Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations

Détails

Ressource 1Télécharger: 1-s2.0-S2666281721002031-main.pdf (694.89 [Ko])
Etat: Public
Version: Final published version
Licence: CC BY 4.0
ID Serval
serval:BIB_D56CBD9367EE
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Institution
Titre
Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations
Périodique
Forensic Science International: Digital Investigation
Auteur⸱e⸱s
Zhang Xiaolu, Breitinger Frank, Luechinger Engelbert, O'Shaughnessy Stephen
ISSN
2666-2817
Statut éditorial
Publié
Date de publication
12/2021
Peer-reviewed
Oui
Volume
39
Pages
301285
Langue
anglais
Résumé
Android obfuscation techniques include not only classic code obfuscation techniques that were adapted to Android, but also obfuscation methods that target the Android platform specifically. This work examines the status-quo of Android obfuscation, obfuscation detection and deobfuscation. Specifically, it first summarizes obfuscation approaches that are commonly used by app developers for code optimization, to protect their software against code theft and code tampering but are also frequently misused by malware developers to circumvent anti-malware products. Secondly, the article focuses on obfuscation detection techniques and presents various available tools and current research. Thirdly, deobfuscation (which aims at reinstating the original state before obfuscation) is discussed followed by a brief discussion how this impacts forensic investigation. We conclude that although obfuscation is widely used in Android app development (benign and malicious), available tools and the practices on how to deal with obfuscation are not standardized, and so are inherently lacking from a forensic standpoint.
Mots-clé
Android application forensic, Obfuscation, Deobfuscation, Obfuscation detection, Literature review, Survey, Reverse engineering
Open Access
Oui
Création de la notice
15/10/2021 13:56
Dernière modification de la notice
15/01/2024 7:16
Données d'usage