| Download PDFOpen PDF in browser Andrologger: Collecting and Correlating Events to Identify Suspicious Activities in AndroidEasyChair Preprint 1867 pages•Date: May 30, 2018AbstractWith the tremendous increase in android smartphone users and easy availability; industry, government and enterprises are trying to tap into these device’s usage possibility for organization’s work purpose. This could significantly reduce the costs and add capabilities earlier un-existed for the enterprises. However, organizations should be prepared to deal with the risk associated with it. These devices will contain plethora of information and data regarding work which when compromised can pose significant challenge to internal investigations comprising policy violations, data theft, intellectual property theft, sabotage, social engineering attacks. In android forensics the earlier approaches and capabilities usually are limited to physical access with forensic tools, though useful but not exposed to full potential. In this paper, we propose a tool, Andrologger which has the capability of automatically collecting data and user events from the device and sent to enterprise server for monitoring and analysis. This data can then be co-related with various activities to suggest a suspected user, beforehand. Andrologger will help investigators and analysts with the real data from the user and their activities and can also be used for user behavior analysis during work-hours by the organizations. Keyphrases: Android Forensics, Andrologger, BYOD, Enterprise, Suspiciousness, data collection 
 | 

