NFC Logging Mechanism—Forensic Analysis of NFC Artefacts on Android Devices

Abstract

Near field communication (NFC) is a technology that facilitates communication between NFC-enabled devices by utilizing low power and radiating signals around a close proximity. The interaction is always binary, between the initiator that emits signals within a range of 4 cm and the target which enters the field of the initiator to begin the interaction. The communication may be one way (passive) or two way (active). The data shared in the session is neither encrypted not authenticated. These two factors aid in potential communication and data transfer. However, this becomes downside to this upcoming technology, when the data provided by the initiator may be subjected to data spoofing or data corruption. When the target processes such data, it could leads to unintended behaviour thereby compromising the integrity of the device. When a forensic investigator is handed a compromised device and asked to recreate the alleged crime, he relies on the presence of nonvolatile data on the device. In the Android operating system, there is no mechanism to provide the nonvolatile artefacts ensuing an NFC interaction. Therefore, any digital crime on Android devices abetted by NFC remains unsolved and the case gets deferred. The main aim of this research is to develop a logging mechanism for Android devices that will log all the interactions taking place through the NFC hardware, and the presence of these nonvolatile logs along with other volatile artefacts would benefit the forensic investigator to comprehend the exact sequence of activities that jeopardized the conventional operation of the android device.