Implementation of Wifi Forensics for Investigating Android Connections
Usage of wireless communications in association with Android smartphones has become the very obvious and frequent choice for committing cybercrimes by cybercrooks. The wireless technology, despite being a boon for the techies’ race of mankind. And it has also become the toughest challenge for digital forensic investigators from an investigative point of view. “Wireless Forensics”, a terminology for Wireless Network Wifi Forensics, that has become a nightmare for the experts, was coined by Mr Marcus Ranum in 1997.
Wireless forensics, eventually turning into WiFi Forensics, includes the acquisition and analysis of the complete data moved to and fro over the network. Moreover, Cybercrooks have started making use of highly specialized technologies to hide their footprints. These technologies include: –
- Anonymizer: – An advanced technology-based proxy tool that excels in showcasing false paths of the activity that took place over the internet.
- Bittorent Bitblinder: – Tool that maintains the privacy of the users surfing BitTorrent and many more.
Let’s Dig into the Anatomy of WiFi – Conducting WiFi Forensics
The very first step that intelligent hackers follow during usage of any WiFi is to access it via some remote location, as tracing the Geolocation through IP addresses is a piece of cake for the investigators. The Android devices that people use very frequently actually store plenty of information about the WiFi network to which it has been connected. The file systems that an investigator may come across during the investigation include FAT, YAFFS2, etc.
The two primary tools is in use for WiFi forensics via Android smartphones include: –
- Android Software Development Kit (SDK)
user can obtain Android SDK from the following resource: –
http://developer.android.com/sdk/index.html
- Android Debug Bridge (ADB)
User can obtain the details about ADB and enabling adb debugging from the following resource: –
http://developer.android.com/tools/help/adb.html
Prerequisites for WiFi forensics with respect to connecting with an android device: –
- The smartphone must have an SD card with a considerably huge amount of space.
- Enable the Airplane mode.
- USB Debugging code.
- Rooting of the Android device.
Evidence Acquisition: –
The very first file that can be located after a complete investigation of the Android smartphone is “/misc/wifi” folder. The file is available with the name:
wpa_supplicant.conf
This wpa_supplicant.conf is a key negotiation technology that the WPA authenticator uses with the wireless driver. Stores the passwords of all the connected WiFi networks are in plain text format in this file.
All the crucial information about the connected WiFi hotspots gets stored in the SQLite file with the name: –
checkin.db
The checkin.db file has different locations based on different brands of smartphones. This file is an SQLite file and stores information about the WiFi hotspots that are indulge. Using any free tool SQLite Viewer users can view the SQLite database file. Click on the download button placed below, to get SQLite Viewer.
On the basis of WiFi info provided by the checkin.db file, the WiFi forensics investigation becomes very easier as the location can be traced on the basis of IP address.