dissertation

Recommendations

Info

C.6 False data from alternate databasesThis is the code for serving false data from alternate databases in response tocontact list queries. It is provided as a patch on top of the instrumentationcode. All patched files are in the directory src/com/android/providers/contacts/. The code for reading the different databases is in the filesContactsDatabaseHelper.java, CellebriteContactsDatabaseHelper.java and XRYContactsDatabaseHelper.java, while the code choosing betweenthem is in ContactsProvider2.java. All files are installed on thephone as part of the contacts provider package, /system/app/ContactsProvider.apk.ContactsDatabaseHelper.java is a helper module which encapsulatesmany details of the contact list database which the contact list providerdoesn’t need to deal with. One of these details is the file name of the database,in the predetermined directory /data/data/com.android.providers.contacts/databases/. Normally, this name iscontacts2.db. Two subclasses are introduced,CellebriteContactsDatabaseHelper.java andXRYContactsDatabaseHelper.java, which instead use the file namescellebrite.db and xry.db, respectively. These files contain databases preparedseparately. The main contact list provider query function, query() inContactsProvider2.java, is changed to select one of the database helpermodules depending on whether the query comes from a known forensics tool,based on the name of the calling program.109
110new f i l e mode 100644index 0 0 0 0 0 0 0 . . 1 e 3 c 4 d f−−− / dev / n u l l+++ read−from−fake −database / s r c /com/ android / p r o v i d e r s / c o n t a c t s / C e l l e b r i t e C o n t a c t s D a t a b a s e H e l p e r . java@@ −0,0 +1 ,27 @@+package com . android . p r o v i d e r s . c o n t a c t s ;++import android . content . Context ;+import android . u t i l . Log ;++p u b l i c c l a s s C e l l e b r i t e C o n t a c t s D a t a b a s e H e l p e r extends ContactsDatabaseHelper {+ p r i v a t e s t a t i c f i n a l S t r i n g TAG = ” C e l l e b r i t e C o n t a c t s D a t a b a s e H e l p e r ” ;++ p r o t e c t e d s t a t i c C e l l e b r i t e C o n t a c t s D a t a b a s e H e l p e r s S i n g l e t o n = n u l l ;++ p u b l i c s t a t i c s y n c h r o n i z e d ContactsDatabaseHelper g e t I n s t a n c e ( Context c o n t e x t ) {+ Log . i (TAG, ” g e t I n s t a n c e ” ) ;+ i f ( s S i n g l e t o n == n u l l ) {+ Log . i (TAG, ” s S i n g l e t o n == n u l l ” ) ;+ } e l s e {+ Log . i (TAG, ” s S i n g l e t o n i s ” + s S i n g l e t o n . g e t C l a s s ( ) . getName ( ) ) ;+ }+ i f ( s S i n g l e t o n == n u l l ) {+ s S i n g l e t o n = new C e l l e b r i t e C o n t a c t s D a t a b a s e H e l p e r ( c o n t e x t ) ;+ }+ r e t u r n s S i n g l e t o n ;+ }++ C e l l e b r i t e C o n t a c t s D a t a b a s e H e l p e r ( Context c o n t e x t ) {+ super ( context , ” c e l l e b r i t e . db ” ) ;+ }+}index 8 f1253a . . 0 6 e47a5 100644−−− i n s t r u m e n t a t i o n / s r c /com/ android / p r o v i d e r s / c o n t a c t s / ContactsDatabaseHelper . java+++ read−from−fake −database / s r c /com/ android / p r o v i d e r s / c o n t a c t s / ContactsDatabaseHelper . java@@ −87,8 +87 ,8 @@ import java . u t i l . Locale ;∗/s t a t i c f i n a l i n t DATABASE VERSION = 3 5 3 ;− p r i v a t e s t a t i c f i n a l S t r i n g DATABASE NAME = ” c o n t a c t s 2 . db ” ;
Page 2:
AbstractIn forensic analysis of mob
Page 8 and 9:
Chapter 1IntroductionAccording to t
Page 10 and 11:
forensics tools Cellebrite and XRY
Page 12 and 13:
2.1.1 Data hidingFor PC anti-forens
Page 14 and 15:
Detecting a USB connection suffers
Page 16 and 17:
protected program can access it, as
Page 18 and 19:
modifications at different times, t
Page 20 and 21:
esponsible for handling security an
Page 22 and 23:
contact lists registers that it pro
Page 24 and 25:
Several projects have built upon th
Page 26 and 27:
to return false data to the tools.
Page 28 and 29:
6. Connection to a forensic analysi
Page 30 and 31:
To install it, then, requires the c
Page 32 and 33:
Step 4 According to the documentati
Page 34 and 35:
Chapter 5Implementation, testing an
Page 36 and 37:
The two modules are raw contacts an
Page 38 and 39:
200-500 small writes in the time fr
Page 40 and 41:
make the data impossible to spot in
Page 42 and 43:
had time to isolate the phone befor
Page 44 and 45:
abort the extraction and show the e
Page 46 and 47:
(a) Extraction summary(b) Extractio
Page 48 and 49:
Figure 5.11: Cellebrite extraction
Page 50 and 51:
Figure 5.14: Contacts fed to Celleb
Page 52 and 53:
(a) Cellebrite extraction report(b)
Page 54 and 55:
(a) SIM contacts visible(b) SIM con
Page 56 and 57:
Chapter 6ConclusionsThis dissertati
Page 58 and 59:
Android is an open system, with spe
Page 60 and 61:
• Hide SIM contacts from the fore
Page 62 and 63:
that it is possible to use Java ref
Page 64 and 65:
7.3 EncryptionStarting with version
Page 66 and 67: operating system components, but th
Page 68 and 69: Appendix BTool behaviourThe followi
Page 70 and 71: S e l e c t i o n : i d = 1 ANDmime
Page 72 and 73: Appendix CSource codeC.1 USBMonitor
Page 74 and 75: ∗/private S t r i n g e o l ;priv
Page 76 and 77: }}Bundle e x t r a s = i n t e n t
Page 78 and 79: index 3 bee54d . . 0 0 be75e 100644
Page 80 and 81: 73import android . p r o v i d e r
Page 82 and 83: + }+ r e t u r n n u l l ;+ }+@Over
Page 84 and 85: @@ −4349 ,6 +4384 ,7 @@ p u b l i
Page 86 and 87: c a s e POSTALS: {+ Log . i (TAG,
Page 88 and 89: qb . setProjectionMap ( sGroupsSumm
Page 90 and 91: c a s e RAW CONTACT ENTITIES: {+ Lo
Page 92 and 93: index f 2 b 6 f c e . . 1 eb2972 10
Page 94 and 95: 87++ // A t t r i b u t e s c o n s
Page 96 and 97: 89+ i n t s t r O f f = s t O f f +
Page 98 and 99: C.4 Delayed responsesThis is the co
Page 100 and 101: + p r i v a t e boolean c a l l e r
Page 102 and 103: 95index 00 be75e . . cb000e9 100644
Page 104 and 105: p r i v a t e boolean i n i t i a l
Page 106 and 107: 99+ // no d e l e t e d c o n t a c
Page 108 and 109: 101+ Log . i (TAG, ” Unknown quer
Page 110 and 111: 103+ // I n t e n t i o n a l l y r
Page 112 and 113: 105+ ” n u l l as ” + Structure
Page 114 and 115: 107+ ” ” + PhoneticNameStyle .U
Page 118 and 119: − p r i v a t e s t a t i c f i n
Page 120 and 121: +import com . android . p r o v i d
Page 122 and 123: Log . i (TAG, ” S e l e c t i o n
Page 124 and 125: C.7 Delayed restorationThis is the
Page 126 and 127: 119+ Log . i (TAG, ” Faking ” +
Page 128 and 129: 121− // b e f o r e and a f t e r
Page 130 and 131: C.8 Hiding SIM contactsThis is the
Page 132 and 133: ++ // This i s the CyanogenMod 7 .
Page 134 and 135: ArrayList r e s u l t s ;− i f (
Page 136 and 137: index c218592 . . a4dbaae 100644−
Page 138 and 139: 131+ /∗+ ∗ ( non−Javadoc )+
Page 140 and 141: package com . android . p r o v i d
Page 142 and 143: 135++ /∗+ ∗ ( non−Javadoc )+
Page 144 and 145: 137+ Log . i (TAG, ” Running quer
Page 146 and 147: Appendix EDeclaration of originalit
Page 148 and 149: [8] Android development guides—Th
Page 150 and 151: [34] Tarpit (networking). http://en
Page 152 and 153: [53] ACPO e-crime working group. Go
Page 154 and 155: [73] Android Open Source Project. L
Page 156: [94] Randal Vaughn and Gadi Evron.
show all

dissertation

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?