Automating Mobile Device File Format Analysis

Author

Richard A. Dill

Date of Award

8-10-2018

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Department of Electrical and Computer Engineering

First Advisor

Gilbert L. Peterson, PhD.

Abstract

Forensic tools assist examiners in extracting evidence from application files from mobile devices. If the file format for the file of interest is known, this process is straightforward, otherwise it requires the examiner to manually reverse engineer the data structures resident in the file. This research presents the Automated Data Structure Slayer (ADSS), which automates the process to reverse engineer unknown file for- mats of Android applications. After statically parsing and preparing an application, ADSS dynamically runs it, injecting hooks at selected methods to uncover the data structures used to store and process data before writing to media. The resultant association between application semantics and bytes in a file reveal the structure and file format. ADSS has been successfully evaluated against Uber and Discord, both popular Android applications, and reveals the format used by the respective proprietary application files stored on the filesystem.

AFIT Designator

AFIT-ENG-DS-18-S-008

DTIC Accession Number

AD1063269

Recommended Citation

Dill, Richard A., "Automating Mobile Device File Format Analysis" (2018). Theses and Dissertations. 1916.
https://scholar.afit.edu/etd/1916