Live memory forensics of mobile phones

Authors:
Vrizlynn L. L. Thing;Kian-Yong Ng;Ee-Chien Chang
Affiliations:
Cryptography & Security Department, Institute for Infocomm Research, 1 Fusionopolis Way, #21-01, Connexis (South Tower), Singapore 138632, Singapore;School of Computing, National University of Singapore, Singapore;School of Computing, National University of Singapore, Singapore
Venue:
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Year:
2010

Citing 8
Cited 4

Live forensics: diagnosing your system without killing it first

Communications of the ACM - Next-generation cyber forensics
Advances in Digital Forensics II (IFIP International Federation for Information Processing)

Advances in Digital Forensics II (IFIP International Federation for Information Processing)
Overcoming Impediments to Cell Phone Forensics

HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
Fast smartphones forensic analysis results through mobile internal acquisition tool and forensic farm

International Journal of Electronic Security and Digital Forensics
An overall assessment of Mobile Internal Acquisition Tool

Digital Investigation: The International Journal of Digital Forensics & Incident Response
BodySnatcher: Towards reliable volatile memory acquisition by software

Digital Investigation: The International Journal of Digital Forensics & Incident Response
FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory

Digital Investigation: The International Journal of Digital Forensics & Incident Response
A hardware-based memory acquisition procedure for digital investigations

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Toward a general collection methodology for Android devices

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Windows Mobile LiveSD Forensics

Journal of Network and Computer Applications
The impact of the antivirus on the digital evidence

International Journal of Electronic Security and Digital Forensics
The disclosure of an Android smartphone's digital footprint respecting the Instant Messaging utilizing Skype and MSN

Electronic Commerce Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we proposed an automated system to perform a live memory forensic analysis for mobile phones. We investigated the dynamic behavior of the mobile phone's volatile memory, and the analysis is useful in real-time evidence acquisition analysis of communication based applications. Different communication scenarios with varying parameters were investigated. Our experimental results showed that outgoing messages (from the phone) have a higher persistency than the incoming messages. In our experiments, we consistently achieved a 100% evidence acquisition rate with the outgoing messages. For the incoming messages, the acquisition rates ranged from 75.6% to 100%, considering a wide range of varying parameters in different scenarios. Hence, in a more realistic scenario where the parties may occasionally take turns to send messages and consecutively send a few messages, our acquisition can capture most of the data to facilitate further detailed forensic investigation.