Ampliación Android del "MONO" packet capturer

Abstract

Digital Forensics can be defined as the use of scientific methods to find evidences in digital sources such as computers, tablets, mobile phones, databases, Network Interface Controllers (NICs), smart devices, etc. These evidences may be used to "support or refute a hypothesis" in a public or a private investigation (about criminal activities, intrusions, etc.). Network forensics is a "sub-branch of digital forensics related to the monitoring and analysis of computer networks". ANFORA (ANálisis FORense Avanzado) is a Spanish research project conducted by the Information Security Group of the UPC that is aimed at the innovation in digital forensics. Among its fields of research is the creation and improvement of tools and techniques to ease the work of analysts in digital and network forensics. In the context of this research project, we present this work that addresses the needs of automation and better user experience in network forensics analysis. This approach to "MONO" Packet Capturer has the following functionalities: · List IP packets with their content. · Download selected packets for further analysis with Wireshark. · List IP, UDP and TCP conversations. · Enable search by keyword in packet header and payload. · Decrypt SSL/TLS traffic, whenever possible. In this TFG, the main objective is to develop an Android client/app, which is also updated to expanding the following functionalities: · Discover the active TCP and UDP connections that each application uses in real time. · Add in TCP and UDP conversations list the application name that corresponds each one. · List files accessed during the sesión by each application.