Android Malware Forensics: Reconstruction of Malicious Events

Author

Li, Juanru ; Gu, Dawu ; Luo, Yuhao

Author_Institution

Dept. of Comput. Sci. & Eng., Shanghai Jiao Tong Univ., Shanghai, China

fYear

2012

fDate

18-21 June 2012

Firstpage

552

Lastpage

558

Abstract

Smart mobile devices have been widely used and the contained sensitive information is endangered by malwares. The malicious events caused by malwares are crucial evidences for digital forensic analysis, and the main task of mobile forensic analysis is to reconstruct these events. However, the reconstruction heavily relies on the code analysis of the malware. The difficulties and challenges include how to quickly identify the suspicious programs, how to defeat the anti-forensics tricks of malicious code, and how to deduce the malicious behaviors according to the code. To address this issue, we propose systematic procedures of analyzing typical malware behaviors on the popular mobile operating system Android. Based on the procedures we discuss the deduction of Android malicious events. We also give a real malware forensic case as a reference.

Keywords

computer forensics; invasive software; mobile computing; operating systems (computers); Android malicious event; Android malware forensics; antiforensics trick; code analysis; digital forensic analysis; malicious code; malicious event reconstruction; mobile forensic analysis; mobile operating system Android; smart mobile device; Androids; Cryptography; Forensics; Humanoid robots; Malware; Mobile communication; Mobile handsets; Android; forensic analysis; malware; reverse engineering;

fLanguage

English

Publisher

ieee

Conference_Titel

Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on

Conference_Location

Macau

ISSN

1545-0678

Print_ISBN

978-1-4673-1423-7

Type

conf

DOI

10.1109/ICDCSW.2012.33

Filename

6258204