Smartphone Volatile Memory Acquisition for Security Analysis and Forensics Investigation

Abstract : In this paper, we first identify the need to be equipped with the capability to perform raw volatile memory data acquisition from live smartphones. We then investigate and discuss the potential of different approaches to achieve this task on Symbian smartphones. Based on our initial analysis, we propose a simple, flexible and portable approach which can have a full-coverage view of the memory space, to acquire the raw volatile memory data from commercial Symbian smartphones. We develop the tool to conduct the proof-of-concept experiments on the phones, and are able to acquire the volatile memory data successfully. A discussion on the problems we have encountered, the solutions we have proposed and the observations we have made in this research is provided. With the acquired data, we conduct an analysis on the memory images of the identified memory regions of interest, and propose a methodology for the purpose of in-depth malware security and forensics analysis.
Document type :
Conference papers
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.217-230, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_17〉
Liste complète des métadonnées

Cited literature [25 references]  Display  Hide  Download

https://hal.inria.fr/hal-01463829
Contributor : Hal Ifip <>
Submitted on : Thursday, February 9, 2017 - 5:23:52 PM
Last modification on : Thursday, February 9, 2017 - 5:37:20 PM
Document(s) archivé(s) le : Wednesday, May 10, 2017 - 2:46:32 PM

File

978-3-642-39218-4_17_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Vrizlynn Thing, Zheng-Leong Chua. Smartphone Volatile Memory Acquisition for Security Analysis and Forensics Investigation. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.217-230, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_17〉. 〈hal-01463829〉

Share

Metrics

Record views

54

Files downloads

103