Using machine learning to detect vault (anti-forensic) apps

Authors/Creators

Michael N. Johnstone, Edith Cowan UniversityFollow
Wencheng Yang
Mohiuddin Ahmed, Edith Cowan UniversityFollow

Abstract

Content hiding, or vault applications (apps), are designed with a secondary, often concealed purpose, such as encrypting and storing files. While these apps may serve legitimate functions, they unequivocally present significant challenges for law enforcement. Conventional methods for tackling this issue, whether static or dynamic, prove inadequate when devices—typically smartphones—cannot be modified. Additionally, these methods frequently require prior knowledge of which apps are classified as vault apps. This research decisively demonstrates that a non-invasive method of app analysis, combined with machine learning, can effectively identify vault apps. Our findings reveal that it is entirely possible to detect an Android vault app with 98% accuracy using a random forest classifier. This clearly indicates that our approach can be instrumental for law enforcement in their efforts to address this critical issue.

RAS ID

78838

Document Type

Journal Article

Date of Publication

5-1-2025

Volume

17

Issue

5

School

School of Science

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Publisher

MDPI

Identifier

Michael N. Johnstone: https://orcid.org/0000-0001-7192-7098

Mohiuddin Ahmed: https://orcid.org/0000-0002-4559-4768

Comments

Johnstone, M. N., Yang, W., & Ahmed, M. (2025). Using machine learning to detect vault (anti-forensic) apps. Future Internet, 17(5). https://doi.org/10.3390/fi17050186

Recommended Citation

Johnstone, M. N., Yang, W., & Ahmed, M. (2025). Using machine learning to detect vault (anti-forensic) apps. DOI: https://doi.org/10.3390/fi17050186