Argus: A new approach for forensic analysis of apps on mobile devices

IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Abdul Boztas, Jeroen De Jong, Christos Hadjigeorghiou
{"title":"Argus: A new approach for forensic analysis of apps on mobile devices","authors":"Abdul Boztas,&nbsp;Jeroen De Jong,&nbsp;Christos Hadjigeorghiou","doi":"10.1016/j.fsidi.2025.301938","DOIUrl":null,"url":null,"abstract":"<div><div>The availability of a multitude of apps on mobile devices offers many investigative opportunities due to the large amount of information on all kinds of activities stored by these apps. On the other hand, it also creates problems because it can be difficult to identify the location of relevant information and to properly interpret the great number of digital traces stored by apps. This is especially true for apps currently not supported by commercial forensic tools. This calls for the development of new tools that can quickly analyse specific applications and identify all files containing important information.</div><div>In this paper, we introduce the Argus tool for dynamically analysing apps on mobile devices. Argus monitors the file system on mobile devices to quickly identify which files have been modified, deleted, or created as a result of actions performed on the device, such as using an app. The Argus tool supports physical iOS and Android devices, as well as Android and iOS emulators.</div><div>The results of Argus experiments are stored locally on the computer conducting the experiment, but Argus also offers the option to publish and share these results in a forensic artifacts reference database called Aardwolf, accessible at https://www.aardwolfproject.eu.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"53 ","pages":"Article 301938"},"PeriodicalIF":2.0000,"publicationDate":"2025-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281725000770","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The availability of a multitude of apps on mobile devices offers many investigative opportunities due to the large amount of information on all kinds of activities stored by these apps. On the other hand, it also creates problems because it can be difficult to identify the location of relevant information and to properly interpret the great number of digital traces stored by apps. This is especially true for apps currently not supported by commercial forensic tools. This calls for the development of new tools that can quickly analyse specific applications and identify all files containing important information.
In this paper, we introduce the Argus tool for dynamically analysing apps on mobile devices. Argus monitors the file system on mobile devices to quickly identify which files have been modified, deleted, or created as a result of actions performed on the device, such as using an app. The Argus tool supports physical iOS and Android devices, as well as Android and iOS emulators.
The results of Argus experiments are stored locally on the computer conducting the experiment, but Argus also offers the option to publish and share these results in a forensic artifacts reference database called Aardwolf, accessible at https://www.aardwolfproject.eu.
Argus:对移动设备上的应用程序进行取证分析的新方法
移动设备上大量应用程序的可用性提供了许多调查机会,因为这些应用程序存储了大量关于各种活动的信息。另一方面,它也会产生问题,因为很难确定相关信息的位置,也很难正确解释应用程序存储的大量数字痕迹。对于目前不受商业取证工具支持的应用程序尤其如此。这就要求开发能够快速分析特定应用程序并识别包含重要信息的所有文件的新工具。在本文中,我们介绍了用于动态分析移动设备上应用程序的Argus工具。Argus监控移动设备上的文件系统,以快速识别由于设备上执行的操作(例如使用应用程序)而修改、删除或创建的文件。Argus工具支持物理iOS和Android设备,以及Android和iOS模拟器。Argus的实验结果存储在进行实验的本地计算机上,但Argus也提供了在一个名为Aardwolf的法医文物参考数据库中发布和分享这些结果的选项,该数据库可访问https://www.aardwolfproject.eu。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
5.90
自引率
15.00%
发文量
87
审稿时长
76 days
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信