Ext4, the most widely used file system in Linux, not only assists large, but also provides fault tolerance through journaling function by adopting JFSjournal file system. In journal log created through journaling function of ext4, every transaction occurred in file system is record. All transactions include all events (e.g., creating, deleting, and modifying). Therefore, analyzing journal log, we would know what file did android user access to; could recover deleted files as finding the information of previous status of them. Moreover, we could also analyze user actions if we make up timeline by utilizing timestamp recorded in journal log. Based on these facts, in this paper, we aim to analyze journal log area in ext4 file system; to develop the tool, JDForensic, that extracts journal log data to recover deleted data and analyze user actions. This tool will be usefully utilized in the first time digital forensic investigation of android phone.
AB - As announcing Android OS 2.3, Gingerbread, Google changed the existing file system, yaffs2 to ext2 and adopted it as official file system in android phone. Ext4, the most widely used file system in Linux, not only assists large, but also provides fault tolerance through journaling function by adopting JFSjournal file system. In journal log created through journaling function of ext4, every transaction occurred in file system is record. All transactions include all events (e.g., creating, deleting, and modifying). Therefore, analyzing journal log, we would know what file did android user access to; could recover deleted files as finding the information of previous status of them. Moreover, we could also analyze user actions if we make up timeline by utilizing timestamp recorded in journal log. Based on these facts, in this paper, we aim to analyze journal log area in ext4 file system; to develop the tool, JDForensic, that extracts journal log data to recover deleted data and analyze user actions. This tool will be usefully utilized in the first time digital forensic investigation of android phone.
KW - Analysis of user actions
KW - Android phone
KW - Data recovery
KW - Digital forensics
KW - Ext4 file system
KW - Journal log
UR - http://www.scopus.com/inward/record.url?scp=84867049200&partnerID=8YFLogxK
U2 - 10.1007/978-94-007-4516-2_44
DO - 10.1007/978-94-007-4516-2_44
M3 - Conference contribution
AN - SCOPUS:84867049200
SN - 9789400745155
T3 - Lecture Notes in Electrical Engineering
SP - 435
EP - 446
BT - Future Information Technology, Application, and Service, FutureTech 2012
T2 - 7th FTRA International Conference on Future Information Technology, FutureTech 2012
Y2 - 26 June 2012 through 28 June 2012
ER -