Forensic Analysis on Joker Family Android Malware

Date
2021-10
Authors
Guan, Yong
Cheng, Chao-Chun
Guan, Yong
Major Professor
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Copyright 2021 IEEE
Altmetrics
Authors
Guan, Yong
Person
Research Projects
Journal Issue
Series
Department
Center for Statistics and Applications in Forensic EvidenceElectrical and Computer Engineering
Abstract
Android is the most popular operating system among mobile devices and the malware targeted explicitly for Android is rapidly growing and spreading across the mobile ecosystem. In this paper, we propose a hybrid analysis of Android malware to retrieve evidential data, generated from or accessed by such mobile malware, which can be adopted as critical evidence for civil and criminal cases. We target on Android malware from Joker Family where we collected and analyzed 62 recently discovered malicious apps, we found that: 11 apps access and store user’s location information, 17 apps track user’s SMS text messages and 58 apps send out user personal information to remote servers. Our proposed approach found that, evidence data including location, timestamp, IP address are still able to be identified from the local file system and logging system. Our main contribution in this research is to provide an effective forensic analysis report on Android malware that can extract critical evidence from the local file systems as well as system logs.
Comments
The following conference proceeding was presented at 2021 17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). Posted with permission of CSAFE.
Description
Keywords
Citation
DOI
Collections