Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations

Details

Ressource 1Download: 1-s2.0-S2666281721002031-main.pdf (694.89 [Ko])
State: Public
Version: Final published version
License: CC BY 4.0
Serval ID
serval:BIB_D56CBD9367EE
Type
Article: article from journal or magazin.
Collection
Publications
Institution
Title
Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations
Journal
Forensic Science International: Digital Investigation
Author(s)
Zhang Xiaolu, Breitinger Frank, Luechinger Engelbert, O'Shaughnessy Stephen
ISSN
2666-2817
Publication state
Published
Issued date
12/2021
Peer-reviewed
Oui
Volume
39
Pages
301285
Language
english
Abstract
Android obfuscation techniques include not only classic code obfuscation techniques that were adapted to Android, but also obfuscation methods that target the Android platform specifically. This work examines the status-quo of Android obfuscation, obfuscation detection and deobfuscation. Specifically, it first summarizes obfuscation approaches that are commonly used by app developers for code optimization, to protect their software against code theft and code tampering but are also frequently misused by malware developers to circumvent anti-malware products. Secondly, the article focuses on obfuscation detection techniques and presents various available tools and current research. Thirdly, deobfuscation (which aims at reinstating the original state before obfuscation) is discussed followed by a brief discussion how this impacts forensic investigation. We conclude that although obfuscation is widely used in Android app development (benign and malicious), available tools and the practices on how to deal with obfuscation are not standardized, and so are inherently lacking from a forensic standpoint.
Keywords
Android application forensic, Obfuscation, Deobfuscation, Obfuscation detection, Literature review, Survey, Reverse engineering
Open Access
Yes
Create date
15/10/2021 13:56
Last modification date
15/01/2024 7:16
Usage data