Andrologger: Collecting and Correlating Events to Identify Suspicious Activities in Android

EasyChair Preprint no. 186

Abstract

With the tremendous increase in android smartphone users and easy availability; industry, government and enterprises are trying to tap into these device’s usage possibility for organization’s work purpose. This could significantly reduce the costs and add capabilities earlier un-existed for the enterprises. However, organizations should be prepared to deal with the risk associated with it. These devices will contain plethora of information and data regarding work which when compromised can pose significant challenge to internal investigations comprising policy violations, data theft, intellectual property theft, sabotage, social engineering attacks. In android forensics the earlier approaches and capabilities usually are limited to physical access with forensic tools, though useful but not exposed to full potential. In this paper, we propose a tool, Andrologger which has the capability of automatically collecting data and user events from the device and sent to enterprise server for monitoring and analysis. This data can then be co-related with various activities to suggest a suspected user, beforehand. Andrologger will help investigators and analysts with the real data from the user and their activities and can also be used for user behavior analysis during work-hours by the organizations.

Keyphrases: Android Forensics, Andrologger, BYOD, data collection, Enterprise, Suspiciousness

@Booklet{EasyChair:186,
  author = {Pradeep Tiwari and T Velayutham},
  title = {Andrologger: Collecting and Correlating Events to Identify Suspicious Activities in Android},
  howpublished = {EasyChair Preprint no. 186},
  doi = {10.29007/mmvq},
  year = {EasyChair, 2018}}