Abstract
Android is one of the most popular and widely used mobile operating systems and one of the most actively researched products in the field of mobile forensics. However, analysis of Android caches has been, to date, an understudied research topic, which limits its potential use in forensic investigations. Due to the diversity of cache formats on Android, we propose a cache taxonomy based on app usage. Using this taxonomy as a base, a systematic process, known as the Android Cache Forensic Process, is proposed to forensically classify, extract and analyze Android caches. Various cache formats utilized by 11 popular Android apps are analyzed. As part of this analysis, a number of cache formats are decoded and several cache formats commonly used by Android apps are documented from a forensic perspective. Based on our technical findings, an Android Cache Viewer prototype was also developed. This prototype is able to decode a number of Android cache formats and display the contents in an accessible manner.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
