De Rentiis K, Geus J, Freiling F (2026)
Publication Language: English
Publication Type: Journal article
Publication year: 2026
Book Volume: 56
URI: https://www.sciencedirect.com/science/article/pii/S2666281726000053
DOI: https://doi.org/10.1016/j.fsidi.2026.302048
Open Access Link: https://www.sciencedirect.com/science/article/pii/S2666281726000053
Due to differing hardware and software security mechanisms, the forensic analysis of smartphones is strongly device-dependent. Given their prevalence in forensic investigations, the research community and tool manufacturers have focused primarily on devices with standard Operating Systems (OSs) from major manufacturers. Consequently, privacy advocates promote devices based on highly configurable OSs, such as the Android Open Source Project (AOSP), or custom ROMs like GrapheneOS, which prioritize privacy and security. These OSs benefit investigators in both private use and covert investigations. However, they present a significant challenge when used by the opposing side. To properly assess the situation, we conduct the first forensic analysis of GrapheneOS: We give an overview of AOSP and the custom ROM ecosystem. We also explain security and privacy features of GrapheneOS and how they compare to Android's. Finally, we perform a data acquisition analysis, including tool support for GrapheneOS, and a network traffic analysis. Our results demonstrate that GrapheneOS improves upon Android security, and that its privacy features considerably complicate the remote acquisition of user data.
APA:
De Rentiis, K., Geus, J., & Freiling, F. (2026). The Investigator's Friend and Foe: A forensic analysis of GrapheneOS. Forensic Science International: Digital Investigation, 56. https://doi.org/https://doi.org/10.1016/j.fsidi.2026.302048
MLA:
De Rentiis, Katharina, Julian Geus, and Felix Freiling. "The Investigator's Friend and Foe: A forensic analysis of GrapheneOS." Forensic Science International: Digital Investigation 56 (2026).
BibTeX: Download