Introduction to Automata Theory, Languages and Computability
Introduction to Automata Theory, Languages and Computability
Artificial Intelligence: A Modern Approach
Artificial Intelligence: A Modern Approach
Efficient randomized pattern-matching algorithms
IBM Journal of Research and Development - Mathematics and computing
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
From dirt to shovels: fully automatic tool generation from ad hoc data
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Discoverer: automatic protocol reverse engineering from network traces
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
LearnPADS: automatic tool generation from ad hoc data
Proceedings of the 2008 ACM SIGMOD international conference on Management of data
Tupni: automatic reverse engineering of input formats
Proceedings of the 15th ACM conference on Computer and communications security
Ad Hoc Data and the Token Ambiguity Problem
PADL '09 Proceedings of the 11th International Symposium on Practical Aspects of Declarative Languages
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering
Proceedings of the 16th ACM conference on Computer and communications security
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Reverse engineering for mobile systems forensics with Ares
Proceedings of the 2010 ACM workshop on Insider threats
Detecting file fragmentation point using sequential hypothesis testing
Digital Investigation: The International Journal of Digital Forensics & Incident Response
The growing need for on-scene triage of mobile devices
Digital Investigation: The International Journal of Digital Forensics & Incident Response
The forensic use of mobile phone flasher boxes
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Effective digital forensics research is investigator-centric
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
| Hi-index | 0.00 |
We present DEC0DE, a system for recovering information from phones with unknown storage formats, a critical problem for forensic triage. Because phones have myriad custom hardware and software, we examine only the stored data. Via flexible descriptions of typical data structures, and using a classic dynamic programming algorithm, we are able to identify call logs and address book entries in phones across varied models and manufacturers. We designed DEC0DE by examining the formats of one set of phone models, and we evaluate its performance on other models. Overall, we are able to obtain high performance for these unexamined models: an average recall of 97% and precision of 80% for call logs; and average recall of 93% and precision of 52% for address books. Moreover, at the expense of recall dropping to 14%, we can increase precision of address book recovery to 94% by culling results that don't match between call logs and address book entries on the same phone.