TY  - JOUR
A1  - Zhang, Xiaolu
A1  - Breitinger, Frank
A1  - Luechinger, Engelbert
A1  - O'Shaughnessy, Stephen
T1  - Android application forensics: a survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations
T2  - Forensic Science International: Digital Investigation
N2  - Android obfuscation techniques include not only classic code obfuscation techniques that were adapted to Android, but also obfuscation methods that target the Android platform specifically. This work examines the status-quo of Android obfuscation, obfuscation detection and deobfuscation. Specifically, it first summarizes obfuscation approaches that are commonly used by app developers for code optimization, to protect their software against code theft and code tampering but are also frequently misused by malware developers to circumvent anti-malware products. Secondly, the article focuses on obfuscation detection techniques and presents various available tools and current research. Thirdly, deobfuscation (which aims at reinstating the original state before obfuscation) is discussed followed by a brief discussion how this impacts forensic investigation. We conclude that although obfuscation is widely used in Android app development (benign and malicious), available tools and the practices on how to deal with obfuscation are not standardized, and so are inherently lacking from a forensic standpoint.
Y1  - 2021
UR  - https://opus.bibliothek.uni-augsburg.de/opus4/frontdoor/index/index/docId/117563
UR  - https://nbn-resolving.org/urn:nbn:de:bvb:384-opus4-1175633
SN  - 2666-2817
VL  - 39
SP  - 301285
PB  - Elsevier BV
ER  -