Return to search

Automated Differentiation of Chat Application Versions and Categorisation of Changes Based on Forensic Relevance / Automatiserad Differentiering av Chattapplikationsversioner och Kategorisering av ÄndringarBaserade på Forensisk Relevans

This thesis investigates the automation of forensic analysis in identifying and categorising forensically interestingchanges across different versions of chat applications on Android platforms. The focus is primarily on thedifferentiation of Android Package Kit (APK) using reverse-engineering techniques to reconstruct the originalsource code and comparing the source code from two different versions of the APK. Given the rapid evolutionof chat applications and their frequent updates, it is crucial for forensic investigators to understand thesechanges to maintain the integrity of legal investigations.The research introduces a comprehensive framework leveraging the open-source tools, Ghidra and BinDiff, toautomate the decompilation and differential analysis of APK files. This approach not only makes forensicanalysis less complicated but also ensures that investigators can keep pace with the continuous updates in chatapplications.Tests on the system are conducted on various versions of the Signal chat application. These tests aim todemonstrate the proposed tool in capturing significant changes between APK versions, such as alterations inlogging mechanisms, database interactions, and the use of encryption and cypher libraries.The results confirm that the integration of Ghidra and BinDiff provides a solution for automated forensicanalysis, facilitating the identification of changes and categorisation of methods based on their forensicrelevance. The study shows that the tool can pinpoint modifications and structural changes, which are essentialfor forensic investigations.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:mau-69162
Date January 2024
CreatorsLjungsten, Ted, Makowski, Adam
PublisherMalmö universitet, Institutionen för datavetenskap och medieteknik (DVMT)
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0024 seconds