Acquisition and analysis of volatile memory from Android devices

(Publication) Google search: [1]

Abstract

“ The Android operating system for mobile phones, which is still relatively new, is rapidly gaining market share, with dozens of smartphones and tablets either released or set to be released. In this paper, we present the first methodology and toolset for acquisition and deep analysis of volatile physical memory from Android devices. The paper discusses some of the challenges in performing Android memory acquisition, discusses our new kernel module for dumping memory, named dmd, and specifically addresses the difficulties in developing device-independent acquisition tools. Our acquisition tool supports dumping memory to either the SD on the phone or via the network. We also present analysis of kernel structures using newly developed Volatility functionality. The results of this work illustrate the potential that deep memory analysis offers to digital forensics investigators.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR873,
   editor = {Elsevier},
   author = {Joe Sylve, Andrew Case, Lodovico Marziale, Golden G. Richard},
   title = {Acquisition and analysis of volatile memory from Android devices},
   date = {01},
   month = Feb,
   year = {2012},
    doi = {10.1016/j.diin.2011.10.003},
   howpublished = {\url{http://digitalforensicssolutions.com/papers/android-memory-analysis-DI.pdf}},
 }