Android Anti-forensics: Modifying CyanogenMod

Author

Karlsson, Karl-Johan ; Glisson, William Bradley

Author_Institution

Univ. of Glasgow, Glasgow, UK

fYear

2014

fDate

6-9 Jan. 2014

Firstpage

4828

Lastpage

4837

Abstract

Mobile devices implementing Android operating systems inherently create opportunities to present environments that are conducive to anti-forensic activities. Previous mobile forensics research focused on applications and data hiding anti-forensics solutions. In this work, a set of modifications were developed and implemented on a CyanogenMod community distribution of the Android operating system. The execution of these solutions successfully prevented data extractions, blocked the installation of forensic tools, created extraction delays and presented false data to industry accepted forensic analysis tools without impacting normal use of the device. The research contribution is an initial empirical analysis of the viability of operating system modifications in an anti-forensics context along with providing the foundation for future research.

Keywords

Android (operating system); data encapsulation; digital forensics; mobile computing; mobile handsets; Android operating system modifications; CyanogenMod community distribution; CyanogenMod modification; android antiforensic activities; data extraction delays; forensic tool installation; mobile devices; Data mining; Forensics; Operating systems; Smart phones; Universal Serial Bus; Android; Anti-forensics; CyanogenMod;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences (HICSS), 2014 47th Hawaii International Conference on

Conference_Location

Waikoloa, HI

Type

conf

DOI

10.1109/HICSS.2014.593

Filename

6759195