JoWUA

Abstract

Smartphone applications (apps) provide users with features to maximize the usefulness of smartphones in various categories, such as finance, education, health, life, and entertainment. For these features, apps store within themselves user data, which are closely related to their user. Such data can be thus used as key digital forensics clues. However, some apps use their own security features to protect data against external threats. Security features, which can effectively protect sensitive data, impose considerable digital forensics challenges that require data decryption to be used as evidence. Therefore, it is essential to conduct a preliminary study of apps with security features so that forensic investigators can perform their work efficiently. In this paper, we propose a forensic analysis of the note-taking apps ClevNote and Samsung Notes. Note-taking apps are valuable as evidence in forensic investigations because notes written by users are stored as app data, but forensic analysis is difficult as several security features protect app data. We conducted a study on a method to collect the protected app data in a form usable as evidence. To achieve this purpose, we identified the security features for target apps and obtained app data by revealing the operation process of security functions using reverse engineering.