Smartphone Volatile Memory Acquisition for Security Analysis and Forensics Investigation

Abstract : In this paper, we first identify the need to be equipped with the capability to perform raw volatile memory data acquisition from live smartphones. We then investigate and discuss the potential of different approaches to achieve this task on Symbian smartphones. Based on our initial analysis, we propose a simple, flexible and portable approach which can have a full-coverage view of the memory space, to acquire the raw volatile memory data from commercial Symbian smartphones. We develop the tool to conduct the proof-of-concept experiments on the phones, and are able to acquire the volatile memory data successfully. A discussion on the problems we have encountered, the solutions we have proposed and the observations we have made in this research is provided. With the acquired data, we conduct an analysis on the memory images of the identified memory regions of interest, and propose a methodology for the purpose of in-depth malware security and forensics analysis.
Type de document :
Communication dans un congrès
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.217-230, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_17〉
Liste complète des métadonnées

Littérature citée [25 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01463829
Contributeur : Hal Ifip <>
Soumis le : jeudi 9 février 2017 - 17:23:52
Dernière modification le : jeudi 9 février 2017 - 17:37:20
Document(s) archivé(s) le : mercredi 10 mai 2017 - 14:46:32

Fichier

978-3-642-39218-4_17_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Vrizlynn Thing, Zheng-Leong Chua. Smartphone Volatile Memory Acquisition for Security Analysis and Forensics Investigation. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.217-230, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_17〉. 〈hal-01463829〉

Partager

Métriques

Consultations de la notice

92

Téléchargements de fichiers

188