Android Chat Application Forensic Process Improvement & XRY Support
Name
Vsevolod Djagilev
Abstract
Nowadays world faces rapid mobile devices development and so requires
forensic eld in digital world. This is especially related to mobile phones &
wearable devices, with various platforms and dierent ways of storing data. This
requires certain knowledge on how to extract and process that data. Extracting,
analyzing and presenting data in human readable way are three challenges, that
each forensic specialist face in the working eld. Each one of listed, have a set of
issues and obstacles. Second and third are the parts, which are presented in this
thesis. Even if there is a set of recognizable (by specialists) software in the eld, it
is not always support the latest data formats and therefore cannot provide human
readable variant all the time. To solve a set of problems a forensic utility has been
created, both manual & automated analysis of chat application data has been done.
Main result in this work allows not only to perform a search, but to write a
modules in Python, which can make search narrower and each of modules can
understand particular le format, if needed. Result shows, good and bad sides of
automated way of searching and extracting results and compare analysis results
with manual approach (as when forensic specialist do analyze les manually). A
commercial tool - XRY, have a list of supported chat applications, which will be
compared to the main results table. Few open source applications code will be analyzed
(their database schema throughout dierent versions), to show, that chat
application data storage format might change, which would require commercial
software update or manually read and process all data.
Keywords: computer forensics, android, chat application, sqlite database, data
analysis
CERCS: P170, Computer science, numerical analysis, systems, control
forensic eld in digital world. This is especially related to mobile phones &
wearable devices, with various platforms and dierent ways of storing data. This
requires certain knowledge on how to extract and process that data. Extracting,
analyzing and presenting data in human readable way are three challenges, that
each forensic specialist face in the working eld. Each one of listed, have a set of
issues and obstacles. Second and third are the parts, which are presented in this
thesis. Even if there is a set of recognizable (by specialists) software in the eld, it
is not always support the latest data formats and therefore cannot provide human
readable variant all the time. To solve a set of problems a forensic utility has been
created, both manual & automated analysis of chat application data has been done.
Main result in this work allows not only to perform a search, but to write a
modules in Python, which can make search narrower and each of modules can
understand particular le format, if needed. Result shows, good and bad sides of
automated way of searching and extracting results and compare analysis results
with manual approach (as when forensic specialist do analyze les manually). A
commercial tool - XRY, have a list of supported chat applications, which will be
compared to the main results table. Few open source applications code will be analyzed
(their database schema throughout dierent versions), to show, that chat
application data storage format might change, which would require commercial
software update or manually read and process all data.
Keywords: computer forensics, android, chat application, sqlite database, data
analysis
CERCS: P170, Computer science, numerical analysis, systems, control
Graduation Thesis language
English
Graduation Thesis type
Master - Cyber Security
Supervisor(s)
Toomas Lepik, Raimundas Matulevičius
Defence year
2017