Smartphone Volatile Memory Acquisition for Security Analysis and Forensics Investigation - Security and Privacy Protection in Information Processing Systems
Conference Papers Year : 2013

Smartphone Volatile Memory Acquisition for Security Analysis and Forensics Investigation

Abstract

In this paper, we first identify the need to be equipped with the capability to perform raw volatile memory data acquisition from live smartphones. We then investigate and discuss the potential of different approaches to achieve this task on Symbian smartphones. Based on our initial analysis, we propose a simple, flexible and portable approach which can have a full-coverage view of the memory space, to acquire the raw volatile memory data from commercial Symbian smartphones. We develop the tool to conduct the proof-of-concept experiments on the phones, and are able to acquire the volatile memory data successfully. A discussion on the problems we have encountered, the solutions we have proposed and the observations we have made in this research is provided. With the acquired data, we conduct an analysis on the memory images of the identified memory regions of interest, and propose a methodology for the purpose of in-depth malware security and forensics analysis.
Fichier principal
Vignette du fichier
978-3-642-39218-4_17_Chapter.pdf (888.86 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01463829 , version 1 (09-02-2017)

Licence

Identifiers

Cite

Vrizlynn L. Thing, Zheng-Leong Chua. Smartphone Volatile Memory Acquisition for Security Analysis and Forensics Investigation. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. pp.217-230, ⟨10.1007/978-3-642-39218-4_17⟩. ⟨hal-01463829⟩
113 View
1048 Download

Altmetric

Share

More