安卓Dumpsys分析

ID:25510

阅读量:0

大小:2.27 MB

页数:26页

时间:2022-12-01

金币:15

上传者:战必胜
Android Dumpsys Analysis to Indicate Driver Distraction
Lukas Bortnik
1
, Arturs Lavrenovs
1
1
NATO Cooperative Cyber Defence Centre of Excellence,
Filtri Tee 12, 10132 Tallinn, Estonia
{lukas.bortnik, arturs.lavrenovs}@ccdcoe.org
Abstract. Police officers investigating car accidents have to consider the driver’s
interaction with a mobile device as a possible cause. The most common activities
such as calling or texting can be identified directly via the user interface or from
the traffic metadata acquired from the Internet Service Provider (ISP). However,
‘offline activities’, such as a simple home button touch to wake up the screen, are
invisible to the ISP and leave no trace at the user interface. A possible way to
detect this type of activity could be analysis of system level data. However, se-
curity countermeasures may limit the scope of the acquired artefacts.
This paper introduces a non-intrusive analysis method which will extend the
range of known techniques to determine a possible cause of driver distraction.
All Android dumpsys services are examined to identify the scope of evidence
providers which can assist investigators in identifying the driver’s intentional in-
teraction with the smartphone. The study demonstrates that it is possible to iden-
tify a driver’s activities without access to their personal content. The paper pro-
poses a minimum set of requirements to construct a timeline of events which can
clarify the accident circumstances. The analysis includes online activities such as
interaction with social media, calling, texting, and offline activities such as user
authentication, browsing the media, taking pictures, etc. The applicability of the
method are demonstrated in a synthetic case study.
Keywords: digital evidence, mobile forensics, car accident, driver’s distraction,
Android dumpsys
1 Introduction
The scope of digital evidence is growing in parallel with minor improvements and
newly added functionalities in mobile devices. In general, newly introduced operating
system (OS) upgrades are targeted to improve the security and ergonomics of the mo-
bile devices. While security upgrades challenge the investigator’s ability to acquire de-
tailed digital evidence, the opposite is the case when enhancing the usability of the
system: an improved user environment requires integrating new hardware and software
components, which results in new streams of evidence ready to be investigated by fo-
rensic practitioners.
In comparison to traditional host-based digital forensic techniques, mobile forensic
solutions must consider a range of different mobile-device specific requirements.
Firstly, mobile device data is highly volatile. Some evidence will simply not survive
资源描述:

当前文档最多预览五页,下载文档查看全文

此文档下载收益归作者所有

当前文档最多预览五页,下载文档查看全文
温馨提示:
1. 部分包含数学公式或PPT动画的文件,查看预览时可能会显示错乱或异常,文件下载后无此问题,请放心下载。
2. 本文档由用户上传,版权归属用户,天天文库负责整理代发布。如果您对本文档版权有争议请及时联系客服。
3. 下载前请仔细阅读文档内容,确认文档内容符合您的需求后进行下载,若出现内容与标题不符可向本站投诉处理。
4. 下载文档时可能由于网络波动等原因无法下载或下载错误,付费完成后未能成功下载的用户请联系客服处理。
关闭