Skip to Main content Skip to Navigation
Conference papers

Retrofitting Mobile Devices for Capturing Memory-Resident Malware Based on System Side-Effects

Abstract : Sophisticated memory-resident malware that target mobile phone platforms can be extremely difficult to detect and capture. However, triggering volatile memory captures based on observable system side-effects exhibited by malware can harvest live memory that contains memory-resident malware. This chapter describes a novel approach for capturing memory-resident malware on an Android device for future analysis. The approach is demonstrated by making modifications to the Android debuggerd daemon to capture memory while a vulnerable process is being exploited on a Google Nexus 5 phone. The implementation employs an external hardware device to store a memory capture after successful exfiltration from the compromised mobile device.
Document type :
Conference papers
Complete list of metadata

Cited literature [12 references]  Display  Hide  Download

https://hal.inria.fr/hal-02534602
Contributor : Hal Ifip <>
Submitted on : Tuesday, April 7, 2020 - 10:37:00 AM
Last modification on : Tuesday, April 7, 2020 - 10:42:41 AM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2022-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Zachary Grimmett, Jason Staggs, Sujeet Shenoi. Retrofitting Mobile Devices for Capturing Memory-Resident Malware Based on System Side-Effects. 15th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2019, Orlando, FL, United States. pp.59-72, ⟨10.1007/978-3-030-28752-8_4⟩. ⟨hal-02534602⟩

Share

Metrics

Record views

37