Document Type

Article

Publication Date

6-2016

Subject: LCSH

Mobile device forensics

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

Android malware is a well-known challenging problem and many researchers/vendors/practitioners have tried to address this issue through application analysis techniques. In order to analyze Android applications, tools decompress APK files and extract relevant data from the Dalvik EXecutable (DEX) files. To acquire the data, investigators either use decompiled intermediate code generated by existing tools, e.g., Baksmali or Dex2jar or write their own parsers/dissemblers. Thus, they either need additional time because of decompiling the application into an intermediate representation and then parsing text files, or they reinvent the wheel by implementing their own parsers. In this article, we present Rapid Android Parser for Investigating DEX files (RAPID) which is an open source and easy-to-use JAVA library for parsing DEX files. RAPID comes with well-documented APIs which allow users to query data directly from the DEX binary files. Our experiments reveal that RAPID outperforms existing approaches in terms of runtime efficiency, provides better reliability (does not crash) and can support dynamic analysis by finding critical offsets. Notably, the processing time for our sample set of 22.35 GB was only 1.5 h with RAPID while the traditional approaches needed about 23 h (parsing and querying).

Comments

This is the peer reviewed version of the following article: Xiaolu Zhang, Frank Breitinger, and Ibrahim Baggili. “Rapid Android Parser for Investigating DEX files (RAPID)”. In: Digital Investigation 17 (2016), pp. 28 –39., which has been published in final form at http:/dx.doi.org/10.1016/j.diin.2016.03.002. This article may be used for non-commercial purposes in accordance with the CC/BY/NC/ND license.

Dr. Ibrahim Baggili was appointed to the University of New Haven's Elder Family Endowed Chair in 2015.

DOI

10.1016/j.diin.2016.03.002

Publisher Citation

Xiaolu Zhang, Frank Breitinger, and Ibrahim Baggili. “Rapid Android Parser for Investigating DEX files (RAPID)”. In: Digital Investigation 17 (2016), pp. 28 –39.

Check your library

Share

COinS