Abstract
Ever improving technology allows smartphones to become an integral part of people’s lives. The reliance on and ubiquitous use of smartphones render these devices rich sources of data. This data becomes increasingly important when smartphones are linked to criminal or corporate investigations. To erase data and mislead digital forensic investigations, end-users can manipulate the data and change recorded events. This paper investigates the effects of manipulating smartphone data on both the Google Android and Apple iOS platforms. The deployed steps leads to the formulation of a generic process for smartphone data manipulation. To assist digital forensic professionals with the detection of such manipulated smartphone data, this paper introduces an evaluation framework for smartphone data. The framework uses key traces left behind as a result of the manipulation of smartphone data to construct techniques to detect the changed data. The outcome of this research study successfully demonstrates the manipulation of smartphone data and presents preliminary evidence that the suggested framework can assist with the detection of manipulated smartphone data.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
NetMarketShare: Operating System Market Share. https://netmarketshare.com/operating-system-market-share.aspx. Accessed 04 June 2018
Pieterse, H., Olivier, M., van Heerden, R.: Evaluating the authenticity of smartphone evidence. Advances in Digital Forensics XIII. IAICT, vol. 511, pp. 41–61. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67208-3_3
Ayers, R., Brothers, S., Jansen, W.: Guidelines on mobile device forensics (draft). NIST Special Publication 800 (2013)
Albano, P., Castiglione, A., Cattaneo, G., De Maio, G., De Santis, A.: On the construction of a false alibi on the Android OS. In: Third International Conference on Intelligent Networking and Collaborative Systems (INCoS), pp. 685–690. IEEE (2011)
Pieterse, H., Olivier, M.: Smartphones as distributed witnesses for digital forensics. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2014. IAICT, vol. 433, pp. 237–251. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44952-3_16
Kala, M., Thilagaraj, R.: A framework for digital forensics in I-devices: jailed and jail broken devices. J. Adv. Libr. Inf. Sci. 2(2), 82–93 (2013)
Tsavli, M., Efraimidis, P.S., Katos, V.: Reengineering the user: privacy concerns about personal data on smartphones. Inf. Comput. Secur. 23(4), 394–405 (2015)
Harris, R.: Arriving at an anti-forensics consensus: examining how to define and control the anti-forensics problem. Digit. Invest. 3, 44–49 (2006)
Albano, P., Castiglione, A., Cattaneo, G., De Santis, A.: A novel anti-forensics technique for the Android OS. In: International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp. 380–385. IEEE (2011)
Azedegan, S., Yu, W., Liu, H., Sistani, M., Acharya, S.: Novel anti-forensics approaches for smart phones. In: 45th Hawaii International Conference on System Sciences (HICSS), pp. 5424–5431. IEEE (2012)
D’Orazio, C., Ariffin, A., Choo, K.: iOS anti-forensics: how can we securely conceal, delete and insert data? In: 47th Hawaii International Conference o System Sciences (HICSS), pp. 4838–4847. IEEE (2014)
Karlsson, K., Glisson, W.: Android anti-forensics: modifying cyanogenMod. In: 47th Hawaii International Conference of System Sciences (HICSS), pp. 4828–4837. IEEE (2014)
Zheng, J., Tan, Y., Zhang, X., Liang, C., Zhang, C., Zheng, J.: An anti-forensics method against memory acquiring for Android devices. In: International Conference on Computational Science and Engineering (CSE) and Embedded and Ubiquitous Computing (EUC), pp. 214–218. IEEE (2017)
Verma, R., Govindaraj, J., Gupta, G.: Preserving dates and timestamps for incident handling in Android smartphones. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2014. IAICT, vol. 433, pp. 209–225. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44952-3_14
Govindaraj, J., Verma, R., Mata, R., Gupta, G.: iSecureRing: forensic ready secure iOS apps for jailbroken iPhones. In: 35th IEEE Symposium on Security and Privacy (2014)
Pieterse, H., Olivier, M., van Heerden, R.: Playing hide-and-seek: detecting the manipulation of Android timestamps. In: Information Security for South Africa, pp. 1–8. IEEE (2015)
Lessard, J., Kessler, G.: Android forensics: Simplifying cell phone examinations. Small Scale Digit. Dev. Forensics J. 4(1), 1–12 (2010)
Android: Platform architecture. http://developer.android.com/guide/platform/. Accessed 04 Oct 2017
Zimmermann, C., Spreitzenbarth, M., Schmitt, S., Freiling F.C.: Forensic analysis of YAFFS2. In: Sicherheit, pp. 59–69 (2012)
Kim, H.-J., Kim, J.-S.: Tuning the EXT4 filesystem performance for Android-based smartphones. In: Sambath, S., Zhu, E. (eds.) Frontiers in Computer Education, vol. 133, pp. 745–752. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-27552-4_98
Tamma, R., Tindall, D.: Learning Android Forensics. Packt Publishing Ltd., Birmingham/Mumbai (2015)
Tracy, K.: Mobile application development experiences on Apple’s iOS and Android OS. IEEE Potentials 31(4), 30–34 (2012)
Apple: iOS technology overview. http://developer.apple.com/library/content/documentation/Miscellaneous/Conceptual/iPhoneOSTechOverviewIntroduction/Introduction.html. Accessed 05 Oct 2017
Kanoi, M., Jdiet, Y.: Internal structure of iOS and building tools for iOS apps. Int. J. Comput. Sci. Appl. 6(2), 220–225 (2013)
Tamura, E., Giampaolo, D.: Introducing Apple file system. Technical report. Apple, Inc. (2016)
Epifani, M., Stirparo, P.: Learning iOS Forensics. Packt Publishing Ltd., Birmingham/Mumbai (2016)
Zdziarski, J.: iPhone Forensics: Recovering Evidence, Personal Data and Corporate Assets, 1st edn. O’Reilly Media Inc., Sebastopol (2008)
Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: detecting privacy leaks in iOS applications. In: NDSS, pp. 177–183 (2011)
Jeon, S., Bang, J., Byun, K., Lee, S.: A recovery method of deleted record for SQLite database. Pers. Ubiquit. Comput. 16(6), 707–715 (2012)
SQLite: About SQLite. https://www.sqlite.org/about.html. Accessed 24 Apr 2018
Patodi, P.: Database recovery mechanism for Android devices. Ph.D. thesis. Indian Institute of Technology, Bombay (2012)
SQLite: Database file format. https://www.sqlite.org/fileformat.html. Accessed 24 Apr 2018
SQLite: Write-ahead logging. https://www.sqlite.org/wal.html. Accessed 24 Apr 2018
SQLite: Command line shell for SQLite. https://www.sqlite.org/cli.html. Accessed 25 Apr 2018
Android Studio: Android debug bridge (ADB). http://developer.android.com/studio/command-line/adb.html. Accessed 13 Jan 2018
Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Pieterse, H., Olivier, M., van Heerden, R. (2019). Detecting Manipulated Smartphone Data on Android and iOS Devices. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information Security. ISSA 2018. Communications in Computer and Information Science, vol 973. Springer, Cham. https://doi.org/10.1007/978-3-030-11407-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-11407-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11406-0
Online ISBN: 978-3-030-11407-7
eBook Packages: Computer ScienceComputer Science (R0)