This project aims at developing a set of automated Android Malware vetting tools to discover all the malicious behaviors of Android Malwares in the forms of files in the local storage, SQLite database, or data sent to remote 3-party server(s). to establish a dictionary-like Android malware database that includes malware themselves (malicious code and variant) with all the detected IP addresses, URLs and malicious behaviors as well as other types of evidence data(e.g., the list of permissions required).
A Forensic Analysis of Joker-Enabled Android Malware Apps

Conference/Workshop:
American Association of Forensic Sciences (AAFS)
American Association of Forensic Sciences (AAFS)
Published: 2021
Primary Author: Chen Shi
Secondary Authors: Chris Cheng, Yong Guan
Type: Presentation Slides
Research Area: Digital
Related Resources
A Response to the Threat of Stegware
Stegware refers to software, programs or apps that allow insertion of malware into a digital file, such as an image or video, using steganography techniques. Although it has been in…
LogExtractor: Extracting Digital Evidence from Android Log Messages via String and Taint Analysis
Mobile devices are increasingly involved in crimes. Therefore, digital evidence on mobile devices plays a more and more important role in crime investigations. Existing studies have designed tools to identify and/or…
Forensic Analysis on Joker Family Android Malware
Android is the most popular operating system among mobile devices and the malware targeted explicitly for Android is rapidly growing and spreading across the mobile ecosystem. In this paper, we…
Source-Anchored, Trace-Anchored, and General Match Score-Based Likelihood Ratios for Camera Device Identification
Forensic camera device identification addresses the scenario, where an investigator has two pieces of evidence: a digital image from an unknown camera involved in a crime, such as child pornography,…