An Android-based Cellebrite UFED self-defense application
LockUp is an Android application that will monitor the device for signs for attempts to image it using known forensic tools like the Cellebrite UFED. Here is a blog I wrote.
Proof-of-Concept. Not meant as an in-depth defense
Android API 28, Does not require root
Relies on RECEIVE_BOOT_COMPLETED to start a Service and AccessibilityService
Monitors USB events through ACTION_USB_DEVICE, package installations, and known exploit staging locations on the filesystem
Detects Logical Extractions, File System Extractions, and Physical Extractions leveraging ADB
Will automatically respond with a factory reset with DeviceAdminReceiver
Beginning steps to researching more robust anti-forensic techniques