Abstract
Recovering deleted information is one of the most important probative elements in a forensic investigation that involves a mobile phone. In this paper, we present a new tool implementing an innovative method, based on a low-level analysis, to recover deleted data from SQLite databases on Android devices, taking as an initial example text messages. The paper then proposes a generic framework for deleted data recovery that can be used with a range of SQLite databases on a variety of Android systems and devices. Indeed, although our initial aim was to recover deleted SMSs, we realized along the way that, with the appropriate changes, the initial implemented method can be applicable to the extraction of deleted information from any SQLite database file.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Stahlberg, P., Miklau, G., Levine, B.: Threats to privacy in the forensic analysis of database systems. In: Proceedings of the 2007 ACM SIGMOD International Conference on Management of Data, SIGMOD 2007 (2007)
The SQLite Official Documentation, http://www.sqlite.org
Hoog, A., Gaffaney, K.: iPhone forensics. Via Forensics White paper (2009)
Hoog, A.: Android Forensics - Investigation, Analysis and Mobile Security for Google Android. Elsevier (2011)
Aouad, L., Kechadi, T., Trentesaux, J., Le Khac, N.-A.: An Open Framework for Smartphone Evidence Acquisition. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics VIII. IFIP AICT, vol. 383, pp. 159–166. Springer, Heidelberg (2012)
Aouad, L., Kechadi, T.: Android Forensics: A Physical Approach. In: The 2012 International Conference on Security and Management (July 2012)
Quick, D., Alzaabi, M.: Forensic analysis of the Android file system YAFFS2. In: Australian Digital Forensics Conference (December 2011)
Rob, P., Coronel, C.: Database Systems: Design, Implementation and Management. Thomson Course Technology (2009)
The Epilog SQLite forensic tool, http://www.ccl-forensics.com/Software/epilog-from-ccl-forensics.html
Drinkwater, R.: Forensics from the sausage factory - An analysis of the record structure within SQLite databases. Technical report (May 2011)
Carrier, B.: File System Forensic Analysis. Addison Wesley (2005)
Rosenblum, M.: Understanding data lifetime. Stanford University (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Aouad, L.M., Kechadi, T.M., Di Russo, R. (2013). ANTS ROAD: A New Tool for SQLite Data Recovery on Android Devices. In: Rogers, M., Seigfried-Spellar, K.C. (eds) Digital Forensics and Cyber Crime. ICDF2C 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 114. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39891-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-39891-9_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39890-2
Online ISBN: 978-3-642-39891-9
eBook Packages: Computer ScienceComputer Science (R0)