EviHunter: Identifying digital forensic artifacts in android devices via static and dynamic program analysis

Thumbnail Image
File
Cheng_iastate_0097E_18858.pdf (2.33 MB)
Date
2020-12
Authors
Cheng, Chao-Chun
Major Professor
Advisor
Guan, Yong
Gong, Neil Zhenqiang
Jacobson, Doug
Qiao, Daji
Newman, Jennifer
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Along with the popularity of smartphones, more and more mobile apps are released and updated yearly. In contrast, the digital forensic analysis on Android apps moves slowly due to the existing outdated solutions. The reason is the primary involvement of the manual work when forensic practitioners are identifying and extracting the digital evidence from the suspect's devices. Because the different app has distinct patterns to archive user's or device's information, existing studies can provide limited support due to the massive number of real-world apps in the market. Additionally, the situation becomes more complicated when there are thousands of new apps published and versions updated quarterly. We, therefore, aim to build a database that provides an automated solution to identify and extract the digital evidence from the mobile device. This dissertation, as the first step exploring the aforementioned automated solution, elaborates our ideas and implementations under two important storage mediums: Android file system and logging system. To analyze the large-scale real-world apps, we extend the static program analysis techniques to tackle down the challenge. The evaluation results demonstrate that our proposed approach can improve the experience of forensic practitioners by proving useful locations and types of digital evidence. Furthermore, we study the stability and reliability of a prior automated solution's dependency, the Android app fuzzing tools. Our evaluation shows that the existing Android app fuzzing tools have explicit programming patterns in the runtime and can result in incomplete outputs when being integrated with the prior automated solution.
Series Number
Journal Issue
Is Version Of
Versions
Series
Academic or Administrative Unit
Type
dissertation
Comments
Rights Statement
Copyright
Funding
Subject Categories
Computer engineering
Keywords
Android app analysis, anti-fuzzing, mobile forensics, program analysis
DOI
Permanent Link
https://dr.lib.iastate.edu/handle/20.500.12876/Nr1VkeRz
Supplemental Resources
Source
Collections
Theses and Dissertations