Publication:
Residual network data structures in Android devices

Loading...
Thumbnail Image
Authors
Cardwell, Gregory S.
Subjects
Advisors
Beverly, Robert
Garfinkel, Simson
Date of Issue
2011-09
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
The emergence and recent ubiquity of Smartphones present new opportunities and challenges to forensic examiners. Smartphones enable new mobile application and use paradigms by being constantly attached to the Internet via one of several physical communication media, e.g. cellular radio, WiFi, or Bluetooth. The Smartphone's storage medium represents a potential source of current and historical network metadata and records of prior data transfers. By using known ground truth data exchanges in a controlled experimental environment, this thesis identifies network metadata stored by the Android operating system that can be readily retrieved from the device's internal non-volatile storage. The identified network metadata can ascertain the identity of prior network access points to which the device associated. An important by-product of this research is a well-labeled Android Smartphone image corpus, allowing the mobile forensic community to perform repeatable, scientific experiments, and to test mobile forensic tools.
Type
Thesis
Description
Department
Computer Science
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xx, 95 p. : col. ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections