Abstract
The “bring your own device” (BYOD) policy is rapidly being adopted by enterprises around the world. Enterprises save time and money when they allow employees to bring their own electronic devices to the workplace; employees find it convenient and efficient to use a single device for professional and personal use. However, securing the personal and professional data in the devices is a huge challenge for employers and employees. Dates and timestamps constitute important evidence when devices have been compromised or used for illegal activities. This paper focuses on the malicious tampering of dates and timestamps in Android smartphones. The proposed reactive approach gathers kernel-generated timestamps of events and stores them in a secure location outside an Android smartphone. In the case of a security incident, the stored timestamps can assist in an offline digital forensic investigation. To our knowledge, this is the first attempt to preserve authentic Android event timestamps in order to detect potential malicious actions, including anti-forensic measures.
Chapter PDF
Similar content being viewed by others
References
P. Albano, A. Castiglione, G. Cattaneo and A. De Santis, A novel anti-forensics technique for the Android OS, Proceedings of the International Conference on Broadband and Wireless Computing, Communications and Applications, pp. 380–385, 2011.
M. Ansari, A. Chattopadhayay and S. Das, A kernel level VFS logger for building efficient filesystem intrusion detection systems, Proceedings of the Second International Conference on Computer and Network Technology, pp. 273–279, 2010.
S. Azadegan, W. Yu, H. Liu, M. Sistani and S. Acharya, Novel anti-forensics approaches for smartphones, Proceedings of the Forty-Fifth Hawaii International Conference on System Science, pp. 5424–5431, 2012.
M. Barik, G. Gupta, S. Sinha, A. Mishra and C. Mazumdar, An efficient technique for enhancing the forensic capabilities of the Ext2 filesystem, Digital Investigation, vol. 4(S), pp. S55–S61, 2007.
M. Becher, F. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck and C. Wolf, Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices, Proceedings of the IEEE Symposium on Security and Privacy, pp. 96–111, 2011.
F. Buchholz and C. Falk, Design and implementation of Zeitline: A forensic timeline editor, Proceedings of the Fifth Digital Forensic Research Workshop, 2005.
B. Carrier and E. Spafford, An event-based digital forensic investigation framework, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.
S. Das, A. Chattopadhayay, D. Kalyani and M. Saha, Filesystem intrusion detection by preserving MAC DTS: A loadable kernel module based approach for Linux kernel 2.6.x, Proceedings of the Fifth Annual Workshop on Cyber Security and Information Intelligence Research, art. 57, 2009.
A. Distefano, G. Me and F. Pace, Android anti-forensics through a local paradigm, Digital Investigation, vol. 7(S), pp. S83–S94, 2010.
E. Gal and S. Toledo, Algorithms and data structures for flash memories, ACM Computing Surveys, vol. 37(2), pp. 138–163, 2005.
J. Grover, Android forensics: Automated data collection and reporting from a mobile device, Digital Investigation, vol. 10(S), pp. S12–S20, 2013.
A. Gupta, C. Milanesi, R. Cozza and C. Lu, Market Share Analysis: Mobile Phones, Worldwide, 2Q13, Gartner, Stamford, Connecticut, August 13, 2013.
R. Harris, Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem, Digital Investigation, vol. 3(S), pp. S44–S49, 2006.
B. Henderson, Linux Loadable Kernel Module HOWTO ( http://tldp.org/HOWTO/Module-HOWTO ), September 24, 1006.
HTC Corporation, The HTC Developer Center, Taoyuan, Taiwan ( www.htcdev.com/devcenter ), 2013.
International Data Corporation, Worldwide mobile phone market forecast to grow 7.3% in 2013 driven by 1 billion smartphone shipments, according to IDC, Press Release, Framingham, Massachusetts, September 4, 2013.
M. La Polla, F. Martinelli and D. Sgandurra, A survey on security for mobile devices, IEEE Communications Surveys and Tutorials, vol. 15(1), pp. 446–471, 2013.
A. Marrington, I. Baggili, G. Mohay and A. Clark, CAT Detect (Computer Activity Timeline Detection): A tool for detecting inconsistency in computer activity timelines, Digital Investigation, vol. 8(S), pp. S52–S61, 2011.
K. Miller, J. Voas and G. Hurlburt, BYOD: Security and privacy considerations, IT Professional, vol. 14(5), pp. 53–55, 2012.
J. Olsson and M. Boldt, Computer forensic timeline visualization tool, Digital Investigation, vol. 6(S), pp. S78–S87, 2009.
C. Papathanasiou and N. Percoco, This is not the droid you’re looking for..., presented at DEF CON 18, 2010.
J. Reardon, S. Capkun and D. Basin, Data node encrypted filesystem: Efficient secure deletion for flash memory, Proceedings of the Twenty-First USENIX Security Symposium, 2012.
Samsung, Samsung Open Source Release Center, Suwon, South Korea ( http://opensource.samsung.com ), 2013.
A. Shabtai, Y. Fledel and Y. Elovici, Securing Android-powered mobile devices using SELinux, IEEE Security and Privacy, vol. 8(3), pp. 36–44, 2010.
S. Smalley, The case for SE Android, presented at the Linux Security Summit, 2011.
S. Smalley, T. Fraser and C. Vance, Linux Security Modules: General Security Hooks for Linux, NAI Labs, Santa Clara, California ( http://tali.admingilde.org/linux-docbook/lsm.pdf ), 2001.
A. Smith, Smartphone Ownership 2013, Pew Research Center, Washington, DC, June 5, 2013.
M. Weil, Dynamic time and date stamp analysis, International Journal of Digital Evidence, vol. 1(2), 2002.
D. Willis, Bring Your Own Device: The Facts and the Future, Gartner, Stamford, Connecticut, April 11, 2013.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Verma, R., Govindaraj, J., Gupta, G. (2014). Preserving Dates and Timestamps for Incident Handling in Android Smartphones. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics X. DigitalForensics 2014. IFIP Advances in Information and Communication Technology, vol 433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44952-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-662-44952-3_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44951-6
Online ISBN: 978-3-662-44952-3
eBook Packages: Computer ScienceComputer Science (R0)