每周報告‎ > ‎

2015-11-03-CW-Live memory forensics of mobile phones

張貼者:2016年1月11日 下午6:29莊志偉   [ 已更新 2016年1月13日 上午9:17 ]
In this paper, we proposed an automated system to perform a live memory forensic
analysis for mobile phones. We investigated the dynamic behavior of the mobile phone’s
volatile memory, and the analysis is useful in real-time evidence acquisition analysis of
communication based applications. Different communication scenarios with varying
parameters were investigated. Our experimental results showed that outgoing messages
(from the phone) have a higher persistency than the incoming messages. In our experiments,
we consistently achieved a 100% evidence acquisition rate with the outgoing
messages. For the incoming messages, the acquisition rates ranged from 75.6% to 100%,
considering a wide range of varying parameters in different scenarios. Hence, in a more
realistic scenario where the parties may occasionally take turns to send messages and
consecutively send a few messages, our acquisition can capture most of the data to
facilitate further detailed forensic investigation.
ć
莊志偉,
2016年1月13日 上午9:17
Comments