안드로이드 환경의 OAuth 프로토콜을 이용한 원격지 데이터 수집 방법 연구

Using OAuth protocol, third-party applications on the Android operating system use user's credentials or access tokensthat have access authority on user's resources to gain user's account and personal information from account informationproviders. These credentials and token information are stored in the device by the OAuth data management method providedby the Android operating system. If this information is leaked, the attacker can use the leaked credential and token data toget user's personal data without login. This feature enables the digital forensic investigator to collect data directly from theremote server of the services used by the target of investigation in terms of collecting evidence data. Evidence datacollected at a remote location can be a basis for secondary warranties and provide evidence which can be very importantevidence when an attacker attempts to destroy evidence, such as the removal of an application from an Android device. Inthis paper, we analyze the management status of OAuth tokens in various Android operating system and device environment, and show how to collect data of various third party applications using it. This paper introduces a method of expanding thescope of data acquisition by collecting remote data of the services used by the subject of investigation from the viewpointof digital forensics.