This project aims at developing a set of automated Android Malware vetting tools to discover all the malicious behaviors of Android Malwares in the forms of files in the local storage, SQLite database, or data sent to remote 3-party server(s). to establish a dictionary-like Android malware database that includes malware themselves (malicious code and variant) with all the detected IP addresses, URLs and malicious behaviors as well as other types of evidence data(e.g., the list of permissions required).
A Forensic Analysis of Joker-Enabled Android Malware Apps

Conference/Workshop:
American Association of Forensic Sciences (AAFS)
American Association of Forensic Sciences (AAFS)
Published: 2021
Primary Author: Chen Shi
Secondary Authors: Chris Cheng, Yong Guan
Type: Presentation Slides
Research Area: Digital
Related Resources
LibDroid: Summarizing information flow of Android Native Libraries via Static Analysis
With advancements in technology, people are taking advantage of mobile devices to access e-mails, search the web, and video chat. Therefore, extracting evidence from mobile phones is an important component…
Evaluating Reference Sets for Score-Based Likelihood Ratios for Camera Device Identification
An investigator wants to know if an illicit image captured by an unknown camera was taken by a person of interest’s (POI’s) phone. Score-based likelihood ratios (SLRs) have been used…
Likelihood Ratios for Categorical Evidence with Applications to Digital Forensics
In forensic investigations, the goal of evidence evaluation is often to address source-/identity-based questions in which the evidence consists of two sets of observations: one from an unknown source tied…
Automatic Detection of Android Steganography Apps via Symbolic Execution and Tree Matching
The recent focus of cyber security on automated detection of malware for Android apps has omitted the study of some apps used for “legitimate” purposes, such as steganography apps. Mobile…