Forensic analysis of android phone using Ext4 file system journal log

Dohyun Kim, Jungheum Park, Keun Gi Lee, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Citations (Scopus)

Abstract

As announcing Android OS 2.3, Gingerbread, Google changed the existing file system, yaffs2 to ext2 and adopted it as official file system in android phone. Ext4, the most widely used file system in Linux, not only assists large, but also provides fault tolerance through journaling function by adopting JFSjournal file system. In journal log created through journaling function of ext4, every transaction occurred in file system is record. All transactions include all events (e.g., creating, deleting, and modifying). Therefore, analyzing journal log, we would know what file did android user access to; could recover deleted files as finding the information of previous status of them. Moreover, we could also analyze user actions if we make up timeline by utilizing timestamp recorded in journal log. Based on these facts, in this paper, we aim to analyze journal log area in ext4 file system; to develop the tool, JDForensic, that extracts journal log data to recover deleted data and analyze user actions. This tool will be usefully utilized in the first time digital forensic investigation of android phone.

Original languageEnglish
Title of host publicationFuture Information Technology, Application, and Service, FutureTech 2012
Pages435-446
Number of pages12
EditionVOL. 1
DOIs
Publication statusPublished - 2012
Event7th FTRA International Conference on Future Information Technology, FutureTech 2012 - Vancouver, BC, Canada
Duration: 2012 Jun 262012 Jun 28

Publication series

NameLecture Notes in Electrical Engineering
NumberVOL. 1
Volume164 LNEE
ISSN (Print)1876-1100
ISSN (Electronic)1876-1119

Other

Other7th FTRA International Conference on Future Information Technology, FutureTech 2012
CountryCanada
CityVancouver, BC
Period12/6/2612/6/28

Keywords

  • Analysis of user actions
  • Android phone
  • Data recovery
  • Digital forensics
  • Ext4 file system
  • Journal log

ASJC Scopus subject areas

  • Industrial and Manufacturing Engineering

Fingerprint Dive into the research topics of 'Forensic analysis of android phone using Ext4 file system journal log'. Together they form a unique fingerprint.

  • Cite this

    Kim, D., Park, J., Lee, K. G., & Lee, S. (2012). Forensic analysis of android phone using Ext4 file system journal log. In Future Information Technology, Application, and Service, FutureTech 2012 (VOL. 1 ed., pp. 435-446). (Lecture Notes in Electrical Engineering; Vol. 164 LNEE, No. VOL. 1). https://doi.org/10.1007/978-94-007-4516-2_44