Is Data Retention Still Necessary in the Age of Smartphones?

It is well known that smartphone operating systems persistently store location information in their local storage for various reasons. However, less well known is probably the fact that also various applications do this, too. In this article we will give you some hints where you can find this data on Android smartphones as well as we will present a system with which all this information can be extracted and visualized at the same time. We will also provide you with a comparison of the quality and quantity of location data gathered through data retention in contrast to the data gathered by forensic acquisition.

Our whole article can be read here.

8th Annual IFIP WG11.9 International Conference on Digital Forensics

We published and presented the paper “Forensic Acquisition of Location Data from Android Smartphones” at the IFIP WG11.9 conference in January this year. This paper covers the forensic acquisition of location data from Android smartphones (system and applications) and the corresponding generation of movement profiles. It will be published in the upcoming edition of “Advances in Digital Forensics”.

Paper accepted!

Today, we got the great message that two of our papers “Analyse und Vergleich von BckR2D2-I und II” and “Forensic Analysis of YAFFS2” had been accepted for the Sicherheit2012 in Darmstadt.

We are really looking forward to participate.

New Technical Report – Analysis of BckR2D2

Our research group has published a new technical report with the analysis and comparison of several versions of BckR2D2. The report is available in German only and can be found under CS-2011-08 (opus).

Abstract:
Im Oktober 2011 erregte die Veröffentlichung von Details über die inzwischen meist als BckR2D2 bezeichnete Schadsoftware öffentliches Aufsehen. Mitglieder des Chaos Computer Club e.V. veröffentlichten einen ersten Bericht über die Funktionsweise des Trojaners, dem weitere Analysen folgten. In dieser Arbeit geben die Autoren einen Überblick über die bislang veröffentlichen Einzelberichte und über die verschiedenen Komponenten der Schadsoftware sowie deren Funktionsweise. Hierzu präsentiert diese Arbeit die wesentlichen Ergebnisse einer ausführlichen Analyse aller Komponenten des Trojaners und geht insbesondere auf Unterschiede zwischen den beiden bislang bekannten Varianten BckR2D2-I und II ein. Ein besonderes Augenmerk der Autoren gilt ebenfalls der Verifikation der zuvor, in besagten Berichten getroffenen Aussagen.

Paper accepted!

Today, we got the great message that our paper “Forensic Acquisition of Location Data on Android Smartphones” had been accepted for the Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics in South Africa. We are really looking forward to participate.

For all of you, who can’t wait until January, here is the abstract of our work:

It is now well-known that, for various reasons, smartphone operating systems persistently store location information in their local storage. Less well-known is probably that also various network applications (apps) do this too. In this paper we present a system with which all this information can be extracted and visualized at the same time. Our system is based on the forensic data extraction tool ADEL. During our evaluation we found that in contrast to data retained by the network operator, location data stored on the mobile device in many cases offers much more precise information than the rather coarse-grained data from the network operator. However, the availability of data shows a much higher variability on the mobile phone than at the network operator.