Forensic Analysis on Joker Family Android Malware
Forensic Analysis on Joker Family Android Malware
%202012-2015%20Ivan%20Malopinsky%20-%20http%3A%2F%2Fimsky.co%0A--%3E%3Cdefs%3E%3Cstyle%20type%3D%22text%2Fcss%22%3E%3C!%5BCDATA%5B%23holder_1543e460b05%20text%20%7B%20fill%3A%23AAAAAA%3Bfont-weight%3Abold%3Bfont-family%3AArial%2C%20Helvetica%2C%20Open%20Sans%2C%20sans-serif%2C%20monospace%3Bfont-size%3A10pt%20%7D%20%5D%5D%3E%3C%2Fstyle%3E%3C%2Fdefs%3E%3Cg%20id%3D%22holder_1543e460b05%22%3E%3Crect%20width%3D%2293%22%20height%3D%22120%22%20fill%3D%22%23FFFFFF%22%2F%3E%3Cg%3E%3Ctext%20x%3D%2235.6171875%22%20y%3D%2257%22%3ENo%3C%2Ftext%3E%3Ctext%20x%3D%2210.8125%22%20y%3D%2272%22%3EThumbnail%3C%2Ftext%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E)
Date
2021-10
Authors
Guan, Yong
Cheng, Chao-Chun
Guan, Yong
Cheng, Chao-Chun
Guan, Yong
Major Professor
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Copyright 2021 IEEE
Altmetrics
Authors
Guan, Yong
Person
Research Projects
Organizational Units
Center for Statistics and Applications in Forensic Evidence
Organizational Unit
Electrical and Computer Engineering
Organizational Unit
Journal Issue
Series
Department
Center for Statistics and Applications in Forensic EvidenceElectrical and Computer Engineering
Abstract
Android is the most popular operating system
among mobile devices and the malware targeted explicitly for
Android is rapidly growing and spreading across the mobile
ecosystem. In this paper, we propose a hybrid analysis of Android
malware to retrieve evidential data, generated from or accessed
by such mobile malware, which can be adopted as critical
evidence for civil and criminal cases. We target on Android
malware from Joker Family where we collected and analyzed 62
recently discovered malicious apps, we found that: 11 apps access
and store user’s location information, 17 apps track user’s SMS
text messages and 58 apps send out user personal information
to remote servers. Our proposed approach found that, evidence
data including location, timestamp, IP address are still able to be
identified from the local file system and logging system. Our main
contribution in this research is to provide an effective forensic
analysis report on Android malware that can extract critical
evidence from the local file systems as well as system logs.
Comments
The following conference proceeding was presented at 2021 17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). Posted with permission of CSAFE.