Azfar Abdullah, Choo Kim-Kwang Raymond, Liu Lin
Information Assurance Research Group, University of South Australia, Adelaide, SA, 5001, Australia.
Department of Information Systems and Cyber Security, University of Texas at San Antonio, One UTSA Circle - San Antonio, TX 78249-0631, USA.
J Forensic Sci. 2016 Sep;61(5):1337-50. doi: 10.1111/1556-4029.13164. Epub 2016 Jul 22.
Due to the popularity of Android devices and applications (apps), Android forensics is one of the most studied topics within mobile forensics. Communication apps, such as instant messaging and Voice over IP (VoIP), are one popular app category used by mobile device users, including criminals. Therefore, a taxonomy outlining artifacts of forensic interest involving the use of Android communication apps will facilitate the timely collection and analysis of evidentiary materials from such apps. In this paper, 30 popular Android communication apps were examined, where a logical extraction of the Android phone images was collected using XRY, a widely used mobile forensic tool. Various information of forensic interest, such as contact lists and chronology of messages, was recovered. Based on the findings, a two-dimensional taxonomy of the forensic artifacts of the communication apps is proposed, with the app categories in one dimension and the classes of artifacts in the other dimension. Finally, the artifacts identified in the study of the 30 communication apps are summarized using the taxonomy. It is expected that the proposed taxonomy and the forensic findings in this paper will assist forensic investigations involving Android communication apps.
由于安卓设备和应用程序(应用)的普及,安卓取证是移动取证领域中研究最多的主题之一。通信应用,如即时通讯和互联网协议语音(VoIP),是移动设备用户(包括犯罪分子)常用的一类应用。因此,概述涉及安卓通信应用使用的具有取证价值的工件的分类法将有助于及时收集和分析来自此类应用的证据材料。在本文中,对30款流行的安卓通信应用进行了检查,使用广泛使用的移动取证工具XRY对安卓手机图像进行了逻辑提取。恢复了各种具有取证价值的信息,如联系人列表和消息时间顺序。基于这些发现,提出了通信应用取证工件的二维分类法,一个维度是应用类别,另一个维度是工件类别。最后,使用该分类法总结了在对30款通信应用的研究中识别出的工件。预计本文提出的分类法和取证结果将有助于涉及安卓通信应用的取证调查。
