Skip to content

Forensic Analysis on Joker Family Android Malware

Conference/Workshop:
17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
Published: 2021
Primary Author: Chen Shi
Secondary Authors: Chris Chao-Chun, Yong Guan
Research Area: Digital

Android is the most popular operating system among mobile devices and the malware targeted explicitly for Android is rapidly growing and spreading across the mobile ecosystem. In this paper, we propose a hybrid analysis of Android malware to retrieve evidential data, generated from or accessed by such mobile malware, which can be adopted as critical evidence for civil and criminal cases. We target on Android malware from Joker Family where we collected and analyzed 62 recently discovered malicious apps, we found that: 11 apps access and store user’s location information, 17 apps track user’s SMS text messages and 58 apps send out user personal information to remote servers. Our proposed approach found that, evidence data including location, timestamp, IP address are still able to be identified from the local file system and logging system. Our main contribution in this research is to provide an effective forensic analysis report on Android malware that can extract critical evidence from the local file systems as well as system logs.

Related Resources

Forensic Analysis of Android Cloud SDKs

Forensic Analysis of Android Cloud SDKs

This presentation is from the 76th Annual Conference of the American Academy of Forensic Sciences (AAFS), Denver, Colorado, February 19-24, 2024.
The Impact of Multi-Camera Smart Phones on Source Camera Identification

The Impact of Multi-Camera Smart Phones on Source Camera Identification

An investigator has a questioned image from an unknown source and wants to determine whether it came from a camera on a person of interest’s smartphone. This scenario is referred…
Likelihood ratios for changepoints in categorical event data with applications in digital forensics

Likelihood ratios for changepoints in categorical event data with applications in digital forensics

We investigate likelihood ratio models motivated by digital forensics problems involving time-stamped user-generated event data from a device or account. Of specific interest are scenarios where the data may have…
Producing Datasets: Capturing Images on Multi-Camera Smartphones for Source Camera Identification

Producing Datasets: Capturing Images on Multi-Camera Smartphones for Source Camera Identification

This poster introduces the new CSAFE Multi-camera Smartphone Image Database and describes how the image were collected and reviewed.