Argus: A new approach for forensic analysis of apps on mobile devices

IF 2 4区医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Forensic Science International-Digital Investigation Pub Date : 2025-05-27 DOI:10.1016/j.fsidi.2025.301938

Abdul Boztas, Jeroen De Jong, Christos Hadjigeorghiou

{"title":"Argus: A new approach for forensic analysis of apps on mobile devices","authors":"Abdul Boztas, Jeroen De Jong, Christos Hadjigeorghiou","doi":"10.1016/j.fsidi.2025.301938","DOIUrl":null,"url":null,"abstract":"<div><div>The availability of a multitude of apps on mobile devices offers many investigative opportunities due to the large amount of information on all kinds of activities stored by these apps. On the other hand, it also creates problems because it can be difficult to identify the location of relevant information and to properly interpret the great number of digital traces stored by apps. This is especially true for apps currently not supported by commercial forensic tools. This calls for the development of new tools that can quickly analyse specific applications and identify all files containing important information.</div><div>In this paper, we introduce the Argus tool for dynamically analysing apps on mobile devices. Argus monitors the file system on mobile devices to quickly identify which files have been modified, deleted, or created as a result of actions performed on the device, such as using an app. The Argus tool supports physical iOS and Android devices, as well as Android and iOS emulators.</div><div>The results of Argus experiments are stored locally on the computer conducting the experiment, but Argus also offers the option to publish and share these results in a forensic artifacts reference database called Aardwolf, accessible at https://www.aardwolfproject.eu.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"53 ","pages":"Article 301938"},"PeriodicalIF":2.0000,"publicationDate":"2025-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281725000770","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The availability of a multitude of apps on mobile devices offers many investigative opportunities due to the large amount of information on all kinds of activities stored by these apps. On the other hand, it also creates problems because it can be difficult to identify the location of relevant information and to properly interpret the great number of digital traces stored by apps. This is especially true for apps currently not supported by commercial forensic tools. This calls for the development of new tools that can quickly analyse specific applications and identify all files containing important information.

In this paper, we introduce the Argus tool for dynamically analysing apps on mobile devices. Argus monitors the file system on mobile devices to quickly identify which files have been modified, deleted, or created as a result of actions performed on the device, such as using an app. The Argus tool supports physical iOS and Android devices, as well as Android and iOS emulators.

The results of Argus experiments are stored locally on the computer conducting the experiment, but Argus also offers the option to publish and share these results in a forensic artifacts reference database called Aardwolf, accessible at https://www.aardwolfproject.eu.

查看原文本刊更多论文

Argus：对移动设备上的应用程序进行取证分析的新方法

移动设备上大量应用程序的可用性提供了许多调查机会，因为这些应用程序存储了大量关于各种活动的信息。另一方面，它也会产生问题，因为很难确定相关信息的位置，也很难正确解释应用程序存储的大量数字痕迹。对于目前不受商业取证工具支持的应用程序尤其如此。这就要求开发能够快速分析特定应用程序并识别包含重要信息的所有文件的新工具。在本文中，我们介绍了用于动态分析移动设备上应用程序的Argus工具。Argus监控移动设备上的文件系统，以快速识别由于设备上执行的操作（例如使用应用程序）而修改、删除或创建的文件。Argus工具支持物理iOS和Android设备，以及Android和iOS模拟器。Argus的实验结果存储在进行实验的本地计算机上，但Argus也提供了在一个名为Aardwolf的法医文物参考数据库中发布和分享这些结果的选项，该数据库可访问https://www.aardwolfproject.eu。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊