Crypto wallet apps that integrate with various block-chains allow the users to make digital currencies transaction with QR codes. According to reports from financesonline [3], there is over 68 million crypto wallet app users in 2021. As new crypto wallets and cryptocurrencies enter the market, the number of users will continue to go up in the future. As the market rapidly growing, it also raises concerns about security risks and sensitive information leakage. In this paper, we present our forensic analysis of Android cryptocurrency apps. As the popularity of cryptocurrency has increased significantly in the past few years, more and more people using mobile apps to make crypto transactions and manage their funds, the sensitive user information stored in such mobile apps has been increasingly discovered and adopted as critical evidence for civil and criminal cases. We have collected and analyzed 253 real-world Android cryptocurrency wallet apps. Our findings are surprisingly interesting: (1) 135 crypto wallet apps store user account information in a local file system which malware could potentially gain access to; (2) 67 crypto wallet apps access and store user’s location information in a local database and log files; (12) crypto wallet apps track the last used time of other application installed on the device. Our proposed approach found that, without recovering deleted files, various types of evidence data are still able to be identified from the logging system as well as files. We compare our analysis result with prior studies and find several types of evidence that were not discovered before. Our main contribution to this research is to provide an effective forensic analysis method for Android cryptocurrency wallet apps that can extract critical evidence from the local file system as well as system logs.
Forensic Analysis of Android Cryptocurrency Wallet Applications
Conference/Workshop:
Advances in Digital Forensics XIX. DigitalForensics 2023.
Advances in Digital Forensics XIX. DigitalForensics 2023.
Journal: IFIP Advances in Information and Communication Technology,
Published: 2023
Primary Author: Chen Shi
Secondary Authors: Yong Guan
Research Area: Digital
Related Resources
Forensic Analysis of Android Cloud SDKs
This presentation is from the 76th Annual Conference of the American Academy of Forensic Sciences (AAFS), Denver, Colorado, February 19-24, 2024.
The Impact of Multi-Camera Smart Phones on Source Camera Identification
An investigator has a questioned image from an unknown source and wants to determine whether it came from a camera on a person of interest’s smartphone. This scenario is referred…
Likelihood ratios for changepoints in categorical event data with applications in digital forensics
We investigate likelihood ratio models motivated by digital forensics problems involving time-stamped user-generated event data from a device or account. Of specific interest are scenarios where the data may have…
Producing Datasets: Capturing Images on Multi-Camera Smartphones for Source Camera Identification
This poster introduces the new CSAFE Multi-camera Smartphone Image Database and describes how the image were collected and reviewed.