Join Us!

Forensics Android A...
 
Notifications
Clear all

Forensics Android App  

Page 1 / 2
  RSS
JWasley
(@jwasley)
Junior Member

Hi Guys,

Come this September, I will have to start my final year project as part of my degree studying "Computer Forensics". The project must unique and relevant to forensics.

My idea was to created an android based app whereby the user can extract data from the phone (SMS, Geodata, Images, Audio Records etc). I would then link the data to provide information like - Where the person was when the text message was sent.

I'm aware this idea isn't unique, so i'm posting on here to ask for ideas as to how i can adapt such program to benefit an investigator for example.

Any ideas are welcome!

Thanks in advance,

James

Page 3 - For Updates.

Quote
Posted : 03/04/2012 7:33 pm
cyrus
(@cyrus)
Junior Member

First thing I would say is it isnt "forensically sound" to install apps on an exhibit… It is done if there is no other way, but personally, installing an app on the device to extract data is more of a last resort….

If you could make a pc / mac based tool that extracts data from androids then that would be a better start )

ReplyQuote
Posted : 03/04/2012 7:53 pm
JWasley
(@jwasley)
Junior Member

First thing I would say is it isnt "forensically sound" to install apps on an exhibit… It is done if there is no other way, but personally, installing an app on the device to extract data is more of a last resort….

If you could make a pc / mac based tool that extracts data from androids then that would be a better start )

Thanks for your post Cyrus. This was one of the suggestions made to me when I put the idea to friends.

If i was to change the program to be PC based, where could you see improvements? I have yet to design the idea, so i'm open to any suggestions.

ReplyQuote
Posted : 03/04/2012 7:56 pm
cplynch
(@cplynch)
New Member

You know what would be really interesting is if you designed an app to run ion a phone that you could use on another phone via Bluetooth or a cable. A forensic tool app.

That might sound crazy but it would be cool if you could work that out.

Just a thought.

ReplyQuote
Posted : 10/04/2012 4:02 am
JWasley
(@jwasley)
Junior Member

You know what would be really interesting is if you designed an app to run ion a phone that you could use on another phone via Bluetooth or a cable. A forensic tool app.

That might sound crazy but it would be cool if you could work that out.

Just a thought.

Could you expand? Do you mean like a "remote desktop tool"….

ReplyQuote
Posted : 11/04/2012 2:26 am
scuzz
(@scuzz)
Junior Member

You know what would be really interesting is if you designed an app to run ion a phone that you could use on another phone via Bluetooth or a cable. A forensic tool app.

I think this would still violate the ACPO principles of not altering the original exhibit if you paired the devices using a Bluetooth connection, a cable option might still require drivers (not entirely sure on that one)

It certainly is an interesting idea, XRY had a similar type of issue when examining Symbian phone, you had to install an app that would enable communication between the mobile device and the forensic workstation, then clear the app off afterwards.

There are many applications out there that perform this type of service, even down to using AT commands to access the data, so a different idea might prove more original.

Do you want your project to focus on mobile devices specifically or are you free to choose any area you want? What are your core strengths with regards to topical knowledge? My advice would be if you are good at a particular topic, or have a key skill, then utilise them in the project!! I picked A-Levels based on what I wanted to be when I was older, not what I could get A's in, and it was a huge mistake! So pick a project on what you know best, it might not be cutting edge, or provide the community with a better insight into a topic, thats what PhDs are for, instead you need to focus on getting the best grade, even if it means your project appears a little dull.

I'll rack the noodle for a few topic ideas when you let us know your strengths.

Simon

ReplyQuote
Posted : 11/04/2012 4:43 am
JWasley
(@jwasley)
Junior Member

Thanks for your post Scuzz.

As my project isn't due for another 10 months (ish), I'm only jotting down ideas.

The reason behind the android app was to allow me to learn something new. I've been taught Java over the past two years, but have never dealt with the android platform. At the same time, I don't want to put myself into the situation you placed yourself when doing A-Levels.

It's hard to tell you my strengths. The expression "I know a little about a lot, but not a lot about a little." springs to mind.

ReplyQuote
Posted : 12/04/2012 2:49 am
scuzz
(@scuzz)
Junior Member

Hi JWasley,

I preferred Java to C++whilst at Uni personally, my advice would be to avoid the Android SDK like the plague, as there is a great deal to learn, even with the tools to help you develop the program, as there is too much to learn and not enough time. Stick with Java if that is what you know and are comfortable with, perhaps develop an OOEDP (Object orienatated event driven program) basically a GUI front end as that will score you more development points than a command line driven app.

with regards to the direction this app might take I'm still at a loss for ideas. One area that comes up time and time again is cell site analysis, but also geo tagging! If you could develop an app that took into account EXIF data from picture files (most likely .JPG) and routed the results through a mainstream program such as Google Earth to provide a location from where the picture was taken it might prove usefull! I've had a number of cases myself where the officer in the case wanted to know the location from where certain pictuers were taken by the suspect and the times and dates fro mwhich those pictures were taken. If you could provide a tool that extrapolated the picture formats, most likely .jpg's, and gave a clear overview of dates/times and locations with a mapped area then that might prove a useful tool for analysts to use. It wouldn't be particularly difficult, but you could easily develop a JAVA program for it, and a web based front end if the result were put into an SQL database for example.

simon

ReplyQuote
Posted : 12/04/2012 6:30 am
JWasley
(@jwasley)
Junior Member

Scuzz,

Thanks again for your reply.

Your idea of linking an image to Google maps was similar to the idea which I was going to adapt on my android app. So it's good to know this type of app will be useful in a real world scenario.

Creating a GUI would be a challenge for me as I've never needed to develop a program with an interface apart from the command line front. However, such area does interest me so I will be willing to attempt it.

As for having a web based front, I wouldn't know where to start. I have past experience in HTML, CSS, and some Javascript, but as far as SQL goes - I am completely in the dark.

Upon reading your post, I did a bit of research into the type of devices that store data such as location. One of the examples given was a camera. Although i'm not surprised the camera stores the longitude / latitude - it got me thinking. How does the camera find and store such information without a connection?!

ReplyQuote
Posted : 12/04/2012 6:16 pm
scuzz
(@scuzz)
Junior Member

Creating a GUI would be a challenge for me as I've never needed to develop a program with an interface apart from the command line front. However, such area does interest me so I will be willing to attempt it.

There are some analysts who either don't like command line driven tools, or are just too lazy to learn the syntax and switches, and those who find a GUI more intuative. If you do opt for the GUI, then keep it plain and simple, try and provide options for the analyst to check/uncheck, for example areas to be searched, keywords, output formats etc, this will give the analyst greater flexibility instead of being stuck with an output format they don't like or can't manipulate.

As for having a web based front, I wouldn't know where to start. I have past experience in HTML, CSS, and some Javascript, but as far as SQL goes - I am completely in the dark.

If you have a look at the job vacancies on this site, a desirable (and sometimes absolutely necessary) skill is familiarity with SQL databases. If needs be, create a simple database with Microsoft Access using a wizard, populate lots of fields and columns and then use the wizard to create some queries to pull the data out in the way you want. You can then look at the syntax of the query to gain a better understanding and go from there. There's plenty of material out there, it won't take you too long to learn it, but it is necessary!!

Upon reading your post, I did a bit of research into the type of devices that store data such as location. One of the examples given was a camera. Although i'm not surprised the camera stores the longitude / latitude - it got me thinking. How does the camera find and store such information without a connection?!

I know that my D-SLR can have a GPS attachment plugged into it to provide geotagging features, but that is as much as my knowledge extends. I very much doubt that point and shoot models have such features built in but I could be wrong. Where is your source for this information?

ReplyQuote
Posted : 13/04/2012 3:38 am
Doug
 Doug
(@doug)
Active Member

Upon reading your post, I did a bit of research into the type of devices that store data such as location. One of the examples given was a camera. Although i'm not surprised the camera stores the longitude / latitude - it got me thinking. How does the camera find and store such information without a connection?!

http//en.wikipedia.org/wiki/Geotagging

That shows the format of the common GPS coordinate formats as well as circumstances for recording and storing the data

Then information about EXIF data is always worth knowing for this type of project

http//www.exif.org/

http//en.wikipedia.org/wiki/EXIF

ReplyQuote
Posted : 13/04/2012 2:10 pm
JWasley
(@jwasley)
Junior Member

Cheers Doug. Will have a read through now.

ReplyQuote
Posted : 13/04/2012 5:12 pm
JWasley
(@jwasley)
Junior Member

For those interested in an update, here it is…..

Following on from this topic, I've made several changes to my FYP.

- The application is now based for desktops instead of android
- All data collected is stored on a local database using XAMPP
- All data stored on the database is displayed using PHP on a separate web page
- The program now generates it's own KML file linked to the photo examined

It's taken me around 2 months to get to where I want. The program isn't completed but thought I'd post a quick update.

Any suggestions - Fire them my way!

- James

ReplyQuote
Posted : 24/07/2012 1:02 am
ForensicIT_Dude
(@forensicit_dude)
New Member

Looks interesting mate.

Could you tell me a bit more about the technique you use to retrieve the data? You just copy the files from the phone to your desktop? Also, how about deleted files that aren't overwritten yet ;-)?

ReplyQuote
Posted : 24/07/2012 2:45 am
JWasley
(@jwasley)
Junior Member

Hi ForensicIT_Dude,

Retrieving the data is a simple process of putting the phone into USB Debugging mode and sending the files across a java pipe. The down side to this is the fact the examiner needs to know where to photos are stored on the device as they are required to enter a destination.

With regards to deleted files - I haven't really thought about it. I believe retrieving deleted photos would be of great benefit to the program, but make it much more complicated. Perhaps something to look into once I have the basics completed. I assume the photos are stored in a DB?

ReplyQuote
Posted : 24/07/2012 4:13 pm
Page 1 / 2
Share: