Live Memory Forensics of Mobile Phones

Abstract

In this paper, we proposed an automated system to perform a live memory forensic analysis for mobile phones. We investigated the dynamic behavior of the mobile phone’s volatile memory, and the analysis is useful in real-time evidence acquisition analysis of communication based applications. Different communication scenarios with varying parameters were investigated. Our experimental results showed that outgoing messages (from the phone) have a higher persistency than the incoming messages. In our experiments, we consistently achieved a 100% evidence acquisition rate with the outgoing messages. For the incoming messages, the acquisition rates ranged from 75.6% to 100%, considering a wide range of varying parameters in different scenarios. Hence, in a more realistic scenario where the parties may occasionally take turns to send messages and consecutively send a few messages, our acquisition can capture most of the data to facilitate further detailed forensic investigation. a 2010 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved.

View Slides

8 Figures and Tables

010202011201220132014201520162017
Citations per Year

69 Citations

Semantic Scholar estimates that this publication has 69 citations based on the available data.

See our FAQ for additional information.

Cite this paper

@inproceedings{Thing2010LiveMF, title={Live Memory Forensics of Mobile Phones}, author={Vrizlynn L. L. Thing and K G Ng and Ee-Chien Chang}, year={2010} }