Abstract
As Android smartphones gain popularity, industry and government will face increasing pressure to integrate them into their environments. The implementation of these devices on an enterprise can save on costs and add capabilities previously unavailable; however, the organizations that incorporate this technology must be prepared to mitigate the associated risks. These devices can contain vast amounts of personal and work-related data that can impact internal investigations, including (but not limited to) those of policy violations, intellectual property theft, misuse, embezzlement, sabotage, and espionage. Physical access has been the traditional method for retrieving data useful to these investigations from Android devices, with the exception of some limited collection abilities in commercial mobile device management systems and remote enterprise forensics tools. As part of this thesis, a prototype enterprise monitoring system for Android smartphones was developed to continuously collect many of the data sets of interest to incident responders, security auditors, proactive security monitors, and forensic investigators. Many of the data sets covered were not found in other available enterprise monitoring tools. The prototype system neither requires root access privileges nor exploiting weaknesses in the Android architecture for proper operation, thereby increasing interoperability among Android devices and avoiding a spyware classification for the system. An anti-forensics analysis on the system was performed to identify and further strengthen areas vulnerable to tampering. The results of this research include the release of the first open-source Android enterprise monitoring solution of its kind, a comprehensive guide of data sets available for collection without elevated privileges, and the introduction of a novel design strategy implementing various Android application components useful for monitoring on the Android platform.
Library of Congress Subject Headings
Automatic data collection systems; Computer networks--Monitoring; Android (Electronic resource)
Publication Date
1-31-2013
Document Type
Thesis
Advisor
Stackpole, Bill
Advisor/Committee Member
Oh, Tae
Advisor/Committee Member
Pan, Yin
Recommended Citation
Grover, Justin, "Android forensics: Automated data collection and reporting from a mobile device" (2013). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/4385
Campus
RIT – Main Campus
Plan Codes
NETSYS-MS
Comments
Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in December 2013. Physical copy available through RIT's The Wallace Library at: TK5105.59 .G76 2013