Crypto Wallet Artifact Detection on Android Devices Using Advanced Machine Learning Techniques

Crypto Wallet Artifact Detection on Android Devices Using Advanced Machine Learning Techniques

연구 분야: Strategies

학회: International Conference on Digital Forensics and Cyber Crime

As cryptocurrencies started to be used frequently as an alternative to regular cash and credit card payments, the wallet solutions/apps that facilitate their use also became increasingly popular. This also intensified the involvement of these cryptowallet apps in criminal activities such as ransom requests, money laundering, and transactions on dark markets. From a digital forensics point of view, it is crucial to have tools and reliable approaches to detect these wallets on the machines/devices and extract their artifacts. However, in many cases forensic investigators need to reach these file artifacts quickly with minimal manual intervention due to time and resource constraints. Therefore, in this paper, we present a comprehensive framework that incorporates various machine learning approaches to enable fast and automated extraction/triage of crypto related artifacts on Android devices. Specifically, our method can detect which cryptowallets exist on the device, their artifacts (i.e., database/log files), the crypto related pictures and web browsing data. For each type of data, we offer a specific machine learning technique such as Support Vector Machine, Logistic Regression and Neural Networks to detect and classify these files. Our evaluation results show very high accuracy detecting the file artifacts with respect to alternative tools.