Ing. Marián Svetlík

Ing. Marián Svetlík

Mgr. Dominik Novák

Department of Information Security

This thesis contains research about methods of mobile forensics, specifically dealing with mobile phones running Android and iOS operating systems. It describes the architecture of said operating systems and the methods they offer for managing application data. It also presents some relevant topics such as file encryption, backup systems, and privilege escalation. Next, it provides an analysis of mobile phone storage, methods of accessing it, and locations where application data is stored. The result of this is a description of the standard file system structure that is accessible to every application for storing its data. The next part of this thesis is dedicated to methods of mobile forensic analysis, specifically the methods of acquiring data from the devices, since this part is the most distinct from classic digital forensics. The methods are divided into groups according to the difficulty and the effect they have on the device. The stage of analyzing the data then consists of identifying relevant files and exploring their contents. Previous findings are then demonstrated using the WhatsApp application. This application was chosen because its data is a rich source of information and is also well-described in many other papers. This part serves as a basis for the next chapter, which involves manual analysis of a different application. For that, the chosen application is Vinted. Results of the analysis are a description of found data and a script that creates a PDF document with the most relevant information.

Thesis on DSpace