SEDalvik: A Kernel-Level Android Behavior Forensic Method

Abstract

Android is the mobile operating system with the highest market share, but it comes with the endless malicious code. Behavior forensics has an extremely important role in ensuring application security. However, most of the existing methods of forensic analysis work at the application layer, not universal and easily evaded by anti-forensics mechanisms. Therefore, we propose a behavior forensics method based on source code of Dalvik virtual machine and work at the kernel layer, which effectively improves the versatility and effectiveness of behavior forensics on Android.