Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forensic Aspect of Remote Wiping in Android Presented by: Ming Di Leom Supervisor: Dr. Kim-Kwang Raymond Choo.

Published byCamron Hodge Modified over 8 years ago

Similar presentations

Presentation on theme: "Forensic Aspect of Remote Wiping in Android Presented by: Ming Di Leom Supervisor: Dr. Kim-Kwang Raymond Choo."— Presentation transcript:

1 Forensic Aspect of Remote Wiping in Android Presented by: Ming Di Leom Supervisor: Dr. Kim-Kwang Raymond Choo

2 Structure Background Thumbnail recovery Effectiveness of remote wiping apps Discussion Future research 2

3 Background In August 2013, Google announced Android Device Manager (ADM). Remotely Locate Ring Erase (factory reset) your Android device Available to Android v2.3 (Gingerbread) and above (~99%). No setup or installation required. Automatically installed through Google Play Service. Just need Google Account.

4

5

6 Remote wipe feature is not new in Android. Previously offered to Google Apps customer, or via third party app (e.g. anti-virus).

7 Research motivation ADM marks remote wiping as official (built-in) feature in Android. This means most Android phone is already equipped with remote wiping capability. Previous studies have shown factory reset is ineffective.

8 Thumbnail recovery 8

9 Preliminary study Repeat the experiment done by previous study (Schwamm 2014). Using older Android device (Nexus S vs. Samsung S3). Attempt to recover camera photos. Using similar forensic software to recover photos. Recovery rate is much lower (~50% vs 100%) Why? Let’s try to manually recover Schwamm, R 2014, 'Effectiveness of the factory reset on a mobile device', Master's thesis, Naval Postgraduate School, Monterey, California, USA.

10

11 RecoveredOriginal Fragmentation

12 However, not all kind of files are fragmented. e.g. thumbnail Smaller version of original picture. Less likely to be fragmented.

13 Thumbnail recovery Structure of thumbnail cache Existing (free) file recovery tool can be tweaked to target thumbnail only. Reduce false positive

14 Result* Thumbnail typeThumbnails recoveredPercentage 200 x 200 resolution thumbnail in thumbcache10/10 100% VGA resolution thumbnail in thumbcache 3/10 (9/10 if include fragmented thumbnail) 30% Embedded thumbnail in JPEG file10/10 100% (* After factory reset)

15 Effectiveness of remote wiping/factory reset In 3 rd -party app 15

16 Effectiveness of remote wiping/factory reset Schwamm, (2014) tested default factory reset function. 7 apps were tested against the default. Compare the recovery rate. 2 apps offer “secure” wiping, which should make the files unrecoverable. Test on 3 mobile devices: Moto G (< 3 months of usage, using new file system) Nexus S (> 3 years of usage, older file system) Nexus 4 (~2 years of usage, most common file system, test still ongoing)

17 Results: 1 app default wipe method remove almost nothing Out of 2 apps which offer secure wiping, only 1 is more effective. Even with secure wiping, data recovery is still possible Almost all apps are similar to default’s. Very low recovery rate on Moto G (secure wiping or not)

18 Discussion Data remnant issue can be solved through full-disk encryption Introduced in Android 4.0 (Ice Cream Sandwich) Default in Android 5.0 (Lollipop) However, 4 months after Android Lollipop release, encryption is back to optional due to performance issue of current hardware. Recommendation: Enable full-disk encryption if possible Secure wiping, although not very effective, but better than nothing.

19 Future research Thumbnail recovery More photo gallery apps More devices (i.e. camera resolution) Effectiveness study Secure wiping method used. Which/how factor (usage, file system) affects recovery rate. 19

20 Q & A 20

Download ppt "Forensic Aspect of Remote Wiping in Android Presented by: Ming Di Leom Supervisor: Dr. Kim-Kwang Raymond Choo."

Similar presentations

Android 4.0 'Ice Cream Sandwich'. As officially announced during the 2011 Google I/O, the upcoming version of Android is called Ice Cream Sandwich, a.

Android 4.0 'Ice Cream Sandwich'. As officially announced during the 2011 Google I/O, the upcoming version of Android is called Ice Cream Sandwich, a.
Ethan Bruning Senior Sales Engineer Mobile Capture Apps – Introduction to Mobile Capture App Design and Development.

Ethan Bruning Senior Sales Engineer Mobile Capture Apps – Introduction to Mobile Capture App Design and Development.
GT-I9300 Appendix Version 2.0 Global CS ECC HHP Review 1 st June 2012 - Appendix- Customer Consultant Guide Android mobile technology platform.

GT-I9300 Appendix Version 2.0 Global CS ECC HHP Review 1 st June Appendix- Customer Consultant Guide Android mobile technology platform.
Chromebook Inservice. Agenda Meet the Chromebook’s Hardware Features Google Accounts Wireless Network Connectivity and Login Procedures Initial screen.

Chromebook Inservice. Agenda Meet the Chromebook’s Hardware Features Google Accounts Wireless Network Connectivity and Login Procedures Initial screen.
Desktop Central Managing Desktops, Servers & Devices Romanus Prabhu R Technical Account Manager LinkedIn : romanus.prabhu.

Desktop Central Managing Desktops, Servers & Devices Romanus Prabhu R Technical Account Manager LinkedIn : romanus.prabhu.
Android 4.0 ICS An Unified UI framework for Tablets and Cell Phones Ashwin. G. Balani, Founder Member, GTUG, Napur.

Android 4.0 ICS An Unified UI framework for Tablets and Cell Phones Ashwin. G. Balani, Founder Member, GTUG, Napur.
Nexus One Background The new Google phone, the Nexus One, may make Apple nervous due to different features that the iPhone does not contain. Google’s Nexus.

Nexus One Background The new Google phone, the Nexus One, may make Apple nervous due to different features that the iPhone does not contain. Google’s Nexus.
CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.

CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.
Week:#14 Windows Recovery

Week:#14 Windows Recovery
COMPUTER BACKUP A disaster will happen to you one day…an accidentally deleted file, a new program that caused problems or a virus that wreaked havoc, wiping.

COMPUTER BACKUP A disaster will happen to you one day…an accidentally deleted file, a new program that caused problems or a virus that wreaked havoc, wiping.
Android Smartphones and Tablets Fall 2014. Agenda.

Android Smartphones and Tablets Fall Agenda.
IOS vs. Android: Mobile Learning Yuanjie Dai, Amanda Kuhnley, Korey Page.

IOS vs. Android: Mobile Learning Yuanjie Dai, Amanda Kuhnley, Korey Page.
UFCFX5-15-3Mobile Device Development Android Development Environments and Windows.

UFCFX5-15-3Mobile Device Development Android Development Environments and Windows.
ENCRYPTION Coffee Hour for August 2014. HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.

ENCRYPTION Coffee Hour for August HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.
Installing and Troubleshooting Hardware Device and Drivers Chapter 6 powered by dj.

Installing and Troubleshooting Hardware Device and Drivers Chapter 6 powered by dj.
Chapter 7 Installing and Using Windows XP Professional.

Chapter 7 Installing and Using Windows XP Professional.
Sophos Mobile Security

Sophos Mobile Security
March 14, 2011. Microsoft Microsoft officially announced the date and time that Internet Explorer 9 (IE9) will move away from a release candidate and.

March 14, Microsoft Microsoft officially announced the date and time that Internet Explorer 9 (IE9) will move away from a release candidate and.
Smartphones Adrián Preciado. Smartphones Index 1.iPhone OS 1.1Pros 1.2Cons 1.3Different iPhones 1.4 App Store 2.Android 2.1Pros 2.2Cons 2.3 Some phones.

Smartphones Adrián Preciado. Smartphones Index 1.iPhone OS 1.1Pros 1.2Cons 1.3Different iPhones 1.4 App Store 2.Android 2.1Pros 2.2Cons 2.3 Some phones.
Android 2: Introduction to the Technology Kirk Scott 1.

Android 2: Introduction to the Technology Kirk Scott 1.

Similar presentations

Ads by Google