2010
DOI: 10.1016/j.diin.2010.05.010
|View full text |Cite
|
Sign up to set email alerts
|

Abstract: Volatile memoryMobile phones Android a b s t r a c tIn this paper, we proposed an automated system to perform a live memory forensic analysis for mobile phones. We investigated the dynamic behavior of the mobile phone's volatile memory, and the analysis is useful in real-time evidence acquisition analysis of communication based applications. Different communication scenarios with varying parameters were investigated. Our experimental results showed that outgoing messages (from the phone) have a higher persiste… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
37
0
2

Year Published

2014
2014
2023
2023

Publication Types

Select...
6
4

Relationship

0
10

Authors

Journals

citations
Cited by 97 publications
(39 citation statements)
references
References 11 publications
0
37
0
2
Order By: Relevance
“…Hilgers et al [14] identified a variety of data structures in memory images (e.g., GPS coordinates within photo metadata). Thing et al [32] proposed an automated system that analyzes live memory on Android devices and showed it is possible to extract messages. DEC0DE [34] proposed a technique to extract plain-text call logs and address book entries from phone storage using probabilistic finite state machines.…”
Section: A Memory Forensicsmentioning
confidence: 99%
“…Hilgers et al [14] identified a variety of data structures in memory images (e.g., GPS coordinates within photo metadata). Thing et al [32] proposed an automated system that analyzes live memory on Android devices and showed it is possible to extract messages. DEC0DE [34] proposed a technique to extract plain-text call logs and address book entries from phone storage using probabilistic finite state machines.…”
Section: A Memory Forensicsmentioning
confidence: 99%
“…Yen [5] and Urrea [6] focus on Linux memory, Urrea [6] developed a tool named "dd" to obtain physical memory at runtime from /proc/mem. Thing [7] firstly proposed that the volatile memory of the mobile phone is important role in forensic investigation process, they developed a forensic tool named "memgrab" to dump a specific process memory for Android. However, It cannot acquire the complete volatile memory from Android phone.…”
Section: A Android Volatile Memory Acquisitionmentioning
confidence: 99%
“…In [19], the authors use the process trace system call to stop and resume processes and to create memory dumps of their address spaces. This is useful when data remains in memory only for a very short period.…”
Section: Related Workmentioning
confidence: 99%