Smart mobile devices have become an essential part of our lives, both professionally and privately. As we expand our digital presence and usage of these devices, we also increase the amount of evidence left behind. Locard’s principle states that every contact leaves a trace, a principle applicable not only to traditional crime but also the cyber realm. This project addresses an area in which this principle is applied, in terms of wireless networks and their access points that have been identified through the wireless scanning process. Both access points and smart devices use different, yet similar, network frames to advertise their existence before a connection can be established between two devices. These frames contain the data that this project aims to locate, MAC addresses, which are uniquely identifiable data, that can be used to identify any device that holds a wireless interface. By analysing the mobile device of a user after a short, city centre walk, the MAC addresses of nearby wireless access points were identified and used to retrace the route travelled by the user. However, as the information was only found in volatile memory, there was a limited timeframe to capture this data.
- digital forensics; android; volatile memory; wireless communication; MAC address
Amundsen, A., & Ovens, K. (2018). Forensics analysis of wi-fi communication traces in mobile devices. In International Workshop on Big Data Analytic for Cyber Crime Investigation and Prevention IEEE. https://doi.org/10.1109/BigData.2017.8258357