Smartphone sensor data as digital evidence

Computers and Security

Volumn 38, Issue , 2013, Pages 51-75

  Mylonas, Alexios ^a   Meletiadis, Vasilis ^a   Mitrou, Lilian ^a   Gritzalis, Dimitris ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

Android; Digital forensics; Information gathering; Investigation models; Sensor; Sensor data; Smartphones

Indexed keywords

DATA ACQUISITION; DIGITAL FORENSICS; ELECTRONIC CRIME COUNTERMEASURES; SENSORS; SIGNAL ENCODING; SMARTPHONES;

ANDROID; DATA COLLECTION; DIGITAL EVIDENCE; DIGITAL INVESTIGATION; ETHICAL ISSUES; INFORMATION GATHERING; POST MORTEM ANALYSIS; SENSOR DATA;

ANDROID (OPERATING SYSTEM);

EID: 84885189845     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2013.03.007     Document Type: Article

References (101)

1. Allan A, Warden P. Got an iPhone or 3G iPad? Apple is recording your moves. http://radar.oreilly.com/2011/04/apple-locationtracking.html [accessed November 2012].
2. Aviv A, Gibson K, Mossop E, Blaze M, Smith J. Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX conference onoffensive technologies. USENIX Association; 2010. p. 1-7.
3. Bäcker M. Das IT-Grundrecht: Funktion, Schutzgehalt, Auswirkungeb auf staatliche Ermittlungen. In: Uerpmann-Wittzack, editor. Das neue Computergrundrecht, Recht der Informationsgesellschaft 2009;Bd 15. p. 53-60. Berlin.
4. Bader M, Baggili I. iPhone 3GS forensics: logical analysis using apple iTunes backup utility. Small Scale Digital Device Forensics Journal 2010;4(1).
5. Bao L, Intille S. Activity recognition from user-annotated acceleration data. In: Ferscha A, Mattern F, editors. Pervasive computing. Springer; 2004. p. 1-17. LNCS-3001.
6. Beebe N, Clark J. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation 2005;2(2):147-67.
7. Bennett D. The challenges facing computer forensics investigators in obtaining information from mobile devices for use in criminal investigations. Information Security Journal: A Global Perspective 2012;21(3):159-68.
8. Beresford A, Rice A, Skehin N, Sohan R. Mockdroid: trading privacy for application functionality on smartphones. In: Proceedings of the 12th workshop on mobile computing systems and applications (HotMobile 2011). USA: ACM; 2011. p. 49-54.
9. Bujari A, Licar B, Palazzi C. Movement pattern recognition through smartphone's accelerometer. In: Proceedings of the IEEE consumer communications and networking conference (CCNC 2012); 2012. p. 502-6.
10. Carrier B, Spafford E. Getting physical with the digital investigation process. International Journal of Digital Evidence 2003;2(2):1-20.
11. Carrier B, Spafford E. An event-based digital forensic investigation framework. In: Proceedings of the digital forensic research workshop; 2004.
12. Casey E. Digital evidence and computer crime: forensic science, computers and the internet. 2nd ed. USA: Academic Press, Inc.; 2004.
13. Casey E, Bann M, Doyle J. Introduction to windows mobile forensics. Digital Investigation 2010;6(34):136-46.
14. Choe B, Min J, Cho S. Online gesture recognition for user interface on accelerometer built-in mobile phones. In: Wong K, et al., editors. Neural information processing. Models and applications. Springer; 2010. p. 650-7. LNCS-6444.
15. Choudhury T, Consolvo S, Harrison B, Hightower J, LaMarca A, LeGrand L, et al. The mobile sensing platform: an embedded activity recognition system. IEEE Pervasive Computing 2008;7(2):32-41.
16. Ciardhuáin S. An extended model of cybercrime investigations. International Journal of Digital Evidence 2004;3(1):1-22.
17. Cluley G. First iPhone worm discovered - ikee changes wallpaper to Rick Astley photo. http://nakedsecurity.sophos.com/2009/11/08/iphone-worm-discovered- wallpaper-rick-astley-photo/ [accessed November 2012].
18. Commission of the European Communities. Green paper on detection technologies in the work of law enforcement, customs and other security authorities. Technical report COM(2006) 474 final 2006.
19. Coudert F, Gemo M, Beslay L, Andritsos F. Pervasive monitoring: appreciating citizen's surveillance as digital evidence in legal proceedings. In: Proceedings of the 4th international conference on imaging for crime detection and prevention (ICDP 2011); 2011. p. 1-6.
20. Dancer F, Dampier D, Jackson J, Meghanathan N. A theoretical process model for smartphones. In: Meghanathan N, et al., editors. Advances in computing and information technology. Springer; 2013. p. 279-90. AISC-178.
21. DFRWS. A road map for digital forensic research. Technical report DTR - T001-01 final. First Digital Forensic Research Workshop (DFRWS); 2001.
22. Dietz M, Shekhar S, Pisetsky Y, Shu A, Wallach D. Quire: lightweight provenance for smart phone operating systems. In: Proceedings of the 20th USENIX security symposium; 2011.
23. Distefano A, Me G. An overall assessment of mobile internal acquisition tool. Digital Investigation 2008;5(Suppl.):121-7.
24. Felt A, Egelman S, Wagner D. I've got 99 problems, but vibration ain't one: a survey of smartphone users concerns. In: ACM workshop on security and privacy in mobile devices (SPSM 2012); 2012a.
25. Felt A, Ha E, Egelman S, Haney A, Chin E, Wagner D. Android permissions: user attention, comprehension, and behavior. In: Proceedings of the symposium on usable privacy and security (SOUPS 2012); 2012b.
26. Felt A, Wang H, Moshchuk A, Hanna S, Chin E. Permission redelegation: attacks and defenses. In: Proceedings of the 20th USENIX security symposium, USA; 2011.
27. Gafurov D, Helkala K, Soendrol T. Gait recognition using acceleration from MEMS. In: Proceedings of the 1st international conference on availability, reliability and security (ARES 2006); 2006.
28. Google. Android security overview. http://source.android.com/tech/ security/index.html [accessed November 2012].
29. Grace M, Zhou Y, Wang Z, Jiang X. Systematic detection of capability leaks in stock Android smartphones. In: Proceedings of the 19th network and distributed system security symposium (NDSS 2012); 2012.
30. Grispos G, Storer T, Glisson WB. A comparison of forensic evidence recovery techniques for a windows mobile smart phone. Digital Investigation 2011;8(1):23-36.
31. Gupta A, Cozza R, Milanesi C, Lu C. Market share analysis: mobile devices, worldwide, 2Q12. Technical report G00238277. Gartner; 2012.
32. Hoffmann-Riem W. Freiheit und Sicherheit im Angesicht terroristischer Anschläge. Zeitschrift für Rechtspolitik 2002;35:497.
33. Hoog A. Android forensic techniques. In: Android forensics. Boston: Syngress; 2011. p. 195-284.
34. Hornyack P, Han S, Jung J, Schechter S, Wetherall D. These aren't the droids you're looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM conference on computer and communications security (ACM CCS 2011). USA: ACM; 2011. p. 639-52.
35. Husain MI, Sridhar R. iForensics: forensic analysis of instant messaging on smart phones. In: Goel S, et al., editors. Digital forensics and cyber crime. Springer; 2010. p. 9-18. LNICST-31.
36. Ieong R, Forza A. Digital forensics investigation framework that incorporate legal issues. Digital Investigation 2006;3(Suppl.):29-36.
37. Iliadis J, Spinellis D, Gritzalis D, Preneel B, Katsikas S. Evaluating certificate status information mechanisms. In: Proceedings of the 7th ACM conference on computer and communications security (CCS '00). ACM;2000. p. 1-8.
38. Jansen W, Ayers R. Guidelines on cell phone forensics. Technical report NIST SP 800-101. National Institute of Standards and Technology; 2007.
39. Jung J, Jeong C, Byun K, Lee S. Sensitive privacy data acquisition in the iPhone for digital forensic analysis. In: Park J, et al., editors. Secure and trust computing, data management and applications. Springer; 2011. p. 172-86. CCIS-186.
40. Kandias M, Mylonas A, Virvilis N, Theoharidou M, Gritzalis D. An insider threat prediction model. In: Katsikas S, et al., editors. Proceedings of the 7th international conference on trust, privacy, and security in digital business (TrustBus 2010). Springer; 2010. p. 26-37. LNCS 6264.
41. Karyda M, Mitrou L. Internet forensics: legal and technical issues. In: Proceedings of the 2nd annual workshop on digital forensics and incident analysis; 2007. p. 3-12.
42. Kelley P, Consolvo S, Cranor L, Jung J, Sadeh N, Wetherall D. A conundrum of permissions: installing applications on an Android smartphone. In: Proceedings of the workshop on usable security (USEC); 2012.
43. Kern N, Schiele B, Junker H, Lukowicz P, Trster G. Wearable sensing to annotate meeting recordings. Personal and Ubiquitous Computing 2003;7:263-74.
44. Kerr OS. Searches and seizures in a digital world. Harvard Law Review 2005;119:531-86.
45. Khan A, Lee YK, Lee S, Kim TS. A triaxial accelerometer-based physical-activity recognition via augmented-signal features and a hierarchical recognizer. IEEE Transactions on Information Technology in Biomedicine 2010;14(5):1166-72.
46. Klaver C. Windows mobile advanced forensics. Digital Investigation 2010;6(34):147-67.
47. Kohn M, Eloff J, Olivier M. Framework for a digital forensic investigation. In: Proceedings of the ISSA from insight to foresight conference, Sandton, South; 2006.
48. Kuntze N, Rudolph C, Alva A, Endicott-Popovsky B, Christiansen J, Kemmerich T. On the creation of reliable digital evidence. In: Peterson G, et al., editors. Advances in digital forensics. Springer; 2012. p. 3-17. AICT-383.
49. Kwapisz J, Weiss G, Moore S. Activity recognition using cell phone accelerometers. SIGKDD Explorations Newsletter 2011;12(2):74-82.
50. Lambrinoudakis C, Gritzalis D, Tsoumas V, Karyda M, Ikonomopoulos S. Secure electronic voting: the current landscape. In: Gritzalis D, editor. Secure electronic voting. Springer: Advances in Information Security; 2003. p. 101-22.
51. Lane N, Miluzzo E, Lu H, Peebles D, Choudhury T, Campbell A. A survey of mobile phone sensing. IEEE Communications Magazine 2010;48(9):140-50.
52. Lessard J, Kessler G. Android forensics: simplifying cell phone examinations. Purdue University; 2010. Technical report.
53. Lester J, Choudhury T, Borriello G. A practical approach to recognizing physical activities. In: Fishkin K, et al., editors. Pervasive computing. Springer; 2006. p. 1-16. LNCS-3968.
54. Liu J, Zhong L, Wickramasuriya J, Vasudevan V. Uwave: accelerometer-based personalized gesture recognition and its applications. Pervasiveand Mobile Computing 2009;5(6):657-75.
55. Long X, Yin B, Aarts R. Single-accelerometer-based daily physical activity classification. In: Proceedings of the annual engineering international conference of the IEEE in medicine and biology society (EMBC-2009); 2009. p. 6107-10.
56. Mantyjarvi J, Lindholm M, Vildjiounaite E, Makela SM, Ailisto H. Identifying users of portable devices from gait pattern with accelerometers. In: Proceedings of the IEEE international conference on acoustics, speech, and signal processing (ICASSP '05); 2005. p. 973-6.
57. Marquardt P, Verma A, Carter H, Traynor P. (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proceedings of the 18th ACM conference on computer and communications security (CCS '11). USA: ACM; 2011. p. 551-62.
58. McClure S, Scambray J, Kurtz G. Hacking exposed: network security secrets & solutions. New York: McGraw-Hill/Osborne; 2005.
59. Mokhonoana P, Olivier M. Acquisition of a Symbian smart phones content with an on-phone forensic tool 2007. Technical report.
60. Morrissey S. iOS forensic analysis for iPhone, iPad and iPod touch. New York: Apress; 2010.
61. Motiee S, Hawkey K, Beznosov K. Do windows users follow the principle of least privilege?: investigating user account control practices. In: Proceedings of the 6th symposium on usable privacy and security (SOUPS 2010). USA: ACM; 2010. p. 1-13.
62. Mukasey M, Sedgwick J, Hagy D. Electronic crime scene investigation: a guide for first responders. Technical report NCJ 219941. National Institute of Justice; 2008.
63. Mutawa N, Baggili I, Marrington A. Forensic analysis of social networking applications on mobile devices. Digital Investigation 2012;9(Suppl.):S24-33.
64. Mylonas A. Smartphone spying tools. Master's thesis, Royal Holloway, University of London; 2008.
65. Mylonas A, Dritsas S, Tsoumas B, Dimitris G. Smartphone security evaluation: the malware attack case. In: Samarati P, Lopez J, editors. Proceedings of the international conference of security and cryptography (SECRYPT 2011). SciTePress; 2011a. p. 25-36.
66. Mylonas A, Tsoumas B, Dritsas S, Gritzalis D. A secure smartphone applications roll-out scheme. In: Proc. of the 8th international conference on trust, privacy & security in digital business (TRUST-2011). France: Springer; 2011b. p. 49-61. LNCS-6863.
67. Mylonas A, Dritsas S, Tsoumas B, Gritzalis D. On the feasibility of malware attacks in smartphone platforms. In: Obaidad M, et al., editors. Security and cryptography. CCIS: Springer; 2012a. p. 217-32.
68. Mylonas A, Kastania A, Gritzalis D. Delegate the smartphone user? Security awareness in smartphone platforms. Computers & Security 2013;34:47-66.
69. Mylonas A, Meletiadis V, Tsoumas B, Mitrou L, Gritzalis D. Smartphone forensics: a proactive investigation scheme for evidence acquisition. In: Gritzalis D, et al., editors. Proceedings of the 27th IFIP international information security and privacy conference. Springer; 2012b. p. 249-60. AICT-376.
70. Niemel J. Detecting mobile phone spy tools. Technical report Black Hat-2008. F-Secure; 2008.
71. Park J, Chung H, Lee S. Forensic analysis techniques for fragmented flash memory pages in smartphones. Digital Investigation 2012.
72. Pooters I. Full user data acquisition from Symbian smart phones. Digital Investigation 2010;6(34):125-35.
73. Ramabhadran A. Forensic investigation process model for windows mobile devices. Technical report. Security Group - Tata Elxsi; 2009.
74. Ravi N, Dandekar N, Mysore P, Littman M. Activity recognition from accelerometer data. In: Proceedings of the national conference on artificial intelligence. MIT Press; 2005.
75. Rehault F. Windows mobile advanced forensics: an alternative to existing tools. Digital Investigation 2010;7(1-2):38-47.
76. Reid M. United States v. Jones: big brother and the "common good" versus the fourth amendment and your right to privacy. Available from: http://works.bepress.com/melanie-reid/9; 2012.
77. Reith M, Carr C, Gunsch G. An examination of digital forensic models. International Journal of Digital Evidence 2002;1(3):1-12.
78. Rogers M, Goldman J, Mislan R, Wedge T, Debrota S. Computer forensics field triage process model. In: Proceedings of the conference on digital forensics security and law; 2006. p. 27-40.
79. Rose C. Ubiquitous smartphones, zero privacy. Review of Business Information Systems 2012;16(4):187-92.
80. Rushin S. The judicial response to mass police surveillance. Journal of Law, Technology & Policy 2011;2011(2):282-328.
81. Salgado RP. Fourth amendment search and the power of the hash. Harvard Law Review 2005;119:38-46.
82. Schlegel R, Zhang K, Zhou X, Intwala M, Kapadia A, Wang X. Soundcomber: a stealthy and context-aware sound Trojan for smartphones. In: Proceedings of the 18th annual network and distributed system security symposium (NDSS2011);2011. p. 17-33.
83. Sylve J, Case A, Marziale L, Richard G. Acquisition and analysis of volatile memory from Android devices. Digital Investigation 2012;8(34):175-84.
84. Tan J. Forensic readiness. Cambridge, USA: Stake; 2001.
85. Theoharidou M, Mylonas A, Gritzalis D. A risk assessment method for smartphones. In: Gritzalis D, et al., editors. Proceedings of the 27th IFIP information security and privacy conference. Springer; 2012. p. 428-40. AICT-376.
86. Thing V, Chua TW. Symbian smartphone forensics: linear bitwise data acquisition and fragmentation analysis. In: Kim T, et al., editors. Computer applications for security, control and system engineering. Communications in computer and information science. Springer; 2012. p. 62-9.
87. Thing VL, Ng KY, Chang EC. Live memory forensics of mobile phones. Digital Investigation 2010;7(Suppl.):S74-82.
88. Thing V, Tan D. Symbian smartphone forensics and security: recovery of privacy-protected deleted data. In: Chim T, Yuen T, editors. Information and communications security. Springer; 2012. p. 240-51. LNCS-7618.
89. Togias S. The right in confidentiality and integrity of information technology systems according to the German Federal Constitutional Court: old wine in new bottles? In: Bottis M, editor. An information law for the 21st century 2010. p. 530-40. Athens.
90. Vidas T, Zhang C, Christin N. Toward a general collection methodology for Android devices. Digital Investigation 2011;8(Suppl. 1):S14-24.
91. Walls R, Learned-Miller E, Levine B. Forensic triage for mobile phones with DECODE. In: Proceedings of USENIX security symposium; 2011.
92. Weise J, Powell B. Using computer forensics when investigating system attacks. Technical report 819-2262-10. Sun Client Solutions Security Expertise Center; 2005.
93. Wiebe A. The new fundamental right to IT security - first evaluation and comparative view at the U.S. Datenschutz und Datensicherheit 2008;32(11):713-6.
94. Wiebke A. Agents, Trojans and tags: the next generation of investigators. International Review of Law, Computers & Technology 2009;23(1-2):99-108.
95. Wilkinson S, Haagman D. Good practice guide for computerbased electronic evidence. Technical report v. 4. UK Association of Chief Police Officers; 2007.
96. Xu N, Zhang F, Luo Y, Jia W, Xuan D, Teng J. Stealthy video capturer: a new video-based spyware in 3G smartphones. In: Proceedings of the 2nd ACM conference on wireless network security. USA: ACM; 2009. p. 69-78.
97. Yu X, Jiang LH, Shu H, Yin Q, Liu TM. A process model for forensic analysis of Symbian smart phones. In: Advances in software engineering. Springer; 2009. p. 86-93. CCIS-59.
98. Zachman J. A framework for information systems architecture. IBM Systems Journal 1987;26(3):276-92.
99. Zdziarski J. iPhone forensics: recovering evidence, personal data, and corporate assets. O'Reilly Media; 2008.
100. Zhou Y, Jiang X. Dissecting Android malware: characterization and evolution. In: Proceedings of the IEEE symposium on security and privacy (SP). IEEE; 2012. p. 95-109.
101. Zhou Y, Zhang X, Jiang X, Freeh V. Taming information-stealing smartphone applications (on Android). In: McCune J, et al., editors. Trust and trustworthy computing. Springer; 2011. p. 93-107. LNCS-6740.