Retrofitting Mobile Devices for Capturing Memory-Resident Malware Based on System Side-Effects - Advances in Digital Forensics XV
Conference Papers Year : 2019

Retrofitting Mobile Devices for Capturing Memory-Resident Malware Based on System Side-Effects

Jason Staggs
  • Function : Author
Sujeet Shenoi
  • Function : Author
  • PersonId : 991346

Abstract

Sophisticated memory-resident malware that target mobile phone platforms can be extremely difficult to detect and capture. However, triggering volatile memory captures based on observable system side-effects exhibited by malware can harvest live memory that contains memory-resident malware. This chapter describes a novel approach for capturing memory-resident malware on an Android device for future analysis. The approach is demonstrated by making modifications to the Android debuggerd daemon to capture memory while a vulnerable process is being exploited on a Google Nexus 5 phone. The implementation employs an external hardware device to store a memory capture after successful exfiltration from the compromised mobile device.
Fichier principal
Vignette du fichier
488399_1_En_4_Chapter.pdf (1.04 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-02534602 , version 1 (07-04-2020)

Licence

Identifiers

Cite

Zachary Grimmett, Jason Staggs, Sujeet Shenoi. Retrofitting Mobile Devices for Capturing Memory-Resident Malware Based on System Side-Effects. 15th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2019, Orlando, FL, United States. pp.59-72, ⟨10.1007/978-3-030-28752-8_4⟩. ⟨hal-02534602⟩
67 View
76 Download

Altmetric

Share

More