Skip to Main content Skip to Navigation
Conference papers

Preserving Dates and Timestamps for Incident Handling in Android Smartphones

Abstract : The “bring your own device” (BYOD) policy is rapidly being adopted by enterprises around the world. Enterprises save time and money when they allow employees to bring their own electronic devices to the workplace; employees find it convenient and efficient to use a single device for professional and personal use. However, securing the personal and professional data in the devices is a huge challenge for employers and employees. Dates and timestamps constitute important evidence when devices have been compromised or used for illegal activities. This paper focuses on the malicious tampering of dates and timestamps in Android smartphones. The proposed reactive approach gathers kernel-generated timestamps of events and stores them in a secure location outside an Android smartphone. In the case of a security incident, the stored timestamps can assist in an offline digital forensic investigation. To our knowledge, this is the first attempt to preserve authentic Android event timestamps in order to detect potential malicious actions, including anti-forensic measures.
Document type :
Conference papers
Complete list of metadata

Cited literature [27 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, November 8, 2016 - 10:49:16 AM
Last modification on : Wednesday, October 14, 2020 - 4:10:41 AM
Long-term archiving on: : Tuesday, March 14, 2017 - 7:01:07 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Robin Verma, Jayaprakash Govindaraj, Gaurav Gupta. Preserving Dates and Timestamps for Incident Handling in Android Smartphones. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.209-225, ⟨10.1007/978-3-662-44952-3_14⟩. ⟨hal-01393772⟩



Record views


Files downloads