| Mobile digital forensic faces numerous problems including a huge amount of data, growing amount of applications and usage of encryption or obfuscation. As a result, data of interest is hard to locate. The traditional method uses predefined pattern searching algorithm. Such technique can dig out much information but cannot find information embedded with normal data such as a barcode in an image or encryption. This project intends to develop a tool which facilitates the investigation process by answering what information could exist in a certain file. With the assistance, the investigator can focus on the content of some interesting files instead of enumerating all of them. The tool takes in and analyzes an application. The outputs consist of a table of files and their known content. The technique used in the project is called dynamic taint analysis and the implementation is based on Android OS 7.0. The prototype of the system has been implemented and two modes of the system are provided. One focuses on runtime efficiency and the other focuses on distinguishing as many information as possible. Experiments were conducted on testing apps, well-known social apps and the ones from an app pool. The finding indicates the system can fulfill its goal by detecting information flow to files. |
