Methodology for Forensics Data Reconstruction on Mobile Devices with Android Operating System Applying In-System Programming and Combination Firmware

This paper proposes a new forensic analysis methodology that combines processes, techniques, and tools for physical and logical data acquisition from mobile devices. The proposed methodology allows an overview of the use of the In-System Programming (ISP) technique with the usage of Combination Firm...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Applied sciences Jg. 10; H. 12; S. 4231
Hauptverfasser: da Silveira, Claudinei Morin, T. de Sousa Jr, Rafael, de Oliveira Albuquerque, Robson, Amvame Nze, Georges D., de Oliveira Júnior, Gildásio Antonio, Sandoval Orozco, Ana Lucila, García Villalba, Luis Javier
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Basel MDPI AG 01.06.2020
Schlagworte:
android data extraction
Automobile safety
Combination Firmware
Computer forensics
Criminal investigations
Data recovery
Evidence
Firmware
Forensic sciences
In-System Programming
Investigations
Methods
Microcode
Mobile Device Forensics
Mobile devices
Operating systems
physical/logical data acquisition
Smartphones
Software
Systems programming (Computer science)
Spain
Brazil
ISSN:2076-3417, 2076-3417
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This paper proposes a new forensic analysis methodology that combines processes, techniques, and tools for physical and logical data acquisition from mobile devices. The proposed methodology allows an overview of the use of the In-System Programming (ISP) technique with the usage of Combination Firmware, aligned with specific collection and analysis processes. The carried out experiments show that the proposed methodology is convenient and practical and provides new possibilities for data acquisition on devices that run the Android Operating System with advanced protection mechanisms. The methodology is also feasible in devices compatible with the usage of Joint Test Action Group (JTAG) techniques and which use Embedded Multimedia Card (eMMC) or Embedded Multi-Chip Package (eMCP) as main memory. The techniques included in the methodology are effective on encrypted devices, in which the JTAG and Chip-Off techniques prove to be ineffective, especially on those that have an unauthorized access protection mechanism enabled, such as lock screen password, blocked bootloader, and Factory Reset Protection (FRP) active. Studies also demonstrate that data preservation and integrity are maintained, which is critical to a digital forensic process.
Bibliographie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2076-3417
2076-3417
DOI:10.3390/app10124231