hh.sePublications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Digital incursion: Breaching the android lock screen and liberating data
Halmstad University, School of Information Technology.
2021 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Android is the most used operating system in the world, because of this the probability of an android device being acquired in an investigation is high. To begin to extract data from an android device you first need to gain access to it. Mechanisms like full system encryption can make this very difficult. In this paper, the advantages and disadvantages of different methods of gaining access and extracting data from an android device with an unlocked bootloader are discussed. Many users unlock the bootloader of their android device to gain a much greater level of control over it. Android forensics on a device without a unlocked bootloader is very limited. It is therefore interesting to study how you can extract data from an android device that doesn’t have this limitation to android forensics. A literature study is done on previous related research to gather methods for gaining access and extracting data. The methods collected are then tested by performing experiments on a Oneplus 3 android 9 and Oneplus 8 android 11. The research of this paper found that it is possible to perform a brute force attack within a reasonable time against a PIN of length 4-5 or pattern of length 4-6 on the lock screen of an android device. It found that you can optimise the attack by performing a dictionary attack by using public lists of the most used PIN codes. A list of all possible pattern combinations sorted and optimised for a dictionary attack is generated based on statistics of pattern starting location and length. A proof of concept is made by creating a copy of a fingerprint with common cheap materials to gain access through the fingerprint sensor. A device image were able to be extracted by using a root shell through Android Debug Bridge and common command-line tools. Memory forensics were performed by using Frida and was able to extract usernames, passwords, and emails from Google Chrome and Gmail. The custom recovery image TWRP was used to boot the device, gain root access, and was able to extract a full device image with common command-line tools. The results of the TWRP backup feature is also analysed. The results of the data extraction is then analysed manually and with Autopsy.

Place, publisher, year, edition, pages
2021. , p. 49
Keywords [en]
Android forensics, Mobile forensics, Memory forensics, Device access, PIN, Pattern, Biometrics, Android Debug Bridge, TWRP, Frida.
National Category
Computer Sciences Computer and Information Sciences
Identifiers
URN: urn:nbn:se:hh:diva-44939OAI: oai:DiVA.org:hh-44939DiVA, id: diva2:1571018
Subject / course
Digital Forensics
Educational program
IT Forensics and Information Security, 180 credits
Supervisors
Examiners
Available from: 2021-06-11 Created: 2021-06-22 Last updated: 2021-06-22Bibliographically approved

Open Access in DiVA

fulltext(8316 kB)1321 downloads
File information
File name FULLTEXT02.pdfFile size 8316 kBChecksum SHA-512
11e5591970d7a7daccd147243da455139ad6b10b940e472c32b7012ddc23ef660ea84f0fa094455f6a16a509ab4601a36fb77cb9dbe7e73305b41d35138352d5
Type fulltextMimetype application/pdf

By organisation
School of Information Technology
Computer SciencesComputer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 1321 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 717 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf