Cyberattack Pattern Analysis on Mobile Device Data Forensic Investigations

Abstract

Mobile device data forensics investigations using open-source tools for cyberattack pattern analysis have become inevitable due to the changing attack surface and the changing threat landscape. As mobile device usage increases, so do the vulnerabilities and security threats leading to attacks such as mobile app attacks, MITM attacks, bluejacking, malware, and social engineering attacks. The paper aims to explore a hypothetical scenario of mobile device compromise using a social engineering attack. The study focuses on forensic analysis techniques to investigate these compromises, including network traffic examination, malicious app analysis, and disk image inspection using open-source tools. The contribution of the paper is threefold. First, we explore the attack surface by implementing an existing attack pattern on Android devices and having a secure and controlled connection to the mobile device. The attack scenarios are simulated on an Android device. Further, we extract data on the forensic disk image using a digital forensics investigation process and an Autopsy tool in a virtual environment for cyberattack analysis on the mobile device to determine attribution. Furthermore, we implement the multifunctional digital forensic tool Autopsy to retrieve and analyze several types of digital evidence from mobile devices in standardized formats. The work highlight the risks associated with unverified app downloads and the exploitation of mobile vulnerabilities.