Research Area:  Digital Forensics
In this paper, we investigate and evaluate through experimental analysis the possibility of recovering authentication credentials of mobile applications from the volatile memory of Android mobile devices. Throughout the carried experiments and analysis, we have, exclusively, used open-source and free forensic tools. Overall, the contribution of this paper is threefold. First, it thoroughly, examines thirteen (13) mobile applications, which represent four common application categories that elaborate sensitive users data, whether it is possible to recover authentication credentials from the physical memory of mobile devices, following thirty (30) different scenarios. Second, it explores in the considered applications, if we can discover patterns and expressions that indicate the exact position of authentication credentials in a memory dump. Third, it reveals a set of critical observations regarding the privacy of Android mobile applications and devices.
Keywords:  
Author(s) Name:  Christoforos Ntantogian, Dimitris Apostolopoulos, Giannis Marinakis, Christos Xenakis
Journal name:  Computers & Security
Conferrence name:  
Publisher name:  ELSEVIER
DOI:  10.1016/j.cose.2014.01.004
Volume Information:  Volume 42, May 2014, Pages 66-76
Paper Link:   https://www.sciencedirect.com/science/article/pii/S0167404814000157