Article

A methodology for the decryption of encrypted smartphone backup data on android platform: A case study on the latest samsung smartphone backup system

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Backups on smartphones protect user data from the risk of data corruption and loss by storing personal information, media data, application data, and other settings. Although backups were originally designed to maintain and protect user data, these data can be important in criminal investigations requiring the verification of suspect behavior-related information at the time of an incident. However, backup data are often encrypted by each manufacturer using different scheme to protect user privacy. Since the encryption acts as a disturbance to the use of backup data in investigations, it is necessary to decrypt backup data by analyzing the encryption schemes of each manufacturer. In this paper, we propose a widely applicable methodology that efficiently analyzes various encryption backup schemes. Our methodology checks the backup features, identifies the backup data, and their encrypting locations reverses encryption schemes used in the backup and finally decrypts encrypted backup data. As a case study, we apply our methodology to the latest Samsung smartphone backup system consisting of a Samsung SmartSwitch Mobile and a Samsung SmartSwitch PC. We acquired the backup data including the encrypted data generated by the Samsung smartphone backup in plain form, and revealed a technique to recover the Personal Identification Number (PIN) used for encryption through the authenticator included in the backup data. We also identified, through reverse engineering, a hidden feature that could be used to extract more data than was possible using the normal backup. Finally, we developed a decryption tool to verify that the encrypted backup data were correctly decrypted. Although, in this paper, we focused on the Samsung smartphone backup, our methodology could be applied to any smartphone backup system on Android platform. We believe that our work will be very helpful to mobile investigators.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Similarly, the cost, complexity, and functionality of digital forensic tools and techniques vary widely. As a result, most digital forensic tools have disparate parts or elements, which makes them incompatible with one another (Park et al., 2020). Furthermore, some forensic tools are incapable of dealing with the everincreasing storage capacity of target devices. ...
Article
The use of digital forensic tools and techniques has continued to evolve as the security community makes efforts to stay ahead and mitigate cyber crimes. These tools and techniques are assisting cybersecurity experts and law enforcement in identifying fraudsters and protecting data by utilizing techniques such as digital traces left by data processing and storage. This paper identifies the peculiarities of digital forensics as a field of study, explores trends, challenges and opportunities presented by digital forensic tools in investigating cyber crimes. We carried out a systematic literature review of applicable tools and techniques. Our research identified challenges affecting the use of digital forensics in investigating cybercrime, and capture comprehensively the pulse of the domain. Recommendations were made that digital forensics lack a unified formal representation of standardized procedures and knowledge for analyzing and gathering digital artifacts. This inevitably causes incompatibility and conflict within various digital forensics tools. This leads to errors in the interpretation and analysis of digital artifacts due to lack of standardized or formalized procedure for analyzing, preserving, and collecting digital evidence is absent. Keywords: Cybercrimes, Police, Cyber Security, Challenges, Techniques CISDI Journal Reference Format Adams Terrence Addey (2024): Trends, Challenges and Opportunities of Engaging Digital Forensics for Cybercrime Investigations – A Review. Computing, Information Systems, Development Informatics & Allied Research Journal. Vol 15 No 1, Pp 1-.8. dx.doi.org/10.22624/AIMS/CISDI/V15N1P1x. Available online at www.isteams.net/cisdijournal
... Similarly, the cost, complexity, and functionality of digital forensic tools and techniques vary widely. As a result, most digital forensic tools have disparate parts or elements, which makes them incompatible with one another (Park et al., 2020). Furthermore, some forensic tools are incapable of dealing with the everincreasing storage capacity of target devices. ...
Article
The use of digital forensic tools and techniques has continued to evolve as the security community makes efforts to stay ahead and mitigate cyber crimes. These tools and techniques are assisting cybersecurity experts and law enforcement in identifying fraudsters and protecting data by utilizing techniques such as digital traces left by data processing and storage. This paper identifies the peculiarities of digital forensics as a field of study, explores trends, challenges and opportunities presented by digital forensic tools in investigating cyber crimes. We carried out a systematic literature review of applicable tools and techniques. Our research identified challenges affecting the use of digital forensics in investigating cybercrime, and capture comprehensively the pulse of the domain. Recommendations were made that digital forensics lack a unified formal representation of standardized procedures and knowledge for analyzing and gathering digital artifacts. This inevitably causes incompatibility and conflict within various digital forensics tools. This leads to errors in the interpretation and analysis of digital artifacts due to lack of standardized or formalized procedure for analyzing, preserving, and collecting digital evidence is absent. Keywords: Cybercrimes, Police, Cyber Security, Challenges, Techniques
... As athletes constantly strive for excellence, the need for innovative training methods becomes imperative. The introduction of the Android-based media blocker tool signifies a proactive approach to addressing contemporary challenges, demonstrating the team's commitment to staying at the forefront of both technological advancements and athletic performance (Park et al., 2020;Roy et al., 2020). ...
Article
Full-text available
The problem in this study was the low achievement of sepaktakraw athletes who were thought to be influenced by a smash often failing to turn off the ball. The ball was often blocked by opponents. The purpose of this study is to examine how a certain intervention affects a given sample group, with an emphasis on group differences and heterogeneity of variance analysis. Measuring the homogeneity of variance among groups and evaluating meaningful differences between those groups was the study topic in this context. This kind of study was exploratory in nature, utilizing statistical techniques to find correlations between the variables under investigation. This study had 29 participants who had taken part in a specific intervention as its sample. Selective sampling is done based on the features of the subject that are pertinent to the study's goal. Two primary statistical tests were employed as study tools. Initially, the homogeneity of variance across groups was assessed using the Levene test, and group differences were assessed using the ANOVA test. Given that the value of Sig. was more than 0.05, the Levene test findings demonstrated that the variance among the groups was homogenous. In contrast, the ANOVA test results indicated a significant difference between the groups with a Sig. value of less than 0.05 and a significant F value (F = 60.708). This study concludes that the variables examined in the subject group are significantly impacted by the intervention that was given. The homogeneity of variance was further supported by the Levene test results, which further supported the discovery of substantial group differences. These findings have consequences for attempts to improve within the groups under study as well as for our knowledge of how certain treatments affect variability and differences between groups.
... The prospective hacker is able to restore the encrypted code or sensitive data to its original unencrypted form due to poor encryption techniques or weaknesses within the encryption process as key management, type of algorithm used in the system. There are various of methodologies that the attacker can apply to decrypt the data on the smart phone, by decompiling the source of code of the application using specific tools as JEB Decompiler, IDA pro, and others for android phones [11], then they can find the backup location file and do a reverse engineering to it. ...
Chapter
Full-text available
With the rise in popularity of the Internet of Things (IoT) devices and smartphones, the number of mobile applications (apps) is rapidly increasing due to many factors like the low price of smartphones contributing significantly to the high acquisition rate, the capability for consumers to download and install a vast number of applications, tools etc. However, mobile applications present a whole world of security vulnerabilities, making them a prime target for hackers to spread malwares rapidly on smartphones and execute a variety of attacks. Therefore, mobile applications vulnerability detection and prevention solutions are becoming more advanced based on cover preventative techniques like static and dynamic analysis of the mobile applications and effective detection that uses new models of machine and deep learning techniques such as Generative Adversarial Networks (GANs) which are well suited for this type of problems. In this work, we will discuss the top ten mobile applications vulnerabilities with a focus on the main security challenges facing smartphone apps. We will present some solutions for securing the mobile applications based on GANs.KeywordsMobile ApplicationsIoTGANsVulnerabilitiesDetectionPrevention Security
... The most frequent method for smartphone backup is to connect the device to a computer through USB. Each component file can be kept in ordinary, compressed, or encrypted form, and backup data have a manufacturer-specific file structure [110]. ...
... In the future, more different mobile iPhone and IoT devices will be considered, various popular Android and iOS applications will be investigated for data extraction and forensics examination and the experiment will be extended to Unmanned Aerial Vehicles [19] and encrypted IoT devices [20]. ...
... 5. Reporting -The final stage is to make a report on the final results of the investigation and analysis that has been carried out [38]. The data extraction process at the examination stage utilizes the live forensic method where researchers try to carry out the extraction or acquisition process of digital evidence [39][40] [41]. It is stored on smartphones that have the MiChat and SayHi Chat applications installed. ...
Chapter
Over the years, more and more industries are focused on digitizing their manufacturing operations by using a bunch of advanced technologies like Machine Learning and Artificial Intelligence based on different equipments and materials, such as sensors, cameras, and lidar. All of them could be combined to wireless technology communication and create an IoT network. In this context, the objective is to present our contribution in the field of failure prediction in Rotation machinery based on diagnosis and prognosis system for predictive maintenance. With the help of the new intelligent diagnostic indicators, it is possible to target default points in real time before taking actions using the stream processing. Machine analysis behavior is a traditional approach used in maintenance field to capture damage and failure. It is also a perfect tool for detecting and then diagnosing operating default in rotating machines.The present work is about predicting the situation using a new Wireless sensor Network in rotating machinery by capturing and treating all the collected data and testing them with Machine Learning algorithm.KeywordsPredictive MaintenanceWireless Sensors NetworkRotating MachineryVibration analysis
Article
Smartphones, which offer various features such as SMS/MMS, scheduling, messaging, and SNS, have become an integral part of modern life. Smartphones manage information intimately related to users in a self-contained manner, allowing them to provide such convenience efficiently. Such data, which can be used as key digital forensic evidence, are prime targets for investigators. However, exacting relevant data from smartphones with complicated structures requires considerable expertise. The analysis of smartphone backups is one approach to solving this problem. Smartphone manufacturers provide users with programs that include a backup protocol for backing up smartphone data. These programs allow investigators to easily extract smartphone data. Efficient smartphone data extraction is possible by integrating backup programs using different backup protocols into one framework. To achieve this integration, it is necessary to analyze each smartphone manufacturer's backup protocol. In this paper, we describe the results of analyzing the Huawei smartphone backup program HiSuite. HiSuite uses its backup protocol to produce backups of smartphones. We uncovered the entire process of the backup protocol through reverse engineering. We also experimentally verified that it is possible to obtain backup data from Huawei smartphones using the tool we developed to replace HiSuite based on our analysis. We believe this paper will help digital forensics investigators develop a better approaches to collecting data from smartphones.
Article
A smartphone is a personal device, so the information is always tied to its user. Possibly, as the smartphone usage increase, more relevant data of the respective users end up. The smartphone manufacturers, who provide data backup services, prevent users from losing data in the event of physical damage, such as loss or breakage of the smartphone. The backup data store the same data as the user data in the smartphone, but the personal data related to the user are encrypted, and some data related to data restoration and information are stored in plain text format. When it is difficult to analyze the smartphone itself in a digital forensic investigation, the backup data are a useful analysis target to replace the data from the smartphone itself. In particular, smartphones made by Samsung, a leading manufacturer in the smartphone market, have been continually studied. In this paper, we analyzed the latest version of Smart Switch, a backup program provided by Samsung, in Windows and macOS environments. We analyzed the encryption method used in the latest version of Smart Switch and found that nine algorithms were used in both Windows and macOS environments. Using the analysis results, we decrypted all encrypted backup data and classified the backup data based on the encryption method. We identified the differences through comparison with previous studies. In addition, assuming that the PIN could not be obtained, we measured the time and resources required to recover the PIN. To the best of our knowledge, it is the first time Smart Switch has been analyzed in the macOS environment.
Presentation
Full-text available
As smartphone have more convenient functions and become necessary of our daily life, it stores a variety of information including personal information of users in it. In the event of lost device or the system update (operating system and application), moreover, it may cause loss or leak of data stored in the device. In this regard, smartphone backup data is important for the purpose of data protection and users start to use backup function to store their private data. Backup data can be stored in internal/external SD card of smart devices, or hard disk of connectable PC or cloud server. However, these files are normally encrypted and stored to protect data. In this case, the files lose the value as digital evidences due to difficulties in decryption even though they are artifact that can reveal stored information of smartphone at the time of backup of files. This paper aims to suggest digital forensic investigation for smartphone backup data stored in PC and to analyze the encryption and encoding process of backup files.
Article
As the storage capacity of smartphones increases, more user data such as call logs, SMS records, media data, and instant messages are stored in smartphones. Therefore, it is important in digital investigation to acquire smartphones containing the personal information of users. However, even when a prime suspect's smartphone is acquired, it is difficult to extract user data without obtaining root privilege. In this situation, smartphone backup data may be a valuable alternative to the extraction of user data. Using a smartphone backup, an investigator can extract most of the data stored in a smartphone including user data, with straightforward methods, and transfer them to a storage device such as an SD card, a USB, or a PC. Despite its convenience, backup data are hard to use as evidence, because backup data are encrypted using different methods depending on smartphone manufacturers, in order to protect user privacy. In this paper, we propose methods for decrypting encrypted backup data of Sony smartphones. In our analysis, we reverse-engineered the backup processes of the local backup and the PC backup provided by Sony smartphones, and analyzed the encryption methods applied to each set of backup data. In particular, we developed an algorithm for decrypting encrypted backup data on Sony smartphones, which we experimentally verified. As far as we know, this is the first research that has addressed the decryption of backup data on Sony smartphones.
Article
Digital investigators sometimes obtain key evidence by extracting user data from the smartphones of suspects. However, it is becoming more difficult to extract user data from smartphones, due to continuous updates and the use of data encryption functions, such as Full Disk Encryption (FDE) and File Based Encryption (FBE). Backup data are usually stored in an encrypted form, in order to protect user privacy. Therefore, it is essential for digital investigators to be able to transform encrypted backup data into a form that can be used as evidence. For this purpose, an analysis of the backup method used in a smartphone is needed. In the research reported in this paper, we first analyze the backup process of Huawei smartphones, and then propose a method for decrypting Huawei smartphone backup data encrypted with a user-entered password. This process is performed by analyzing the Huawei application and PC program called KoBackup and HiSuite, respectively. We developed a tool for user-entered password recovery and encrypted backup data decryption. To the best of our knowledge, this is the first result analyzing all of the backup processes available for Huawei smartphones and decrypting their backup data.
Article
Smartphones, which are a necessity for modern people, have become important to forensic investigators, as they have a lot of user information which can be potential evidences. In order to obtain such evidences, forensic investigators should first extract the data from the smartphone. However, if the smartphone is lost or broken, it would be difficult to collect the data from the phone itself. In this case, the backup data can be very useful because it stores almost all information that the smartphone has. Nevertheless, since the backup data is basically encrypted by applications provided by vendors, the encrypted backup data which acts as anti-forensic is difficult to use. Therefore, it is crucial to decrypt the acquired encrypted backup data in order to effectively use it. In this paper, we propose a method to decrypt the Samsung smartphone backup data which is encrypted by a user input called PIN (Personal Identification Number) and a Samsung backup program called Smart Switch. In particular, we develop algorithms to recover the PIN and to decrypt the PIN-based encrypted backup data as well. We have experimentally verified the PIN recovery backup data decryption up to 9 digits of PIN. Our implementation using a precomputed PIN-table with memory 30.51 GB takes about 11 min to recover a 9-digit PIN. To the best of our knowledge, this is the first result of decrypting PIN-based encrypted backup data of Samsung smartphones.
Article
As various features of the smartphone have been used, a lot of information have been stored in the smartphone, including the user's personal information. However, a frequent update of the operating system and applications may cause a loss of data and a risk of missing important personal data. Thus, the importance of data backup is significantly increasing. Many users employ the backup feature to store their data securely. However, in the point of forensic view these backup files are considered as important objects for investigation when issued hiding of smartphone or intentional deletion on data of smartphone. Therefore, in this paper we propose a scheme that analyze structure and restore data for Kies backup files of Samsung smartphone which has the highest share of the smartphone in the world. As the experimental results, the suggested scheme shows that the various types of files are analyzed and extracted from those backup files compared to other tools.
Study on improved recovery method of LG smartphone backup data
  • Park