Live forensics: diagnosing your system without killing it first
Communications of the ACM - Next-generation cyber forensics
Advances in Digital Forensics II (IFIP International Federation for Information Processing)
Advances in Digital Forensics II (IFIP International Federation for Information Processing)
Overcoming Impediments to Cell Phone Forensics
HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
International Journal of Electronic Security and Digital Forensics
An overall assessment of Mobile Internal Acquisition Tool
Digital Investigation: The International Journal of Digital Forensics & Incident Response
BodySnatcher: Towards reliable volatile memory acquisition by software
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A hardware-based memory acquisition procedure for digital investigations
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Toward a general collection methodology for Android devices
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Windows Mobile LiveSD Forensics
Journal of Network and Computer Applications
The impact of the antivirus on the digital evidence
International Journal of Electronic Security and Digital Forensics
Electronic Commerce Research
Hi-index | 0.00 |
In this paper, we proposed an automated system to perform a live memory forensic analysis for mobile phones. We investigated the dynamic behavior of the mobile phone's volatile memory, and the analysis is useful in real-time evidence acquisition analysis of communication based applications. Different communication scenarios with varying parameters were investigated. Our experimental results showed that outgoing messages (from the phone) have a higher persistency than the incoming messages. In our experiments, we consistently achieved a 100% evidence acquisition rate with the outgoing messages. For the incoming messages, the acquisition rates ranged from 75.6% to 100%, considering a wide range of varying parameters in different scenarios. Hence, in a more realistic scenario where the parties may occasionally take turns to send messages and consecutively send a few messages, our acquisition can capture most of the data to facilitate further detailed forensic investigation.