Forensic Analysis of Android Cryptocurrency Wallet Applications

Thumbnail Image
2023-Shi-ForensicAnalysisManuscript.pdf (1.21 MB)

File Embargoed Until: (2024-10-19)
Shi, Chen
Guan, Yong
Major Professor
Committee Member
Journal Title
Journal ISSN
Volume Title
Springer Nature Switzerland AG 2023
Research Projects
Organizational Units
Organizational Unit
Electrical and Computer Engineering

The Department of Electrical and Computer Engineering (ECpE) contains two focuses. The focus on Electrical Engineering teaches students in the fields of control systems, electromagnetics and non-destructive evaluation, microelectronics, electric power & energy systems, and the like. The Computer Engineering focus teaches in the fields of software systems, embedded systems, networking, information security, computer architecture, etc.

The Department of Electrical Engineering was formed in 1909 from the division of the Department of Physics and Electrical Engineering. In 1985 its name changed to Department of Electrical Engineering and Computer Engineering. In 1995 it became the Department of Electrical and Computer Engineering.

Dates of Existence

Historical Names

  • Department of Electrical Engineering (1909-1985)
  • Department of Electrical Engineering and Computer Engineering (1985-1995)

Related Units

Organizational Unit
Center for Statistics and Applications in Forensic Evidence
The Center for Statistics and Applications in Forensic Evidence (CSAFE) carries out research on the scientific foundations of forensic methods, develops novel statistical methods and transfers knowledge and technological innovations to the forensic science community. We collaborate with more than 80 researchers and across six universities to drive solutions to support our forensic community partners with accessible tools, open-source databases and educational opportunities.
Journal Issue
Is Version Of
Crypto wallet apps that integrate with various block-chains allow the users to make digital currencies transaction with QR codes. According to reports from financesonline [3], there is over 68 million crypto wallet app users in 2021. As new crypto wallets and cryptocurrencies enter the market, the number of users will continue to go up in the future. As the market rapidly growing, it also raises concerns about security risks and sensitive information leakage. In this paper, we present our forensic analysis of Android cryptocurrency apps. As the popularity of cryptocurrency has increased significantly in the past few years, more and more people using mobile apps to make crypto transactions and manage their funds, the sensitive user information stored in such mobile apps has been increasingly discovered and adopted as critical evidence for civil and criminal cases. We have collected and analyzed 253 real-world Android cryptocurrency wallet apps. Our findings are surprisingly interesting: (1) 135 crypto wallet apps store user account information in a local file system which malware could potentially gain access to; (2) 67 crypto wallet apps access and store user’s location information in a local database and log files; (12) crypto wallet apps track the last used time of other application installed on the device. Our proposed approach found that, without recovering deleted files, various types of evidence data are still able to be identified from the logging system as well as files. We compare our analysis result with prior studies and find several types of evidence that were not discovered before. Our main contribution to this research is to provide an effective forensic analysis method for Android cryptocurrency wallet apps that can extract critical evidence from the local file system as well as system logs.
This is a manuscript of a proceeding published as Shi, C., Guan, Y. (2023). Forensic Analysis of Android Cryptocurrency Wallet Applications. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIX. DigitalForensics 2023. IFIP Advances in Information and Communication Technology, vol 687. Springer, Cham. © 2023 IFIP International Federation for Information Processing. Posted with permission of CSAFE.