Forensic Analysis of Android Cryptocurrency Wallet Applications.

Crypto wallet apps that integrate with blockchains enable users to execute digital currency transactions with quick response codes. In 2021, there were more than 68 million crypto wallet app users [8]. As new crypto wallets and cryptocurrencies enter the market, the number of users will continue to increase. Mobile apps are commonly employed by users to execute cryptocurrency transactions and manage funds. As a result, sensitive information stored in mobile apps constitutes critical evidence in digital forensic investigations. This chapter describes a forensic analysis method for Android cryptocurrency wallet apps that extracts evidence from the local filesystems and system logs. The results of forensic analyses of 253 real-world Android cryptocurrency wallet apps are interesting. A total of 135 crypto wallet apps store user account information in local filesystems that are accessible by malware. As many as 67 crypto wallet apps access and store user location information in a local database and log files, and twelve crypto wallet apps track the last used times of other applications installed on the devices. The research also reveals that, without resorting to deleted file recovery, various types of evidentiary data can be identified in local filesystems and system logs. Additionally, several types of evidence that were latent in previous studies are shown to be discoverable.