Forensic analysis and evaluation of file-wiping applications in Android OS.

Anti-forensics refers to techniques designed to obstruct the discovery of evidence in digital forensic investigations. File-wiping is one of the anti-forensic techniques that make data recovery impossible by overwriting data with specific patterns. This technique poses significant challenges to investigators. Our study evaluates the effectiveness of file-wiping applications on the Android OS from the anti-forensic perspective. We selected six applications from the Google Play Store that support file-level wiping. By analyzing these applications using reverse engineering and digital forensic tools, we addressed the three key research questions. First, we discovered that although one application claimed to provide file-wiping functionality, it actually performed simple file deletions, making the deleted files recoverable. Second, we found that file-wiping applications did not adhere to file-wiping standards or guidelines. Lastly, by examining artifacts generated by the Android OS and applications during the file-wiping process, we were able to reveal evidence of tool execution and artifacts of wiped files. Based on these findings, we propose a novel evaluation framework that assists digital forensic investigators in detecting traces of wiping activity and inferring information about deleted data on Android devices.