Residual Network Data Structures in Android Devices

Abstract

The emergence and recent ubiquity of Smartphones present new opportunities and challenges to forensic examiners. Smartphones enable new mobile application and use paradigms by being constantly attached to the Internet via one of several physical communication media, e.g. cellular radio, WiFi, or Bluetooth. The Smartphone's storage medium represents a potential source of current and historical network metadata and records of prior data transfers. By using known ground truth data exchanges in a controlled experimental environment, this thesis identifies network metadata stored by the Android operating system that can be readily retrieved from the device's internal non-volatile storage. The identified network metadata can ascertain the identity of prior network access points to which the device associated. An important by-product of this research is a well-labeled Android Smartphone image corpus, allowing the mobile forensic community to perform repeatable, scientific experiments, and to test mobile forensic tools.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2011
Accession Number
ADA552175

Entities

People

  • Gregory S. Cardwell

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Cellular Networks
  • Computer Programming
  • Computer Programs
  • Computers
  • Electronic Mail
  • Graphical User Interface
  • Mobile Communications
  • Mobile Computing
  • Mobile Devices
  • Mobile Operating Systems
  • Mobile Phones
  • Network Protocols
  • Network Science
  • Operating Systems
  • Personal Computers
  • Smartphones
  • Text Messaging

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Computer Science/Computer Engineering/Data Science/Digital Signal Processing.
  • Database Systems and Applications