Preserving Dates and Timestamps for Incident Handling in Android Smartphones - Advances in Digital Forensics X
Conference Papers Year : 2014

Preserving Dates and Timestamps for Incident Handling in Android Smartphones

Abstract

The “bring your own device” (BYOD) policy is rapidly being adopted by enterprises around the world. Enterprises save time and money when they allow employees to bring their own electronic devices to the workplace; employees find it convenient and efficient to use a single device for professional and personal use. However, securing the personal and professional data in the devices is a huge challenge for employers and employees. Dates and timestamps constitute important evidence when devices have been compromised or used for illegal activities. This paper focuses on the malicious tampering of dates and timestamps in Android smartphones. The proposed reactive approach gathers kernel-generated timestamps of events and stores them in a secure location outside an Android smartphone. In the case of a security incident, the stored timestamps can assist in an offline digital forensic investigation. To our knowledge, this is the first attempt to preserve authentic Android event timestamps in order to detect potential malicious actions, including anti-forensic measures.
Fichier principal
Vignette du fichier
978-3-662-44952-3_14_Chapter.pdf (900.17 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01393772 , version 1 (08-11-2016)

Licence

Identifiers

Cite

Robin Verma, Jayaprakash Govindaraj, Gaurav Gupta. Preserving Dates and Timestamps for Incident Handling in Android Smartphones. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.209-225, ⟨10.1007/978-3-662-44952-3_14⟩. ⟨hal-01393772⟩
351 View
1225 Download

Altmetric

Share

More