Our paper for the ADFSL 2011 in Richmond (USA) has been accepted. So we will give our presentation about ADEL (Android forensic software) at the 26th of May.
See you all in Richmond!
We just submitted a Paper and forensic Tool with the name ADEL to a call for papers. The tool as well as the complete paper will be available very soon for people of law enforcement agencies.
The tool can, by now, recover and analyze the following data:
– Call logs
– Contact and Calendar entries
– SMS and MMS messages
– Meta information about the smartphone and SIM
Abstract of the submitted paper:
Nowadays, smartphones are one of the most popular mediums of communication in the world. They are not only used for ordinary private and business purposes, they are also used by criminals for communication and as a target. Due to the ubiquitous use of smartphones, these devices become an increasingly important source of digital evidence in forensic investigations. Thus, the recovery of digital traces from smartphones often plays an essential role for the examination and clarification of the facts in a case. Although some tools already exist regarding the examination of smartphone data, there is still a strong demand to develop further methods and tools for forensic extraction and analysis of data that is stored on smartphones. In this paper we describe the specifications of smartphones running the popular Andoid operating system. We further introduce a newly developed tool – called ADEL – that is able to forensically extract and analyse selected data from an Android device. Finally, a detailed report containing the results of the examination is created by the tool. The whole process is fully automated and and takes account of all forensic principles.
The slides from the SICHERHEIT 2010 conference are now available for download. Please feel free to leave a comment.
The last days we worked on a paper for the Sicherheit 2010 conference. You can find the abstract of this paper here after.
Abstract: Nowadays, smartphones constitute one of the most commonly used electronic devices. Today’s smartphones combine a variety of different technologies: they offer in addition to excellent mobile availability and connectivity also high-speed data transfer for the user. Moreover, they are multimedia capable due to their integrated digital camera or music player, and offer a wide variety of communication services like e-mail, SMS or MMS. Consequently, they are used increasingly as a “mobile office”. In this paper, we outline the possibilities and obstacles of secure deletion, namely the problem of deleting sensitive data on a smartphone in such a way that this data cannot be restored during a later forensic investigation. In order to guarantee the complete deletion of data, it would be necessary to access the memory chip directly such that we can overwrite the address space of existing data with arbitrary data. However, this approach is not possible when dealing with smartphones due to several reasons. On the one hand, the user’s activities are restricted on the device, which implies that farreaching system interventions cannot be conducted easily. On the other hand, writing on a specific physical address is hindered due to the use of “wear leveling” algorithms on flash chips, which are intended to optimize durability. We discuss these problems in detail and introduce an approach to more securely delete data under certain constraints.
We are hoping that it will be accepted.