A Forensic Approach to perform Android Device Analysis
Masanam. Sai Prasanna Lakshmi1, Pasupuleti Rajesh2
1Masanam. Sai Prasanna Lakshmi, M.Tech Student, Department of Computer Science and Engineering, Koneru Lakshmaiah Educational Foundation, Vaddeswaram, Guntur District (A.P), India.
2Dr. Pasupuleti Rajesh, Professor, Department of Computer Science and Engineering, Koneru Lakshmaiah Educational Foundation, Vaddeswaram, Guntur District (A.P), India.
Manuscript received on 21 March 2019 | Revised Manuscript received on 02 April 2019 | Manuscript Published on 18 April 2019 | PP: 5-11 | Volume-7 Issue-6S March 2019 | Retrieval Number: F02050376S19/2019©BEIESP
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Android smartphones are providing a lot of interesting shreds of evidence to perform forensic investigation. Every installed application has log files which provide some valuable information. Android device can provide potential shreds of evidence which include internal and external storage data, shared preferences, internet artifacts, user data, application data and hidden directories etc . To perform a complete forensic investigation to an android device, the tools available for mobile forensics are highly cost effective. And there are some open source tools which are having limitations i.e., we can read the data in the mobile but we can’t extract the data and to proceed for forensic investigation. The forensic investigators will rely on commercial tools which will analyze the entire device and generate the report which is used for further forensic analysis. In order to perform complete analysis of an android device, a forensic approach is proposed which completely based on a command line tool provided by android developers apart from existing commercial forensic tools in the market. This paper presents a forensic analysis using ADB (Android Debug Bridge) tool, which analyses both volatile, non-volatile and network data of an android device. In general, android stores the data in.sqlite files format. In this paper, a tool DB Browser is used for analysing the.sqlite files of an android device and for capturing the network packets to and from a device, the network tools TcpDump and Wireshark is used. The analysis results also present the logs of WhatsApp and facebook applications, which are potential evidences to identify the root cause of the crime.
Keywords: Mobile, Android, Forensics, ADB, Application, Non-Volatile, Volatile, Network, Analysis.
Scope of the Article: Process & Device Technologies