Reference Architecture for Android Applications to Support the Detection of Manipulated Evidence

Pieterse, Olivier, and van Heerden


Citation information

H. Pieterse, M. S. Olivier, and R. van Heerden. “Reference Architecture for Android Applications to Support the Detection of Manipulated Evidence”. In: SAIEE Africa Research Journal (June 2016), pp. 106–117


Traces found on Android smartphones form a significant part of digital investigations. A key component of these traces is the date and time, often formed as timestamps. These timestamps allow the examiner to relate the traces found on Android smartphones to some real event that took place. This paper performs exploratory experiments that involve the manipulation of timestamps found in SQLite databases on Android smartphones. Based on observations, specific heuristics are identified that may allow for the identification of manipulated timestamps. To overcome the limitations of these heuristics, a new reference architecture for Android applications is also introduced. The reference architecture provides examiners with a better understanding of Android applications as well as the associated digital evidence. The results presented in the paper show that the suggested techniques to establish the authenticity and accuracy of digital evidence are feasible.

Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.23919/SAIEE.2016.8531545

BibTeX reference

author={Heloise Pieterse and Martin S Olivier and Renier van Heerden},
title={Reference Architecture for {Android} Applications to Support the Detection of Manipulated Evidence},
journal={SAIEE Africa Research Journal} )

[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: October 31, 2019

Beta version of new bibliography database; please report errors (or copyright violations) that may have slipped in.