Android Forensics Using Sleuth Kit Autopsy

Ghosh, Atonu; Majumder, Koushik; De, Debashis

doi:10.1007/978-981-15-8061-1_24

Atonu Ghosh²⁰,
Koushik Majumder²⁰ &
Debashis De²⁰

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1262))

546 Accesses
2 Citations

Abstract

Mobile device forensics has gained significance with the increase in the user base and the proliferation of smartphones. The digital shreds of evidence extracted from these devices may lead a forensic investigation to confidence. In this literature, we experimented with the Android Forensics process and have tried to explain the whole process in a detailed manner. We demonstrated the whole Android Forensics process in two stages. In the data acquisition stage, we have shown how we extracted the raw image of each memory location of the memory device from the android device and save it to a file with .dd extension. In order to achieve this imaging capability, we have also demonstrated the need for root access to the android file system along with the understanding of the android file system. Then in the second stage, called the artifact finding stage, we demonstrate the process of loading the raw disk image acquired by us in the data acquisition stage and analyzing it using the Sleuth Kit Autopsy tool to uncover the artifacts from the analysis of the raw data. We have demonstrated the usefulness of Sleuth Kit Autopsy which is an open-source forensic tool. We have recorded the level of detail about artifacts that are obtained using the Sleuth Kit Autopsy during our experiment. The report generated and the artifacts uncovered using Sleuth Kit Autopsy can be linked logically with a crime scene and may help lead a digital forensic investigation to confidence. The insight gained from this work is highly extensible in nature.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic

$34.99 /Month

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Buy Now

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Digital Forensics: Implementation and Analysis for Google Android Framework

Forensic analysis of image deletion applications

Article 16 February 2022

Mobile forensic reference set (MFReS) and mobile forensic investigation for android devices

Article 01 December 2017

References

Alexios M, Vasilis M, Pierce, Bill T, Lilian M, Dimitris G (2012) Smartphone forensics: a proactive investigation scheme for evidence acquisition. A chapter in Information Security and Privacy Research, vol 376. Springer Berlin Heidelberg, pp 249–260
Google Scholar
Jeff L, Garry C (2010) Android forensics: simplifying cell phone examinations. Scale digital evidence. Forensics J 4
Google Scholar
Quick D, Alzaabi M (2011) Forensic analysis of the android file system YAFFS2
Google Scholar
Lai Y, Yang C, Lin C, Ahn T (2011) Design and implementation of mobile forensic tool for android smartphone through cloud computing. In: Lee G, Howard D, Slezak D (eds) Convergence and hybrid information technology. CCIS, vol 206. Berlin, Heidelberg, Springer, pp 196– 203
Google Scholar
Maus S, Hofken H, Schuba M (2011) Forensic analysis of geodata in android smartphones. https://www.schuba.fh-aachen.de/papers/11-cyberforensics.pdf
Rao V, Chakravarthy A (2016) Forensic analysis of android mobile devices. In: IEEE international conference on recent advances and innovations in engineering (ICRAIE-2016). Jaipur, India, pp 23–25
Google Scholar
Muhammad A, Muhammad FA, Waseem I, Hammad A, Haider A, Yin Z (2019) AndroKit: a toolkit for forensics analysis of web browsers on android platform. In: Future Generation Computer Systems, vol 94. Elsevier, pp 781–794
Google Scholar
Al-Sabaawi A, Foo E (2019) AndroKit: a toolkit for forensics analysis of web browsers on android platform a comparison study of android mobile forensics for retrieving files system. Int J Comput Sci Secur (IJCSS) 13:148–166
Google Scholar
Android SDK Tools Official Website. https://developer.android.com/studio/releases/platform-tools
Sleuthkit Autopsy Official Website. https://www.sleuthkit.org/autopsy/

Download references

Author information

Authors and Affiliations

Department of Computer Science and Engineering, Maulana Abul Kalam Azad University of Technology, Kolkata, West Bengal, India
Atonu Ghosh, Koushik Majumder & Debashis De

Authors

Atonu Ghosh
View author publications
You can also search for this author in PubMed Google Scholar
Koushik Majumder
View author publications
You can also search for this author in PubMed Google Scholar
Debashis De
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Koushik Majumder .

Editor information

Editors and Affiliations

Department of Information Technology, Maulana Abul Kalam Azad University of Technology, Haringhata, West Bengal, India
Debasis Giri
School of Computing and Information Systems, University of Melbourne, Melbourne, VIC, Australia
Rajkumar Buyya
Department of Mathematics, Indian Institute of Technology Madras, Chennai, India
S. Ponnusamy
Department of Computer Science and Engineering, Maulana Abul Kalam Azad University of Technology, Haringhata, West Bengal, India
Debashis De
Unconventional Computing Laboratory, Department of Computer Science and Creative Technologies, University of the West of England, Bristol, UK
Andrew Adamatzky
Faculty of Science, Engineering and Built Environment, Deakin University Geelong, Geelong, VIC, Australia
Jemal H. Abawajy

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ghosh, A., Majumder, K., De, D. (2021). Android Forensics Using Sleuth Kit Autopsy. In: Giri, D., Buyya, R., Ponnusamy, S., De, D., Adamatzky, A., Abawajy, J.H. (eds) Proceedings of the Sixth International Conference on Mathematics and Computing. Advances in Intelligent Systems and Computing, vol 1262. Springer, Singapore. https://doi.org/10.1007/978-981-15-8061-1_24

Download citation

DOI: https://doi.org/10.1007/978-981-15-8061-1_24
Published: 11 December 2020
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-8060-4
Online ISBN: 978-981-15-8061-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics

Android Forensics Using Sleuth Kit Autopsy

Abstract

Access this chapter

Subscribe and save

Buy Now

Similar content being viewed by others

Digital Forensics: Implementation and Analysis for Google Android Framework

Forensic analysis of image deletion applications

Mobile forensic reference set (MFReS) and mobile forensic investigation for android devices

References

Author information

Authors and Affiliations

Corresponding author

Editor information

Editors and Affiliations

Rights and permissions

Copyright information

About this paper

Cite this paper

Download citation

Publish with us

Subscribe and save

Buy Now

Navigation

Android Forensics Using Sleuth Kit Autopsy

Abstract

Access this chapter

Subscribe and save

Buy Now

Similar content being viewed by others

Digital Forensics: Implementation and Analysis for Google Android Framework

Forensic analysis of image deletion applications

Mobile forensic reference set (MFReS) and mobile forensic investigation for android devices

References

Author information

Authors and Affiliations

Corresponding author

Editor information

Editors and Affiliations

Rights and permissions

Copyright information

About this paper

Cite this paper

Download citation

Share this paper

Publish with us

Search

Navigation