ISSN(Online) : 2319 - 8753 ISSN (Print) : 2347 - 6710 International Journal of Innovative Research in Science, Engineering and Technology (An ISO 3297: 2007 Certified Organization) Vol. 4, Issue 4, April 2015 Copyright to IJIRSET DOI: 10.15680/IJIRSET.2015.0404029 2014 Anti-forensic: Design and Implementation of an Android Forensic Analyzer Walter. T. Mambodza 1 , Nagoor Meeran A.R 2 PG Student, Information Security and Computer Forensics, SRM University, Chennai, India 1 Assistant Professor, Information Security and Computer Forensics, SRM University, Chennai, India 2 ABSTRACT: In incident response the Computer Emergency Response Team (CERT) or Computer Incident Response Team (CIRT) investigates an incidence in order to have a detailed description on how a crime was conducted, who was responsible and ways of making sure that the incident will not happen in future. In order for an investigation to commence there is need for someone to report the incident. The forensic expert or investigatorquarantines the crime scene, takes a photograph of the area and seizes the evidence in a forensically sound manner whilst preserving the integrity of data. The evidence media is taken to the forensic lab or workstation where an investigation is conducted. In most cases the investigator is qualified and skilled to perform the operation. The investigation process consists of two sub processes which are Data Collection and Data Analysis. Data collection is the process of acquiring the data that will assist in the investigation process for example through the use of Incident Response Toolkit. Data Analysis is the process of examining the collected data by using various forensic tools that follow the Association Chief of Police Officers (ACPO) principles in order to obtain results. The goals of information security are to protect the confidentiality, integrity and availability of data.Hackers compromise the information security and use anti- forensic techniques to make it difficult for investigators to detect and prove the existence and involvement in the crime. The aim of this paper is to design and implement an application that will provide a solution to some of the anti-forensic data hiding techniques. KEYWORDS: Incident, Anti-forensic, CERT, CIRT, Data collection, Data analysis, Evidence I. INTRODUCTION Anti- forensics is a technique that makes it hard for investigators to find a perpetrator for crime and impossible to prove if they find the criminal. They are various anti-forensic techniques such as artifact wiping, trail obfuscation, attacks against computer forensics processes, tools and data hiding. [1] Data hiding techniques can be classified as Encryption or Steganography. When the two are combined they make a forensic investigation difficult if not impossible. Encryption is the process of converting plain text into cipher text through the use of algorithms and keys. Steganography is the process of hiding data or files within another file it can be video, image or audio that is used as a cover media. The Association of Chief Police Officers produced the “Good Practice Guide for Computer Based Electronic Evidence” which states 4 principles which are that no one should change or modify data that is termed as evidence, if original data is accessed the person must be competent to do so and give evidence at the end, All the processes should be recorded during investigation and a third party should be able to follow the steps and produce same results.[2] The fourth principle of the ACPO is that the person performing the investigation should accept full responsibility and ensure that all principles are adhered to. Android forensics has been a major concern due to the increase of the number of people accessing and using android phones. When an incident is reported fig 1.0 shows the steps that are done in incident response methodology. The main goal is to investigate the incident. The process of investigation comprises of two operations which are Data Collection and Data Analysis. The research proposes an application that will collect and analyze data on an android device by preserving the integrity of data and performing all the processes in a forensically sound manner.