Publication details

Home Publications Publication details

Android Forensic Data Analyzer (AFDA): An Opensource Tool to Automatize Event Correlation Analysis on Android Devices
Kasiaras D, Zafeiropoulos T, Clarke NL, Kambourakis G
International Journal for Information Security Research (IJISR), Vol. 4, Iss. 4, pp501-509, 2014
Links:  External link available

Forensic analysis on mobile devices in general and smartphones in particular is on the rise. Naturally, this is because these devices are more than ever used by criminals of all kinds to perform a variety of offensive actions. The mushrooming of mobile services and the way people use their smartphones in their daily activities results in a plethora of valuable and private data stored in the device, which of course can be extremely helpful towards resolving a criminal case. The automatic or semi-automatic correlation of end-user events as recorded in the mobile device can be of great value to the investigator in their struggle to resolve a case. Unfortunately, existing forensic tools targeted to Android lack of such a functionality. To fill this gap, we propose the Android Forensic Data Analyzer (AFDA), a tool that is able to gather end-user's data stored in critical system areas and then inter-correlate them in terms of a time and location-based series of events. We argue that this type of analysis not only saves time and effort from an investigator's viewpoint but also can reveal the interrelationship between artifacts providing a more robust and comprehensive approach.

Kasiaras D, Zafeiropoulos T, Clarke NL, Kambourakis G