Search results

The purpose of this paper is to conduct a forensic analysis of Google Allo messenger on an Android-based mobile phone. The focus was on the analysis of the data stored by this application in the internal memory of the mobile device, with minimal use of third-party applications. The findings were compared with the already existing works on this topic. Android is the most popular operating system for mobile devices, and these devices often contain a massive amount of personal information about the user such as photos and contact details. Analysis of these applications is required in case of a forensic investigation and makes the process easier for forensic analysts.

Logical acquisition of the data stored by these applications was performed. A locked Android device was used for this purpose. Some scripts are presented to help in data acquisition using Android Debug Bridge (ADB). Manual forensic analysis of the device image was performed to see whether the activities carried out on these applications are stored in the internal memory of the device. A comparative analysis of an existing mobile forensic tool was also performed to show the effectiveness of the methodology adopted.

Forensic artifacts were recovered from Allo application. Multimedia content such as images were also retrieved from the internal memory.

As this study was conducted for forensic analysis, it assumed that the mobile device used already has USB debugging enabled on it, although this might not be the applicable in some of the cases. This work provides an optimal approach to acquiring artifacts with minimal use of third-party applications.

Most of the mobile devices contain messaging application such as Allo installed. A large amount of personal information can be obtained from the forensic analysis of these applications, which can be useful in any criminal investigation.

This is the first study which focuses on the Google Allo application. The proposed methodology was able to extract almost as much as the data obtained using earlier approaches, but with minimal third-party application usage.

The purpose of this paper is to propose an approach that helps in acquisition of live data as well as data stored in the internal/external memory of android mobile device considering that the data on the device are not much altered during the extraction process. Also, the emphasis is laid on testing the validity of existing forensic tools against the data obtained manually and by using this approach. Smartphones have spurred the mobile computing technology, and Android is widely used as an Operating System in these devices. These days, users store most of their personal information like emails, images, contacts etc., on Phones/Tablets as their data would be readily accessible and thus convenient for them.

Android Operating System is built on the Linux Kernel and scripts to extract data from Android Mobile Device with the use of Android Debugging Bridge have been written. The approach is more focused on the logical acquisition of data from devices rather than acquisition using physical methods.

Live data of the Facebook application running on the device can be extracted. Also, the password of the LuksManager application (used to create an encrypted volume on the device), which is stored in the internal memory, is also extracted and identified.

The study has been conducted in an academic environment, thereby limiting external validity. Another limitation is the limited edition of some of the software forensics tools that are used. The full access to these software tools are restricted by Law enforcement and Investigation policies. The research provides a different approach which could aid in criminal investigation activities on mobile devices.

The devices which have the latest versions of Android not only store messages and mails, but a lot of information about GPS, as well as information about popular applications like Facebook, WhatsApp, etc. This could practically help a lot in criminal investigation.

This study is important because very few works have been done on recent versions (Jellybean and Kitkat) of Android. The proposed approach could extract large amounts of information as compared to earlier approaches with the newer versions of Android having larger memory and new features.