H. Pieterse, M. S. Olivier, and R. van Heerden. “Reference Architecture for Android Applications to Support the Detection of Manipulated Evidence”. In: SAIEE Africa Research Journal (June 2016), pp. 106–117
Traces found on Android smartphones form a significant part of digital investigations. A key component of these traces is the date and time, often formed as timestamps. These timestamps allow the examiner to relate the traces found on Android smartphones to some real event that took place. This paper performs exploratory experiments that involve the manipulation of timestamps found in SQLite databases on Android smartphones. Based on observations, specific heuristics are identified that may allow for the identification of manipulated timestamps. To overcome the limitations of these heuristics, a new reference architecture for Android applications is also introduced. The reference architecture provides examiners with a better understanding of Android applications as well as the associated digital evidence. The results presented in the paper show that the suggested techniques to establish the authenticity and accuracy of digital evidence are feasible.
The definitive version of the paper is available from the publisher.
DOI: 10.23919/SAIEE.2016.8531545
@article(andrtime2,
author={Heloise Pieterse and Martin S Olivier and Renier van
Heerden},
title={Reference Architecture for {Android} Applications to
Support the Detection of Manipulated Evidence},
month=jun,
year={2016},
pages={106--117},
journal={SAIEE Africa Research Journal} )
[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: October 31, 2019