Research Area: Digital Forensics
The Android operating system for mobile phones, which is still relatively new, is rapidly gaining market share, with dozens of smartphones and tablets either released or set to be released. In this paper, we present the first methodology and toolset for acquisition and deep analysis of volatile physical memory from Android devices. The paper discusses some of the challenges in performing Android memory acquisition, discusses our new kernel module for dumping memory, named dmd, and specifically addresses the difficulties in developing device-independent acquisition tools. Our acquisition tool supports dumping memory to either the SD on the phone or via the network. We also present analysis of kernel structures using newly developed Volatility functionality. The results of this work illustrate the potential that deep memory analysis offers to digital forensics investigators.
Keywords:
Author(s) Name: Joe Sylve, Andrew Case, Lodovico Marziale, Golden G. Richard
Journal name: Digital Investigation
Conferrence name:
Publisher name: Elsevier
DOI: 10.1016/j.diin.2011.10.003
Volume Information: Volume 8, Issues 3–4, February 2012, Pages 175-184
