Author URLs
Professor Baggili's Faculty Profile
Professor Breitinger's faculty profile
Document Type
Article
Publication Date
6-2016
Subject: LCSH
Mobile device forensics
Disciplines
Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
Abstract
Android malware is a well-known challenging problem and many researchers/vendors/practitioners have tried to address this issue through application analysis techniques. In order to analyze Android applications, tools decompress APK files and extract relevant data from the Dalvik EXecutable (DEX) files. To acquire the data, investigators either use decompiled intermediate code generated by existing tools, e.g., Baksmali or Dex2jar or write their own parsers/dissemblers. Thus, they either need additional time because of decompiling the application into an intermediate representation and then parsing text files, or they reinvent the wheel by implementing their own parsers. In this article, we present Rapid Android Parser for Investigating DEX files (RAPID) which is an open source and easy-to-use JAVA library for parsing DEX files. RAPID comes with well-documented APIs which allow users to query data directly from the DEX binary files. Our experiments reveal that RAPID outperforms existing approaches in terms of runtime efficiency, provides better reliability (does not crash) and can support dynamic analysis by finding critical offsets. Notably, the processing time for our sample set of 22.35 GB was only 1.5 h with RAPID while the traditional approaches needed about 23 h (parsing and querying).
DOI
10.1016/j.diin.2016.03.002
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Repository Citation
Zhang, Xiaolu; Breitinger, Frank; and Baggili, Ibrahim, "Rapid Android Parser for Investigating DEX Files (RAPID)" (2016). Electrical & Computer Engineering and Computer Science Faculty Publications. 53.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/53
Publisher Citation
Xiaolu Zhang, Frank Breitinger, and Ibrahim Baggili. “Rapid Android Parser for Investigating DEX files (RAPID)”. In: Digital Investigation 17 (2016), pp. 28 –39.
Included in
Computer Engineering Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
Comments
This is the peer reviewed version of the following article: Xiaolu Zhang, Frank Breitinger, and Ibrahim Baggili. “Rapid Android Parser for Investigating DEX files (RAPID)”. In: Digital Investigation 17 (2016), pp. 28 –39., which has been published in final form at http:/dx.doi.org/10.1016/j.diin.2016.03.002. This article may be used for non-commercial purposes in accordance with the CC/BY/NC/ND license.
Dr. Ibrahim Baggili was appointed to the University of New Haven's Elder Family Endowed Chair in 2015.