Examining Android Privacy Using Digital Forensics
Total Page:16
File Type:pdf, Size:1020Kb
EXAMINING ANDROID PRIVACY USING DIGITAL FORENSICS A Project Presented to the faculty of the Department of Computer Science California State University, Sacramento Submitted in partial satisfaction of the requirements for the degree of MASTER OF SCIENCE in Computer Science by Jason Landsborough Fall 2013 © 2013 Jason Landsborough ALL RIGHTS RESERVED ii EXAMINING ANDROID PRIVACY USING DIGITAL FORENSICS A Project by Jason Landsborough Approved by: __________________________________, Committee Chair Isaac Ghansah, Ph.D. __________________________________, Second Reader Behnam Arad, Ph.D. ____________________________ Date iii Abstract of EXAMINING ANDROID PRIVACY USING DIGITAL FORENSICS A Project by Jason Landsborough Portable devices, such as those that run Android, allow people to do much more than ever before. Users of these devices can receive and respond to email when away from their computers. Pictures taken on GPS enabled devices can store location data, so users know where a picture was taken. Users can take a picture and immediately upload it somewhere. Specialized third-party apps extend the functionality of these devices even further, adding to the types of data being used and stored on the device. With all this new data comes risk. Because data can be stored, it can also be retrieved. This project covers many types of data acquisition methods for an Android device, to determine what information can be retrieved. All of the methods were free to use, and could be used by an untrusted third-party, such as a thief. Data was acquired from a T-Mobile G2x, an Android smartphone, consisting of data created for the project, as well as data that already existed on the device. The data consisted of: email messages, text messages, a phone call log entry, pictures, a calendar event, location data, a Skype instant message, a Facebook Post, and an Evernote note. An email message, two text messages, and two pictures, were deleted to determine if these could be recovered. iv Using the various methods used in this project, most of the data was retrieved. Portable devices are susceptible to being lost or stolen. Because of this and the results of this project, where confidentiality is warranted, additional security measures should be taken to protect the data. Approved by: __________________________________, Committee Chair Isaac Ghansah, Ph.D. ____________________________ Date v Student: Jason Landsborough I certify that this student has met the requirements for format contained in the University format manual, and that this project is suitable for shelving in the Library and credit is to be awarded for the project. __________________________, Graduate Coordinator ___________________ Nikrouz Faroughi, Ph.D. Date Department of Computer Science vi ACKNOWLEDGEMENTS I would like to thank Dr. Issac Ghansah for helping to define and refine this project, as well as for offering suggestions and advice throughout the project to make this project better. I would also like to thank Dr. Behnam Arad for being the second reader, as well as for the advice given to me throughout my time as a Master’s student. vii TABLE OF CONTENTS Page ACKNOWLEDGEMENTS ........................................................................................................... vii LIST OF TABLES ......................................................................................................................... xii LIST OF FIGURES ...................................................................................................................... xiii Chapter 1. INTRODUCTION. ...................................................................................................................... 1 1.1 Digital Forensics .................................................................................................................... 1 1.2 Android .................................................................................................................................. 1 1.2.1 Android Architecture ...................................................................................................... 2 1.2.2 Android Apps .................................................................................................................. 3 1.2.3 Android App Environment ............................................................................................. 4 1.3 Privacy Issues......................................................................................................................... 4 1.4 Motivation for Project ............................................................................................................ 5 1.5 Related Work ......................................................................................................................... 5 1.5.1 Android App Permission ................................................................................................. 5 1.5.2 Bootimg .......................................................................................................................... 6 1.5.3 Bypassing Lock Screens ................................................................................................. 6 1.6 Objectives .............................................................................................................................. 8 2. SYSTEM SETUP....................................................................................................................... 10 viii 2.1 Phone Hardware and Operating System .............................................................................. 10 2.2 Target Data Creation ............................................................................................................ 11 2.2.1 Apps Used for Target Data Creation ............................................................................. 11 2.2.2 Target Data.................................................................................................................... 11 2.2.3 Tools and Methods ........................................................................................................ 17 3. FORENSIC ACQUISITIONS, ANALYSIS AND RESULTS .................................................. 20 3.1 SD Card Acquisition with dd ............................................................................................... 20 3.1.1 Acquiring SD Card Data ............................................................................................... 20 3.1.2 Setup in Autopsy Browser ............................................................................................ 21 3.1.3 Examining Data in Autopsy Browser ........................................................................... 22 3.1.4 Summary of Results Using this Method ....................................................................... 29 3.2 USB Drive Acquisition with dd ........................................................................................... 29 3.2.1 Acquiring USB Data ..................................................................................................... 29 3.2.2 Examining Data in Autopsy Browser ........................................................................... 30 3.2.3 Summary of Results Using This Method ...................................................................... 31 3.3 Forensic App ........................................................................................................................ 32 3.3.1 App Setup...................................................................................................................... 32 3.3.2 Examining Forensic App Results .................................................................................. 34 3.3.3 Summary of Results Using this Method ....................................................................... 35 3.4 Oxygen Forensic Suite ......................................................................................................... 36 ix 3.4.1 Acquiring Data Using Oxygen Forensic Suite .............................................................. 36 3.4.2 Examining Data Acquired Using Oxygen Forensic Suite ............................................. 37 3.4.3 Summary of Results Using this Method ....................................................................... 40 3.5 adb pull ................................................................................................................................ 40 3.5.1 adb Setup ....................................................................................................................... 41 3.5.2 Acquiring Data Using adb............................................................................................. 41 3.5.3 Examining adb pull Contents ........................................................................................ 42 3.6 Root adb pull ........................................................................................................................ 43 3.6.1 Rooting the Phone ......................................................................................................... 43 3.6.2 Examining the Results of adb pull as Root ................................................................... 44 3.6.3 Summary of Results Using this Method ....................................................................... 50 3.7 Root adb dd .......................................................................................................................... 51 3.7.1 Acquiring Data Using dd Through