VIDE - Vault App Identification and Extraction System for iOS Devices

Gokila Dorai, Sudhir Aggarwal, Neet Patel, Charisa Powell

Research output: Contribution to journalArticlepeer-review

Abstract

Content hiding (or vault) apps are a class of applications that allow users to hide photos, videos, documents and other content securely. A subclass of these applications called decoy apps further supports secret hiding by having a mode which mimics standard apps such as calculators but can turn into a vault app through entering a specific input. In this work we focus on iOS devices and first describe how to identify content hiding applications from the App Store. We consider not only the US Store but also give results for App Stores in Russia, India and China. We show an effective and very fast identification of content hiding apps through a two-phase process: initial categorization using keywords followed by more precise binary classification. We next turn to understanding the behavior and features of these vault apps and how to extract the hidden information from artifacts of the app's stored data. Based on this work, we have designed and built a fully automated vault app identification and extraction system that first identifies and then extracts the hidden data from the apps on an iOS smartphone. Using our vault identification and data extraction system (VIDE), law enforcement investigators can more easily identify and extract data from such apps as needed. Although vault apps are removed regularly from the App Store, VIDE can still identify removed apps as our system continues to maintain information on such apps in our vault database.

Original languageEnglish (US)
Article number301007
JournalForensic Science International: Digital Investigation
Volume33
DOIs
StatePublished - Jul 2020

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Pathology and Forensic Medicine
  • Law
  • Medical Laboratory Technology

Fingerprint

Dive into the research topics of 'VIDE - Vault App Identification and Extraction System for iOS Devices'. Together they form a unique fingerprint.

Cite this