Description
Mobile health applications (or mHealth apps, as they are commonly known) are increasingly popular with both individual end users and user groups such as physicians. Due to their ability to access, store and transmit personally identifiable and sensitive information (e.g. geolocation information and personal details), they are potentially an important source of evidentiary materials in digital investigations. In this paper, we examine 40 popular Android mHealth apps. Based on our findings, we propose a taxonomy incorporating artefacts of forensic interest to facilitate the timely collection and analysis of evidentiary materials from mobile devices involving the use of such apps. Artefacts of forensic interest recovered include user details and email addresses, chronology of user locations and food habits. We are also able to recover user credentials (e.g. user password and four-digit app login PIN number), locate user profile pictures and identify timestamp associated with the location of a user.
Recommended Citation
Azfar, Abdullah; Choo, Kim-Kwang Raymond; and Liu, Lin, "Forensic Taxonomy of Popular Android mHealth Apps" (2015). AMCIS 2015 Proceedings. 13.
https://aisel.aisnet.org/amcis2015/HealthIS/GeneralPresentations/13
Forensic Taxonomy of Popular Android mHealth Apps
Mobile health applications (or mHealth apps, as they are commonly known) are increasingly popular with both individual end users and user groups such as physicians. Due to their ability to access, store and transmit personally identifiable and sensitive information (e.g. geolocation information and personal details), they are potentially an important source of evidentiary materials in digital investigations. In this paper, we examine 40 popular Android mHealth apps. Based on our findings, we propose a taxonomy incorporating artefacts of forensic interest to facilitate the timely collection and analysis of evidentiary materials from mobile devices involving the use of such apps. Artefacts of forensic interest recovered include user details and email addresses, chronology of user locations and food habits. We are also able to recover user credentials (e.g. user password and four-digit app login PIN number), locate user profile pictures and identify timestamp associated with the location of a user.