DocumentCode :
2162053
Title :
Dump and analysis of Android volatile memory on Wechat
Author :
Zhou, Fan ; Yang, Yitao ; Ding, Zhaokun ; Sun, Guozi
Author_Institution :
College of Computer, Nanjing University of Posts and Telecommunications, 210003, China
fYear :
2015
fDate :
8-12 June 2015
Firstpage :
7151
Lastpage :
7156
Abstract :
With the popularity of smartphones, various types of mobile crimes emerge endlessly. Evidence from mobile phones is mostly obtained by non-volatile physical memory dump and file system analysis. The two methods can extract lots of private data, but often invalid for encrypted and deleted data. In this paper, we discuss the Android volatile memory and introduce some methods to dump the memory. Analysis on the Android volatile memory are also presented using software tools. At last the paper provides an in-depth analysis of Android memory structures to extract the encrypted chats and deleted messages on a popular social network application called Wechat [1]. The results show that all chats can be extracted in the form of plaintext, including some deleted messages.
Keywords :
Androids; Cryptography; Humanoid robots; Kernel; Random access memory; Smart phones; Android forensics; Memory analysis; RAM; Volatile memory acquisition; Wechat;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Communications (ICC), 2015 IEEE International Conference on
Conference_Location :
London, United Kingdom
Type :
conf
DOI :
10.1109/ICC.2015.7249467
Filename :
7249467
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2162053
بازگشت