Abstract—The familiarity and prevalence of mobile devices
inflates their use as instruments of crime. Law enforcement
personnel and mobile forensics investigators, are constantly battling to gain the upper-hand at developing a standardized system able to comprehensively identify and resolve the vulnerabilities present within the mobile device platform. The Android mobile platform can be perceived as an antagonist to this objective, as its open nature provides attackers direct
insight into the internalization and security features of the most
popular platform presently in the consumer market. This paper identifies and demonstrates the system partition in an Android smartphone as a viable attack vector for covert data trafficking. An implementation strategy (comprised of four experimental
phases) is developed to exploit the internal memory of a non-activated rooted Android HTC Desire 510 4g smartphone. A set of mobile forensics tools: AccessData Mobile Phone Examiner Plus (MPE+ v5.5.6), Oxygen Forensic Suite 2015 Standard, and Google Android Debug Bridge adb were used for the extraction and analysis process. The data analysis found the proposed approach to be a persistent and minimally detectable
method to exchange data.
Index Terms—Android forensics, factory reset, system partition, AccessData MPE+, oxygen forensic standard suite,
android debug bridge.
The authors are with the SHSU Department of Computer Science, Huntsville, Texas, USA (e-mail: bas050@shsu.edu, bxz003@shsu.edu,
liu@shsu.edu).
[PDF]
Cite: Brittany Byrd, Bing Zhou, and Qingzhong Liu, "Android System Partition to Traffic Data?," International Journal of Knowledge Engineering vol. 3, no. 2, pp. 37-42, 2017.