We published and presented the paper “Forensic Acquisition of Location Data from Android Smartphones” at the IFIP WG11.9 conference in January this year. This paper covers the forensic acquisition of location data from Android smartphones (system and applications) and the corresponding generation of movement profiles. It will be published in the upcoming edition of “Advances in Digital Forensics”.
Today, we got the great message that our paper “Forensic Acquisition of Location Data on Android Smartphones” had been accepted for the Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics in South Africa. We are really looking forward to participate.
For all of you, who can’t wait until January, here is the abstract of our work:
It is now well-known that, for various reasons, smartphone operating systems persistently store location information in their local storage. Less well-known is probably that also various network applications (apps) do this too. In this paper we present a system with which all this information can be extracted and visualized at the same time. Our system is based on the forensic data extraction tool ADEL. During our evaluation we found that in contrast to data retained by the network operator, location data stored on the mobile device in many cases offers much more precise information than the rather coarse-grained data from the network operator. However, the availability of data shows a much higher variability on the mobile phone than at the network operator.
We investigated several well-known apps from the Android market with respect to the amount of location data stored. Some of these apps, their corresponding databases as well as the location data retrieved can be found in the following table.
|system||cache.cell||last 50 mobile telecommunication cells|
|system||cache.wifi||last 200 wifi routers|
|camera||JPG pictures||latitude and longitude of picture location|
|browser||CachedGeopositions.db||latitude, longitude, accuracy and timestamp|
|author_id.db -> statuses||latitude and longitude of status message|
|author_id.db -> search_queries||latitude, longitude and radius of location search queries|
|fb.db -> user_statuses||latitude and longitude of status message|
|fb.db -> user_values||latitude, longitude and timestamp of last checkin|
|google maps||da_destination_history||latitude and longitude of navigation start and destination|