Please use this identifier to cite or link to this item:
https://scholarbank.nus.edu.sg/handle/10635/40364
| Title: | Live memory forensics of mobile phones | Authors: | Thing, V.L.L. Ng, K.-Y. Chang, E.-C. |
Keywords: | Android Live forensics Mobile phones Volatile memory |
Issue Date: | 2010 | Citation: | Thing, V.L.L., Ng, K.-Y., Chang, E.-C. (2010). Live memory forensics of mobile phones. DFRWS 2010 Annual Conference : S74-S82. ScholarBank@NUS Repository. | Abstract: | In this paper, we proposed an automated system to perform a live memory forensic analysis for mobile phones. We investigated the dynamic behavior of the mobile phone's volatile memory, and the analysis is useful in real-time evidence acquisition analysis of communication based applications. Different communication scenarios with varying parameters were investigated. Our experimental results showed that outgoing messages (from the phone) have a higher persistency than the incoming messages. In our experiments, we consistently achieved a 100% evidence acquisition rate with the outgoing messages. For the incoming messages, the acquisition rates ranged from 75.6% to 100%, considering a wide range of varying parameters in different scenarios. Hence, in a more realistic scenario where the parties may occasionally take turns to send messages and consecutively send a few messages, our acquisition can capture most of the data to facilitate further detailed forensic investigation. © 2010 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved. | Source Title: | DFRWS 2010 Annual Conference | URI: | http://scholarbank.nus.edu.sg/handle/10635/40364 |
| Appears in Collections: | Staff Publications |
Show full item record
Files in This Item:
There are no files associated with this item.
Google ScholarTM
Check
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.