P. Andriotis, G. Oikonomou, T. Tryfonas

Final Draft:
© 2012 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Abstract:
This paper introduces a method for acquiring forensic-grade evidence from Android smartphones using open source tools. We investigate in particular cases where the suspect has made use of the smartphone's Wi-Fi or Bluetooth interfaces. We discuss the forensic analysis of four case studies, which revealed traces that were left in the inner structure of three mobile Android devices and also indicated security vulnerabilities. Subsequently, we propose a detailed plan for forensic examiners to follow when dealing with investigations of potential crimes committed using the wireless facilities of a suspect Android smartphone. This method can be followed to perform physical acquisition of data without using commercial tools and then to examine them safely in order to discover any activity associated with wireless communications. We evaluate our method using the Association of Chief Police Officers' (ACPO) guidelines of good practice for computer-based, electronic evidence and demonstrate that it is made up of an acceptable host of procedures for mobile forensic analysis, focused specifically on the device's Bluetooth and Wi-Fi facilities.
Reference:
P. Andriotis, G. Oikonomou, T. Tryfonas, "Forensic Analysis of Wireless Networking Evidence of Android Smartphones", in Proc. IEEE International Workshop on Information Forensics and Security (WIFS 12), Tenerife, Spain, pp. 109 - 114, 2012
Bibtex Entry:
@INPROCEEDINGS{Andriotis-2012-1-wifs,
	author = {Panagiotis Andriotis and George Oikonomou and Theo Tryfonas},
	title = {{Forensic Analysis of Wireless Networking Evidence of Android Smartphones}},
	booktitle = {Proc. IEEE International Workshop on Information Forensics and Security (WIFS 12)},
	month = {December},
	year = {2012},
	address = {Tenerife, Spain},
	doi = {10.1109/WIFS.2012.6412634},
	url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6412634},
	gsid = {15073205140195149808},
	pages = {109 - 114},
	publisher = {ieee},
	abstract = {This paper introduces a method for acquiring forensic-grade evidence from Android smartphones using open source tools. We investigate in particular cases where the suspect has made use of the smartphone's Wi-Fi or Bluetooth interfaces. We discuss the forensic analysis of four case studies, which revealed traces that were left in the inner structure of three mobile Android devices and also indicated security vulnerabilities. Subsequently, we propose a detailed plan for forensic examiners to follow when dealing with investigations of potential crimes committed using the wireless facilities of a suspect Android smartphone. This method can be followed to perform physical acquisition of data without using commercial tools and then  to examine them safely in order to discover any activity associated with wireless communications. We evaluate our method using the Association of Chief Police Officers' (ACPO) guidelines of good practice for computer-based, electronic evidence and demonstrate that it is made up of an acceptable host of procedures for mobile forensic analysis, focused specifically on the device's Bluetooth and Wi-Fi facilities.},
}

Forensic Analysis of Wireless Networking Evidence of Android Smartphones