Data acquisition methods using backup data decryption of Sony smartphones

Abstract

As the storage capacity of smartphones increases, more user data such as call logs, SMS records, media data, and instant messages are stored in smartphones. Therefore, it is important in digital investigation to acquire smartphones containing the personal information of users. However, even when a prime suspect's smartphone is acquired, it is difficult to extract user data without obtaining root privilege. In this situation, smartphone backup data may be a valuable alternative to the extraction of user data. Using a smartphone backup, an investigator can extract most of the data stored in a smartphone including user data, with straightforward methods, and transfer them to a storage device such as an SD card, a USB, or a PC. Despite its convenience, backup data are hard to use as evidence, because backup data are encrypted using different methods depending on smartphone manufacturers, in order to protect user privacy.In this paper, we propose methods for decrypting encrypted backup data of Sony smartphones. In our analysis, we reverse-engineered the backup processes of the local backup and the PC backup provided by Sony smartphones, and analyzed the encryption methods applied to each set of backup data. In particular, we developed an algorithm for decrypting encrypted backup data on Sony smartphones, which we experimentally verified. As far as we know, this is the first research that has addressed the decryption of backup data on Sony smartphones.