Research Area:  Digital Forensics
With the popularity of smartphones, various types of mobile crimes emerge endlessly. Evidence from mobile phones is mostly obtained by non-volatile physical memory dump and file system analysis. The two methods can extract lots of private data, but often invalid for encrypted and deleted data. In this paper, we discuss the Android volatile memory and introduce some methods to dump the memory. Analysis on the Android volatile memory are also presented using software tools. At last the paper provides an in-depth analysis of Android memory structures to extract the encrypted chats and deleted messages on a popular social network application called Wechat [1]. The results show that all chats can be extracted in the form of plaintext, including some deleted messages.
Keywords:  
Author(s) Name:  Fan Zhou; Yitao Yang; Zhaokun Ding; Guozi Sun
Journal name:  
Conferrence name:  IEEE International Conference on Communications (ICC)
Publisher name:  IEEE
DOI:  10.1109/ICC.2015.7249467
Volume Information:  
Paper Link:   https://ieeexplore.ieee.org/abstract/document/7249467