Automating Mobile Device File Format Analysis

Abstract

Forensic tools assist examiners in extracting evidence from application files from mobile devices. If the file format for thexC;file of interest is known, this process is straightforward, otherwise it requires the examiner to manually reverse engineer the data structures resident in the file. This research presents the Automated Data Structure Slayer (ADSS), which automates the process to reverse engineer unknown file formats of Android applications. After statically parsing and preparing an application, ADSS dynamically runs it, injecting hooks at selected methods to uncover the data structures used to store and process data before writing to media. The resultant association between application semantics and bytes in axC;file reveal the structure and file format. ADSS has been successfully evaluated against Uber and Discord, both popular Android applications, and reveals the format used by the respective proprietary application files stored on the file system.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 13, 2018
Accession Number
AD1063269

Entities

People

  • Richard Dill

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Central Processing Units
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Debugging
  • Department Of Defense
  • Engineering
  • Governments
  • Information Security
  • Mobile Application Software
  • Mobile Devices
  • Mobile Operating Systems
  • Mobile Phones
  • Object Code
  • Operating Systems
  • Personal Computers
  • Smart Phones
  • Smartphones
  • Social Media
  • Software Development
  • United States Government
  • Web Browsers

Fields of Study

  • Computer science
  • Engineering

Readers

  • Computer Networking
  • Database Systems and Applications
  • Systems Analysis and Design