Paper Info
Title
Acquisition and analysis of volatile memory from android devices.
Abstract
The Android operating system for mobile phones, which is still relatively new, is rapidly gaining market share, with dozens of smartphones and tablets either released or set to be released. In this paper, we present the first methodology and toolset for acquisition and deep analysis of volatile physical memory from Android devices. The paper discusses some of the challenges in performing Android memory acquisition, discusses our new kernel module for dumping memory, named dmd, and specifically addresses the difficulties in developing device-independent acquisition tools. Our acquisition tool supports dumping memory to either the SD on the phone or via the network. We also present analysis of kernel structures using newly developed Volatility functionality. The results of this work illustrate the potential that deep memory analysis offers to digital forensics investigators.
Year
DOI
Venue
2012
10.1016/j.diin.2011.10.003
Digital Investigation
Keywords
Field
DocType
Android,Memory forensics,Memory analysis,Linux,Mobile device forensics
Kernel (linear algebra),Android (operating system),Digital forensics,Memory forensics,Computer security,Computer science,Mobile device forensics,Phone,Market share,Volatile memory,Operating system,Embedded system
Journal
Volume
Issue
ISSN
8
3
1742-2876
Citations 
PageRank 
References 
53
2.94
8
Authors
4
Name
Order
Citations
PageRank
Joe Sylve1543.65
Andrew Case213811.36
Lodovico Marziale321415.10
Golden G. Richard III432637.91