UNIVERSITY OF PIRAEUS DEPARTMENT OF DIGITAL SYSTEMS POSTGRADUATE PROGRAMME Economic Management and Digital Systems Security Smartphone Forensics & Data Acquisition DISSERTATION Pachigiannis Panagiotis MTE1219 2015 Contents Contents……… ....................................................................................................................................... 2 Acknowledgement ................................................................................................................................... 7 Abstract……. ........................................................................................................................................... 8 1) Introduction........................................................................................................................................... 9 1.1) Context ........................................................................................................................................... 9 1.2) Aim & Objective .......................................................................................................................... 10 1.3) Background .................................................................................................................................. 11 1.4) Structure of Thesis ....................................................................................................................... 11 2) Mobile Devices ................................................................................................................................... 12 2.1) Revolutionary devices ................................................................................................................. 12 2.2) Mobile Forensics ......................................................................................................................... 14 2.3) Types of evidences ...................................................................................................................... 15 2.4) Forensic Best Practices ................................................................................................................ 15 2.5) Smartphone Devices .................................................................................................................... 17 2.5.1) Smartphone security ............................................................................................................. 32 2.5.1.1) False sense of security. ...................................................................................................... 33 2.5.1.2) Security issues. .................................................................................................................. 34 2.5.1.3) Methods of security protection .......................................................................................... 39 2.5.1.4) The future Of Smartphone security ................................................................................... 47 3) Android…………. .............................................................................................................................. 51 3.1) Android Operation System (OS).................................................................................................. 51 3.2) Android Background ................................................................................................................... 57 3.2.1) Partitions ............................................................................................................................... 57 3.2.2) Android File system .............................................................................................................. 58 3.2.3) Android Data storage ............................................................................................................ 59 3.2.4) Boot Process ......................................................................................................................... 60 3.2.5) Boot loader ............................................................................................................................ 61 3.2.6) Android Debug Bridge (ADB) ............................................................................................. 62 3.2.7) Recovery Partition ................................................................................................................ 62 3.2.8) Custom Recovery ROM........................................................................................................ 63 [2] 3.3) The current state of Android ........................................................................................................ 64 3.4) Android security .......................................................................................................................... 66 3.4.1) Security architect .................................................................................................................. 68 3.4.2) How Android encryption works ........................................................................................... 73 3.4.3) Android rooting .................................................................................................................... 74 3.4.4) Vulnerabilities ....................................................................................................................... 77 3.4.5) Security measures ................................................................................................................. 80 3.4.5.1) User security features......................................................................................................... 85 3.4.5.2) Android application security .............................................................................................. 86 4) Data acquisition .................................................................................................................................. 90 4.1) The phenomenon of data acquisition. .......................................................................................... 90 4.1.1) The significance of the "Data Acquisition" in Smartphones. .............................................. 91 4.1.2) The significance of the "Data Acquisition" in Android OS. ................................................ 92 4.2) Methodology of "Data Acquisition" ............................................................................................ 98 4.2.1) Extraction tools ................................................................................................................... 103 4.2.1.1) Method of extraction ..................................................................................................... 103 4.2.1.2) Evaluation criteria ......................................................................................................... 105 4.2.1.3) Testing and validation ................................................................................................... 105 4.2.2) Mobile forensics applications .............................................................................................. 106 4.2.2.1) Where’s My Droid ........................................................................................................ 106 4.2.2.2) SeekDroid ..................................................................................................................... 106 4.2.2.3) Prey Anti-Theft ............................................................................................................. 107 4.2.2.4) Androidlost ................................................................................................................... 108 4.2.3) Mobile Forensics Tools for "Data Acquisition" processing. ............................................... 109 4.2.3.1) XRY .............................................................................................................................. 109 4.2.3.2) Cellebrite UFED ........................................................................................................... 110 4.2.3.3) FTK ............................................................................................................................... 111 4.2.3.4) Paraben Cell Seizure ..................................................................................................... 112 4.2.3.5) Neutrino ........................................................................................................................ 113 4.2.3.6) Oxygen forensic suite ................................................................................................... 114 4.2.3.7) Mobiledit Forensic ........................................................................................................ 116 [3] 4.2.3.8) Linux Memory Extractor Tool (LIME forensics). ......................................................... 117 4.2.3.9) Forensics Recovery of Scrambled Telephones (FROST) .............................................. 117 4.3) Summary of problem area ......................................................................................................... 121 5) Implementation of the technical track .............................................................................................. 122 5.1) Preparation of the Smartphone device for data acquisition ....................................................... 122 5.1.1) Rooting the Smartphone device: Samsung Galaxy S GT19000. ........................................ 122 5.2) Scenarios of data acquisition