Mobile Cloud Forensics: An Analysis of Seven Popular Android Apps
This work provides forensic investigators with detailed artefact descriptions for specific apps, but it is incremental as it applies a known method without major innovations.
The researchers applied an existing forensic methodology to analyze seven popular Android cloud apps, identifying what user data and authentication credentials could be extracted from app storage and databases.
Using the evidence collection and analysis methodology for Android devices proposed by Martini, Do and Choo, we examined and analyzed seven popular Android cloud-based apps. Firstly, we analyzed each app in order to see what information could be obtained from their private app storage and SD card directories. We collated the information and used it to aid our investigation of each app database files and AccountManager data. To complete our understanding of the forensic artefacts stored by apps we analyzed, we performed further analysis on the apps to determine if the user authentication credentials could be collected for each app based on the information gained in the initial analysis stages. The contributions of this research include a detailed description of artefacts, which are of general forensic interest, for each app analyzed.