Android Malware Forensics: Reconstruction of Malicious Events

Smart mobile devices have been widely used and the contained sensitive information is endangered by malwares. The malicious events caused by malwares are crucial evidences for digital forensic analysis, and the main task of mobile forensic analysis is to reconstruct these events. However, the recons...

Full description

Saved in:
Bibliographic Details
Published in2012 32nd International Conference on Distributed Computing Systems Workshops pp. 552 - 558
Main Authors Juanru Li, Dawu Gu, Yuhao Luo
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.06.2012
Subjects
Android
Androids
Cryptography
forensic analysis
Forensics
Humanoid robots
Malware
Mobile communication
Mobile handsets
reverse engineering
Online AccessGet full text
ISSN1545-0678
DOI10.1109/ICDCSW.2012.33

Cover

More Information
Summary:Smart mobile devices have been widely used and the contained sensitive information is endangered by malwares. The malicious events caused by malwares are crucial evidences for digital forensic analysis, and the main task of mobile forensic analysis is to reconstruct these events. However, the reconstruction heavily relies on the code analysis of the malware. The difficulties and challenges include how to quickly identify the suspicious programs, how to defeat the anti-forensics tricks of malicious code, and how to deduce the malicious behaviors according to the code. To address this issue, we propose systematic procedures of analyzing typical malware behaviors on the popular mobile operating system Android. Based on the procedures we discuss the deduction of Android malicious events. We also give a real malware forensic case as a reference.
ISSN:1545-0678
DOI:10.1109/ICDCSW.2012.33