A study on LG content lock and data acquisition from apps based on content lock function

Abstract

During digital forensics investigations, smartphone application data are an important target, because they store personal user data, such as memos, images, and videos. Some applications use data hiding or encryption to protect application data, including personal user information. While these methods are excellent for data protection, they act as anti-forensics in digital forensic investigations. The LG smartphone provides Content Lock as a system application to protect the privacy of the user's memo and multimedia files. Content locked by Content Lock can only be accessed by entering the password specified by the user. In this paper, we identified the password verification process of Content Lock using reverse engineering, and recovery of the password input by the user. The original data in the locked file were acquired by analyzing two applications, QuickMemo+ and Gallery, that use Content Lock. No special data were required to obtain the original data. Our research enabled us to obtain original data hidden or encrypted by system apps on LG smartphones. Our research suggests that it is possible to obtain original data hidden or encrypted by system apps on LG smartphones.