A General Forensics Acquisition for Android Smartphones with Qualcomm Processor

AGeneral Forensics Acquisition for Android Smartphones with Qualcomm Processor 

Android PHP Projects Code shoppy
Abstract—Public reports show that crimes linked to Smartphones have increased sharply in past years. Because of the largest market share of Android, forensics on Android device had become a focus in the field of digital forensics. Data acquisition is a key aspect for smartphones forensics. In this paper, we proposed an improved approach of acquiring data image using special modes of Qualcomm processors, which almost taken more than half of market share of mobile smartphones’ CPU. Evaluation experiments confirmed that proposed methods are practicability and the data integrity of extracted partition images is preserved. Code Shoppy This work is intended to provide vital references for the investigators and researchers working on the digital forensics. Keywords-Android smartphone forensics; data partition acquisition; digital forensics

RELATED WORKS 
This section discusses prior related works regarding forensics data acquisition from Android devices. For a logical acquisition method, a typical way is to pull data from Android devices via an ADB connection. ADB provides a command line tool that allows investigators to download data files/folders using the “pull” command [5]. The ADB acquisition method has several limitations, it require unlocking device screen and opening ADB debug switch. If the device is not be rooted, various critical data such as user data of App cannot be accessed. Devices that installed Android 4.0 and later can be backed up some of user data to a computer through the ADB backup command. However, many applications, such as WeChat, had prohibited their own user data to be backed up for security considering. Physical acquisition means a bit-by-bit copy to dump the entire data partition of Android devices. 
The full storage image means that those deleted files in free space also will be copied. Physical acquisition through JTAG or Chip-off is complex and requires a great deal of hardware technical knowledge and skills. 
With special wires soldered on the JTAG pads on the printed circuit board, investigators can directly connect to the CPU and extract storage of an Android device via JTAG protocol, a computer installed the JTAG software is allowed to directly manipulate device’s CPU to obtain a complete bit-by-bit image of the flash memory [5]. In the Chip-off method, investigators need to remove the NAND flash chips from the device’s circuit board and extract the physical data stored in the flash chips through special hardware tools [5]. Compared to JTAG, Chip-off methods still work even the device’s CPU is damaged. However, a downside of Chip-off is the potential of damaging the flash chips as operations is quit complex. Vidas et al. [3] proposed a general method for collecting logical data or physical images using recovery mode of Android device. This method overwrite the device’s recovery partition with a custom recovery image that includes necessary data collect utilities, then use an ADB shell to dump the data partition after rebooting the device into recovery mode. Although this method modifies the recovery partition, the forensics interest data almost is located on the data partition. Son et al. [4] evaluates user data integrity at the time of data acquisition using the custom recovery image. 
They confirmed that the integrity of the acquired data partition images is preserved by comparing to the collected images through JTAG method. However, if a device’s bootloader is locked, flashing the device’s partitions also is prohibited. Unlocking a locked bootloader maybe trigger erasing all the user data on the device [2]. Yang et al. [6] proposed a data extraction method based on analyzing the devices’ firmware update protocols. 
Many manufacturers provide their own firmware update utilities. After booting the device into firmware update mode, the firmware update process (in the device) runs and can communicate with firmware update program in a computer. Therefore, there may be commands that can possibly be used for data collection. Method of Yang et al. identities these commands by reverse engineering the bootloader and firmware update program. Based on this method, anacquisition tool was developed, it support to dump physical data images for over 80 of Android models [6]. A downside of this approach is that to reverse engineer boot-loaders and firmware update program for different Android models always requires plenty of time and effort. 
Commercial forensics suites such as Cellebrite UFED, Oxygen Forensics and MSAB XRY are able to support an ADB physical memory dump via rooting exploitation. Some of them also are able to extract data from unrooted Android smartphones by exploiting certain bootloader vulnerabilities [7]. However, related technical details of these commercial products are still not published.

Comments

  1. ArunprakashMarch 19, 2022 at 2:23 AM

    Wow, that is quite informative. I like this article very much. The content was good. If any of the engineering students are looking for a Android Final Year Projects, I found this site and they are providing the best service to the engineering students regarding the projects Android Final Year Projects

    ReplyDelete

Post a Comment

Popular posts from this blog

Multipurpose Mobile Notifier

Image
Multipurpose Mobile Notifier The idea behind this paper is to study various methods and techniques to push notification on various android devices. There are many handful technologies, which push data or content on mobile devices/tablets. The technologies that we have studied are Google Cloud Messaging (GCM), C2DM (Cloud to Device Messaging) and Xtify. The need of these technologies is for authenticating a user, as well as handling all aspects of messages and delivery to the target application on the target device. Online servers are used to host the data online and these servers are a place where the data from user’s application on phone is pushed. In this paper we will investigate how these technologies can co-operate through push messaging, and where a content provider publishes information to a subscriber. We have focused on combining the technology of cloud computing along with mobile applica
Read more

Plan For Centralized Exam System

Image
 Plan For Centralized Exam System Exam seat allocation is one of the major concerns in quality education. With the increasing number of students, subjects, departments and rooms, exam seat management becomes complex. Maintaining a decent exam environment with the proper seating arrangement is one of the difficult jobs for authority. This research offers solution for exam seating arrangement problems that can be achieved through the sequential execution of three proposed algorithms. This research offers a solution for preventing some exam hall cheating by arranging seats for large students and it also finds out the best combination of rooms to be assigned for the exam to organize perfect seating based on the room orientation and size, number of students, differentiation of subjects. To do this research, we have collected data and methods from a university those are being used for their exam seating arrangement. By using university exam information we test our algorithms. It pro
Read more