Anti-forensic: Design and Implementation of an Android Forensic Analyzer

Abstract

In incident response the Computer Emergency Response Team (CERT) or Computer Incident Response Team (CIRT) investigates an incidence in order to have a detailed description on how a crime was conducted, who was responsible and ways of making sure that the incident will not happen in future. In order for an investigation to commence there is need for someone to report the incident. The forensic expert or investigator quarantines the crime scene, takes a photograph of the area and seizes the evidence in a forensically sound manner whilst preserving the integrity of data. The evidence media is taken to the forensic lab or workstation where an investigation is conducted. In most cases the investigator is qualified and skilled to perform the operation. The investigation process consists of two sub processes which are Data Collection and Data Analysis. Data collection is the process of acquiring the data that will assist in the investigation process for example through the use of Incident Response Toolkit. Data Analysis is the process of examining the collected data by using various forensic tools that follow the Association Chief of Police Officers (ACPO) principles in order to obtain results. The goals of information security are to protect the confidentiality, integrity and availability of data. Hackers compromise the information security and use anti- forensic techniques to make it difficult for investigators to detect and prove the existence and involvement in the crime. The aim of this paper is to design and implement an application that will provide a solution to some of the anti-forensic data hiding techniques.