Beruflich Dokumente
Kultur Dokumente
Part A.........................................................................................................................................................2
1. Introduction........................................................................................................................................3
2. Evolution of Mobile Computing..........................................................................................................3
3. Advancements in Current Mobile Devices..........................................................................................4
4. Mobile Forensics: Challenges and Analysis.........................................................................................5
5. Types Of Data within Mobile Phones for Forensic Investigators..........................................................6
6. Conclusion...........................................................................................................................................6
Part B........................................................................................................................................................8
1. Introduction........................................................................................................................................9
2. Android Architecture and Security......................................................................................................9
3. Android Malware..............................................................................................................................10
4. Classification of Malware Detection..................................................................................................10
5. Malware Analysis, Detection and Prevention....................................................................................11
6. Malware Analysis and Detection: Android and Personal Computers................................................11
7. Conclusion.........................................................................................................................................12
List of Figures
Figure 1: 5g Network Capabilities (Attaran, 2021)...............................................................................4
Figure 2: Phases of Digital Forensic (Alatawi et al., 2020).................................................................5
Figure 3: Architecture Diagram of Android System (Jaiswal, 2018)..................................................9
Figure 4: Classification of Mobile Malware Detection Technique (Battista et al., 2016)...............10
Part A
1. Introduction
The development of mobile technology has completely changed how we live, work, and
communicate. Significant improvements in connection, speed, and application diversity have
been made in this technology during its progression from the first generation (1G) to the present
fifth generation (5G) and even the sixth generation (6G), which is expected to arrive soon. The
idea of ubiquitous computing, which attempts to smoothly incorporate computers into our daily
lives, is firmly ingrained in this progression. We are entering an era of infinite connection and
intelligent automation as mobile devices and software continues to advance at a rapid pace. But
these developments also bring with them new difficulties, especially in the field of digital
forensics. The diversity of mobile operating systems, unique data formats, and security
mechanisms, coupled with the involvement of various carriers and manufacturers, present a
complex landscape for forensic investigators. Despite these challenges, the field of mobile
forensics continues to evolve, offering promising research opportunities and novel techniques to
overcome these hurdles. As we delve deeper into this topic, we will explore the current
advances in mobile technology, the challenges they pose to digital forensics, and the potential
solutions to these challenges. This journey will provide us with a comprehensive understanding
of the dynamic interplay between mobile technology and digital forensics.
Mobile computing evolved through cluster computing where linked computers work as a single
system, grid computing which enables distributed computing by sharing resources, and cloud
computing which provides on-demand computing resources over the internet. Mobile cloud
computing (MCC) combines the benefits of mobile computing with cloud computing applications
and infrastructure. The key components of the MCC architecture are mobile users, mobile
operators, internet service providers, and cloud service providers. Mobile devices access cloud
services via the internet using mobile networks or WiFi. The main cloud service models used in
MCC are Software as a Service (SaaS) for accessing cloud applications, Platform as a Service
(PaaS) for developing cloud-based apps, and Infrastructure as a Service (IaaS) for on-demand
computing infrastructure. MCC aims to leverage the cloud to overcome limitations of mobile
devices like battery life, storage, and computing power by offloading execution of resource
intensive applications to powerful cloud servers (Fernando, Loke and Rahayu, 2013)
The convergence of mobile phones and personal digital assistants has led to the advent of
smart phones - powerful pocket computers that combine phone capabilities with advanced
computing functionalities. The integration of multiple wireless technologies like cellular
networks, Wi-Fi, Bluetooth and beyond has enabled smart phones to offer users an increasingly
rich experience. In the early days, devices ran limited operating systems like Windows Mobile,
PalmOS and Symbian. But over time, more capable platforms like Android, iOS and others have
dominated the landscape, powered by increasing computing horsepower packed into sleek
mobile devices. Application ecosystems blossomed around these platforms as well (Zheng and
Ni, 2010).Fher
The Internet of Things (IoT) is revolutionizing the creation of smart environments through a
network of connected devices and sensors. IoT sensors play a pivotal role in this ecosystem by
collecting and transmitting data to enable intelligent analytics and automation. A wide variety of
sensors are integrated into IoT implementations across industries and applications. These
include sensors that detect motion, light, temperature, humidity and more - providing ubiquitous
sensing capabilities that inform and optimize processes. Position sensors, for instance, are
critical for applications relying on detection and tracking of objects or humans in a defined area
or perimeter. By identifying movement, these sensors contribute data points for analysis by IoT
systems to activate relevant actions, alerts or controls. The data flows from different types of IoT
sensors allow creating a common operating environment through shared information (Sehrawat
and Gill, 2019).
The landscape of mobile forensics presents a myriad of challenges in the acquisition and
analysis of Android forensic data. As the ubiquity of mobile devices grows, so does their
significance in criminal investigations, where the information stored on these devices serves as
pivotal digital evidence. This comprehensive review navigates through the obstacles faced by
mobile forensics investigators, addressing key issues such as the diverse array of mobile
platforms, the complexity of communication protocols, and the rising prevalence of encryption. It
synthesizes insights from various research works to illuminate these challenges and explores
proposed techniques for overcoming them. This review, which offers a comprehensive overview
of the current state of the field and suggestions for future developments in the constantly
changing field of digital investigation, essentially captures the complex challenges that are
inherent in mobile forensics (Alatawi et al., 2020).
5. Types Of Data within Mobile Phones for Forensic Investigators
File System Acquisition: A mobile device's file system contains a wealth of digital evidence. It
may include a broad range of information, including multimedia files, application data, and text
messages and call logs. This information can offer insightful information about the user's
communications, whereabouts, interests, and routines, among other things. Copying all of the
data from the device's file system, including deleted and active data, is the process of file
system acquisition. It's crucial to remember, though, that erased data occasionally contains
misleading information if it isn't supported by additional data (Tayeb and Varo, 2019l).
Memory Acquisition: Memory acquisition is a crucial aspect of mobile device forensics. It
involves creating a precise duplicate, or image, of the device's memory. This can contain
volatile memory (RAM), which stores transient data and active processes, and non-volatile
memory (storage), which stores durable data. Among the information that may be retrieved from
memory are running programs, encryption keys, and deleted files. However, memory
acquisition is challenging due to the possibility of data loss or corruption (Tayeb and Varol,
2019).
Environmental Acquisition: Environmental acquisition is a bit odd but extremely effective
method of evidence collection in mobile device forensics. It is necessary to record the physical
and environmental conditions of the equipment during the forensic investigation. This may entail
taking images or videos of the gadget, noting its status, and capturing any apparent notifications
or messages. This method can help preserve the context in which the digital evidence is located
and provide additional details that the digital evidence alone might not be able to provide
(Tayeb and Varol, 2019).
6. Conclusion
In conclusion, the evolution of mobile technology—which is strongly grounded in the ubiquitous
computing paradigm—has involved many innovations as well as challenges. The increasing
integration of mobile devices into our everyday lives generates a plethora of digital evidence
that might prove to be highly advantageous in forensic inquiries. Each of these sources has
specific challenges that need to be addressed for effective data collecting. These challenges
are not stopping the advancement of the field of mobile forensics, which offers novel study
directions and innovative strategies for overcoming them. Investigating this dynamic connection
between digital forensics and mobile technologies could provide new insights and
advancements in this fascinating sector.
Part B
1. Introduction
The Google-developed Android operating system is now the foundation of modern technology.
Its adaptability and open structure have made it widely used on tablets, smartphones, and other
mobile devices. However, this development has also made Android a more attractive target for
malware, which has led to the spread of Android infections. They often pose as trustworthy
apps or take advantage of security flaws in order to infiltrate devices using sophisticated
techniques. It's challenging to identify and stop these threats; you need to know a lot about the
Android operating system, the type of malware, and how it operates. For this reason, many
techniques—including hybrid, dynamic, and static approaches—have been developed. The
dynamic technique watches the behaviour of the program while it is being executed, whereas
the static method examines the application code without running it. For a more thorough study,
these two approaches are integrated in the combined technique. Machine learning techniques
are also introduced to improve malware detection and provide better results. However, the
ongoing evolution of malware technology requires continued research and development in this
area.
In today’s digital world, mobile security is of utmost importance, especially given the increasing
reliance on smartphones for various activities. A significant number of individuals use mobile
banking to manage their finances, either through their bank’s dedicated app or third-party
platforms like Venmo that facilitate peer-to-peer transactions. However, a single misstep, such
as downloading a malicious app from an advertisement, can grant hackers access to sensitive
banking information through the device, potentially resulting in substantial financial losses.
Children’s mobile usage also raises serious concerns. Young children, as early as two or three
years old, are frequently observed interacting with their parents’ phones or their own devices.
Many of these children, without fully comprehending their actions, simply tap on buttons while
launching various YouTube videos and games. While parents may assume that their children
are incapable of causing harm with their credit card information or that parental controls provide
adequate protection, these safeguards may not be infallible. Children could inadvertently
download malicious software, exposing sensitive information or even granting hackers full
access to their parents’ devices through backdoor exploits (Mos and Chowdhury, 2020).
Mobile devices face various security threats that can financially harm users or exploit their
personal information. One common threat is premium rate scams where attackers make calls or
send texts to expensive phone numbers to rack up charges on a victim's phone bill. Another
method is searching engine manipulation, where attackers artificially boost the ranking of
certain websites to increase their visibility and probability of being clicked on in search results.
Botnets also pose a risk by allowing a remote attacker to issue commands to a network of
infected Android devices, intercepting sensitive user information input into banking apps.
Ransomware like Fake Defender. B is another threat, encrypting device data and demanding
ransom payments that don't guarantee full data recovery or malware removal. Overall, mobile
users face threats like premium rate scams to inflate phone bills, search engine manipulation to
promote malicious sites, botnets to steal entered information, and ransomware blocking access
to data. Being aware and taking proper precautions can help protect devices from these
constantly evolving security risks (He, Chan and Guizani, 2015).
3. Android Malware
Android malware, malicious code designed to harm or steal data from Android devices,
leverages the open nature of the Android operating system, allowing unrestricted access to
application packages (APKs) This openness makes it easy for hackers to embed malicious
code within seemingly harmless apps, granting them root access to users' phones and enabling
them to control stored documents, photos, and other sensitive information. Similar to
computers, mobile devices are vulnerable to various types of malwares, including spyware and
adware, which gather user information for resale or targeted advertising. Worms, Trojans, and
viruses can also infect Android devices, infiltrating seemingly secure apps and triggering
malicious code under specific conditions. This openness creates a vulnerability that hackers
can easily exploit to deploy malicious code. Once installed, malware can gradually accumulate
permissions, eventually gaining root access and enabling the installation of additional malicious
software, such as spyware, to monitor user activity (Wu, Narang and Clarke, 2014).
The notion of malware families, which uses similar destructive behaviors to classify Android
malware strains, aids in the categorization of Android malware strains. A malware family is
formed when a new malware is created by extending the code of an existing one. The
traditional way of identifying malware is pattern analysis using signatures. In recent years, there
has been a decrease in the formation of novel malware families, coupled by an increase in
malware variety (Suarez-Tangil et al., 2014). As a result, malevolent hackers are improving
previously established malware to make it not only more difficult to spot but also more difficult to
categorize into discrete families. In response to this changing landscape, projects such as
Dendroid have been launched to address these issues. Dendroid's developers propose an
automatic categorization of diverse smartphone viruses into families based on their code
architectures using a text mining method. This technology tries to solve issues before they
occur by detecting and categorizing malware before it causes harm to the victim's phone
(Battista et al., 2016)
5. Malware Analysis, Detection and Prevention
This section discusses a variety of ways for protecting mobile devices. The first strategy, known
as the Static strategy, focuses on malware identification without executing circumstances that
cause dangerous code to run. This entails disassembling and examining the source code. The
Signature Based Approach is critical within the Static Approach, comprising the evaluation of
code for a patterned portion known as the signature. Static attributes such as hash signatures,
packer signatures, header information, embedded resources, and metadata are examined.
Despite its effectiveness in detecting known malware families, this method is susceptible to
evasion through signature changes facilitated by obfuscation. Additionally, it proves ineffective
against Zero-day attacks and polymorphic malware. Another facet of the Static Approach is the
Permission Based Analysis, which evaluates an app's permissions to discern if it requests
excessive access, potentially indicating malicious intent. The Android OS relies on permissions
for device protection. However, this static analysis has limitations, potentially overlooking
similarities to benign applications and being unable to detect dynamically loading payloads like
DroidKungFu. A subsequent method is recommended for a more comprehensive analysis.
Moving to the second approach, the Dynamic Approach, also known as behaviour-based
analysis, involves scrutinizing apps during execution using debuggers, decompilers, and
disassemblers. Anomaly Based Detection within this approach monitors applications during
execution, categorizing them as benign or malware based on log files, battery level, CPU
usage, and other characteristics. An example is AntiMalDroid, which creates a dynamically
sized database for future detections. The Dynamic Approach's Data and Control Flow Analysis
detects malware by following the movement of sensitive data. TaintDroid, for example, identifies
data leaks from third-party applications by placing marks on data requested from vulnerable
sources. Emulation Based Analysis employs virtual environments to study malware activity
without running it on the host system, as demonstrated by DroidScope and Android Application
Sandbox. After installation, Permissions Management is critical for monitoring and regulating
app permissions (Arshad et al., 2016)
7. Conclusion
Protecting mobile devices is a complex challenge due to the intricate nature of Android
architecture, the diverse classification of malware, and the evolving threat landscape. The
unique structure of the Android operating system enables dynamic app interactions but also
introduces security vulnerabilities, particularly in the context of mobile banking and children’s
device usage. Categorizing malware into families is crucial, and while conventional signature-
based methods face limitations, innovative approaches like Dendroid hold promise in
addressing emerging threats. Malware analysis techniques for Android devices encompass
static and dynamic approaches, each with its own advantages and drawbacks. Understanding
and adapting to the ever-changing threat landscape is of paramount importance. Android
malware analysis differs from personal computer malware analysis due to the open nature of
Android systems, making them more susceptible. Threats like Premium Rate Calls, SEO
manipulation, Botnets, and Ransomware underscore the need for proactive preventive
measures, such as device locking and anti-virus software. In the domain of mobile security,
ongoing research and collaboration are essential to stay ahead of emerging threats.
References
Alatawi, H., Alenazi, K., Alshehri, S., Alshamakhi, S., Mustafa, M. and Aljaedi, A. (2020). Mobile
Forensics: A Review. [online] IEEE Xplore. doi:https://doi.org/10.1109/ICCIT-
144147971.2020.9213739.
Arshad, S., Ali, M., Khan, A. and Ahmed, M. (2016). Android Malware Detection & Protection: A
Survey. International Journal of Advanced Computer Science and Applications, 7(2).
doi:https://doi.org/10.14569/ijacsa.2016.070262.
Attaran, M. (2021). The impact of 5G on the evolution of intelligent automation and industry
digitization. Journal of Ambient Intelligence and Humanized Computing, [online] 14.
doi:https://doi.org/10.1007/s12652-020-02521-x.
Battista, P., Mercaldo, F., Nardone, V., Santone, A. and Visaggio, C.A. (2016). Identification of
Android Malware Families with Model Checking. Proceedings of the 2nd International
Conference on Information Systems Security and Privacy.
doi:https://doi.org/10.5220/0005809205420547.
Casino, F., Dasaklis, T.K., Spathoulas, G.P., Anagnostopoulos, M., Ghosal, A., Borocz, I.,
Solanas, A., Conti, M. and Patsakis, C. (2022). Research Trends, Challenges, and Emerging
Topics in Digital Forensics: A Review of Reviews. IEEE Access, 10, pp.25464–25493.
doi:https://doi.org/10.1109/access.2022.3154059.
Chao Wang, Wei Duan, Jianzhang Ma and Chenhui Wang (2011). The research of Android
System architecture and application programming. Proceedings of 2011 International
Conference on Computer Science and Network Technology.
doi:https://doi.org/10.1109/iccsnt.2011.6182081.
Cinar, A.C. and Kara, T.B. (2023). The current state and future of mobile security in the light of
the recent mobile security threat reports. Multimedia Tools and Applications.
doi:https://doi.org/10.1007/s11042-023-14400-6.
Dr. Nachiyappan S (2020). Comparison of Malware Detection Techniques for Windows and
Android Devices. International Journal of Engineering Research and, V9(07).
doi:https://doi.org/10.17577/ijertv9is070060.
He, D., Chan, S. and Guizani, M. (2015). Mobile application security: malware threats and
defenses. IEEE Wireless Communications, 22(1), pp.138–144.
doi:https://doi.org/10.1109/mwc.2015.7054729.
Mos, A. and Chowdhury, M.M. (2020). Mobile Security: A Look into Android. [online] IEEE
Xplore. doi:https://doi.org/10.1109/EIT48999.2020.9208339.
Murphy, M. (2009). Beginning Android. [online] Google Books. Apress. Available at:
https://books.google.co.in/books/about/Beginning_Android.html?
id=CrzONuZ0YAIC&redir_esc=y [Accessed 5 Dec. 2023].
Sehrawat, D. and Gill, N.S. (2019). Smart Sensors: Analysis of Different Types of IoT Sensors.
[online] IEEE Xplore. doi:https://doi.org/10.1109/ICOEI.2019.8862778.
Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P. and Blasco, J. (2014). Dendroid: A text
mining approach to analyzing and classifying code structures in Android malware families.
Expert Systems with Applications, 41(4), pp.1104–1117.
doi:https://doi.org/10.1016/j.eswa.2013.07.106.
Tayeb, H.F. and Varol, C. (2019). Android Mobile Device Forensics: A Review. 2019 7th
International Symposium on Digital Forensics and Security (ISDFS).
doi:https://doi.org/10.1109/isdfs.2019.8757493.
Wu, F., Narang, H. and Clarke, D. (2014). An Overview of Mobile Malware and Solutions.
Journal of Computer and Communications, [online] 02(12), pp.8–17.
doi:https://doi.org/10.4236/jcc.2014.212002.
Zheng, P. and Ni, L. (2010). Smart Phone and Next Generation Mobile Computing. Elsevier.
Raj, P.H., Kumar, P.R. and Jelciana, P., 2016. Mobile cloud computing: a survey on challenges
(IJCSIS), 14(12).
Fernando, N., Loke, S.W. and Rahayu, W. (2013). Mobile cloud computing: A survey. Future
Generation Computer Systems, 29(1), pp.84–106.
doi:https://doi.org/10.1016/j.future.2012.05.023.
Jaiswal, M. (2018). ANDROID THE MOBILE OPERATING SYSTEM AND ARCHITECTURE.
[online] papers.ssrn.com. Available at: https://papers.ssrn.com/sol3/papers.cfm?
abstract_id=3946637.