#TOR BROWSER ANDROID FORENSICS ANDROID#
We have devised a proof-of-concept implementation of AnForA, that we use to assess its ability in achieving its design goals, by analyzing through it several Android applications already studied in the literature, so that we can compare AnForA’s results against those reported in these papers. During the experiments, the file systems of the device storage are actively monitored, so that the data created or modified by each one of these actions can be located and correlated with that action. In this paper we present the design, implementation, and evaluation of AnForA, a software tool that automates most of the activities that need to be carried out to forensically analyze Android applications, and that has been designed in such a way to yield various important properties, namely fidelity, artifact coverage, artifact precision, effectiveness, repeatability, and generality.ĪnForA is based on a dynamic “black box” approach, in which the application to be analyzed is first installed on a virtualized Android device, and then a set of experiments are carried out, in which actions of interest are automatically performed on the application by emulating a human user that interacts with its interface. Manually analyzing these applications is a long, tedious, and error-prone task. The forensic analysis of these data thus plays a crucial role during an investigation, as it allows to reconstruct the above activities. Most of our daily activities are carried out by means of mobile applications, that typically generate and store on the device large sets of data.