Countless available mobile applications introduce critical challenges to digital forensics practitioners due to a lack of sufficient knowledge about the data generated by these applications and where it was stored. The outcome from this research will help digital forensics practitioners to speed up the case investigations by reducing complexity and providing completeness guarantees in searching and discovering evidences from mobile devices, thereby delivering timely investigative results and reducing backlogs at crime labs.
Statistics, Computer Science
- Completed the initial requirement analysis and prototyped a working solution (static App Analysis) that allow us to complete a small scale set of evaluations. From the experimental evaluations, we have identified several critical challenges/problems to be addressed to make the tool more effective and cover most apps.
- Completed the static app analysis tool and are working on extending it into the tool that can cover a larger set and types of apps. A limited functional dynamic analysis tool is being built. A taint tag propagation has been completed.
- Completed an initial set of evaluations and included in the tech reports.
- Prototyped a static program analysis tool that can analyze the Android apps that are not too large nor too complex, such as Yahoo Finance, Facebook Lite, MyShift, etc. We have manually evaluated our static tool using about 30,000 apps from the 110,000 apps downloaded from GooglePlay store as well as a couple of other app mirror sites.
- Working on the ART-based dynamic program analysis tool with the goal of analyzing large apps like Snapchat, Instagram, Wechat, Twitter, Facebook, etc.
Benefits of Research
CSAFE researchers have built an automated Android app analysis tool to discover type, location and format of the data the app generates and where it was stored locally on the device. Recent improvements in the tool now allow researchers to analyze popular apps such as Twitter. Researchers also plan to create a database of mobile app information. Digital forensic practitioners can use the database similar to Wikipedia to automatically search for information about the apps under investigation instead of searching for evidence manually. This new method will enable practitioners to speed up case investigations and reduce backlogs at crime labs by reducing complexity and information that is more complete.
Select Publications, Conference Papers, Presentations and/or Tools
Zhen Xu, Chen Shi, Chris Chao-Chun Cheng, Neil Gong, and Yong Guan, “A Dynamic Taint Analysis Tool for Android App Forensics”, IEEE SADFE 2018 Conference, San Francisco, CA, USA, May 24, 2018.