Preserving Dates and Timestamps for Incident Handling in Android Smartphones

Abstract : The “bring your own device” (BYOD) policy is rapidly being adopted by enterprises around the world. Enterprises save time and money when they allow employees to bring their own electronic devices to the workplace; employees find it convenient and efficient to use a single device for professional and personal use. However, securing the personal and professional data in the devices is a huge challenge for employers and employees. Dates and timestamps constitute important evidence when devices have been compromised or used for illegal activities. This paper focuses on the malicious tampering of dates and timestamps in Android smartphones. The proposed reactive approach gathers kernel-generated timestamps of events and stores them in a secure location outside an Android smartphone. In the case of a security incident, the stored timestamps can assist in an offline digital forensic investigation. To our knowledge, this is the first attempt to preserve authentic Android event timestamps in order to detect potential malicious actions, including anti-forensic measures.
Type de document :
Communication dans un congrès
Gilbert Peterson; Sujeet Shenoi. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. Springer, IFIP Advances in Information and Communication Technology, AICT-433, pp.209-225, 2014, Advances in Digital Forensics X. 〈10.1007/978-3-662-44952-3_14〉
Liste complète des métadonnées

Littérature citée [27 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01393772
Contributeur : Hal Ifip <>
Soumis le : mardi 8 novembre 2016 - 10:49:16
Dernière modification le : vendredi 1 décembre 2017 - 01:17:02
Document(s) archivé(s) le : mardi 14 mars 2017 - 19:01:07

Fichier

978-3-662-44952-3_14_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Robin Verma, Jayaprakash Govindaraj, Gaurav Gupta. Preserving Dates and Timestamps for Incident Handling in Android Smartphones. Gilbert Peterson; Sujeet Shenoi. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. Springer, IFIP Advances in Information and Communication Technology, AICT-433, pp.209-225, 2014, Advances in Digital Forensics X. 〈10.1007/978-3-662-44952-3_14〉. 〈hal-01393772〉

Partager

Métriques

Consultations de la notice

320

Téléchargements de fichiers

184