Abdul Boztas, Jeroen De Jong, Christos Hadjigeorghiou
{"title":"Argus: A new approach for forensic analysis of apps on mobile devices","authors":"Abdul Boztas, Jeroen De Jong, Christos Hadjigeorghiou","doi":"10.1016/j.fsidi.2025.301938","DOIUrl":null,"url":null,"abstract":"<div><div>The availability of a multitude of apps on mobile devices offers many investigative opportunities due to the large amount of information on all kinds of activities stored by these apps. On the other hand, it also creates problems because it can be difficult to identify the location of relevant information and to properly interpret the great number of digital traces stored by apps. This is especially true for apps currently not supported by commercial forensic tools. This calls for the development of new tools that can quickly analyse specific applications and identify all files containing important information.</div><div>In this paper, we introduce the Argus tool for dynamically analysing apps on mobile devices. Argus monitors the file system on mobile devices to quickly identify which files have been modified, deleted, or created as a result of actions performed on the device, such as using an app. The Argus tool supports physical iOS and Android devices, as well as Android and iOS emulators.</div><div>The results of Argus experiments are stored locally on the computer conducting the experiment, but Argus also offers the option to publish and share these results in a forensic artifacts reference database called Aardwolf, accessible at https://www.aardwolfproject.eu.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"53 ","pages":"Article 301938"},"PeriodicalIF":2.0000,"publicationDate":"2025-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281725000770","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The availability of a multitude of apps on mobile devices offers many investigative opportunities due to the large amount of information on all kinds of activities stored by these apps. On the other hand, it also creates problems because it can be difficult to identify the location of relevant information and to properly interpret the great number of digital traces stored by apps. This is especially true for apps currently not supported by commercial forensic tools. This calls for the development of new tools that can quickly analyse specific applications and identify all files containing important information.
In this paper, we introduce the Argus tool for dynamically analysing apps on mobile devices. Argus monitors the file system on mobile devices to quickly identify which files have been modified, deleted, or created as a result of actions performed on the device, such as using an app. The Argus tool supports physical iOS and Android devices, as well as Android and iOS emulators.
The results of Argus experiments are stored locally on the computer conducting the experiment, but Argus also offers the option to publish and share these results in a forensic artifacts reference database called Aardwolf, accessible at https://www.aardwolfproject.eu.