Abstract
In this paper, we first identify the need to be equipped with the capability to perform raw volatile memory data acquisition from live smartphones. We then investigate and discuss the potential of different approaches to achieve this task on Symbian smartphones. Based on our initial analysis, we propose a simple, flexible and portable approach which can have a full-coverage view of the memory space, to acquire the raw volatile memory data from commercial Symbian smartphones. We develop the tool to conduct the proof-of-concept experiments on the phones, and are able to acquire the volatile memory data successfully. A discussion on the problems we have encountered, the solutions we have proposed and the observations we have made in this research is provided. With the acquired data, we conduct an analysis on the memory images of the identified memory regions of interest, and propose a methodology for the purpose of in-depth malware security and forensics analysis.
Chapter PDF
Similar content being viewed by others
Keywords
References
Thing, V.L.L., Subramaniam, P., Tsai, F., Chua, T.-W.: Mobile phone anomalous behaviour detection for real-time information theft tracking. In: International Conference on Technical and Legal Aspects of the e-Society (February 2011)
Willassen, S.: Forensics and the GSM mobile telephone system. International Journal of Digital Evidence 2(1), 1–17 (2003)
Casadei, F., Savoldi, A., Gubian, P.: Forensics and SIM cards: an overview. International Journal of Digital Evidence 5(1), 1–21 (2006)
Kim, K., Hong, D., Chung, K., Ryou, J.-C.: Data acquisition from cell phone using logical approach. In: Proceedings of World Academy of Science, Engineering and Technology, vol. 26 (December 2007)
Mokhonoana, P.M., Olivier, M.S.: Acquisition of a Symbian smart phone’s content with an on-phone forensic tool. Department of Computer Science, University of Pretoria (2007)
Distefano, A., Me, G.: An overall assessment of mobile internal acquisition tool. In: Proceedings of the 8th Digital Forensics Research Conference (DFRWS), Digital Investigation, vol. 5(1), pp. S121–S127 (September 2008)
Jansen, W., Delaitre, A., Moenner, L.: Overcoming impediments to cell phone forensics. In: Proceedings of the 41st Hawaii International Conference on System Sciences (2008)
Hoog, A.: Android forensics. Presented at Mobile Forensics World 2009 (May 2009)
Willassen, S.: Forensic analysis of mobile phone internal memory. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics. IFIP, vol. 194, pp. 191–204. Springer, Boston (2006)
Al-Zarouni, M.: Introduction to mobile phone flasher devices and considerations for their use in mobile phone forensics. In: Proceedings of the 5th Australian Digital Forensics Conference (December 2007)
Thing, V.L.L., Tan, D.J.J.: Symbian smartphone forensics and security: Recovery of privacy-protected deleted data. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 240–251. Springer, Heidelberg (2012)
Thing, V.L.L., Chua, T.-W.: Symbian smartphone forensics: Linear bitwise data acquisition and fragmentation analysis. In: International Conference on Security Technology (November 2012)
AVG, Mobilation (May 2012), http://www.avg.com
Robota, Anti-virus scanner for symbian mobile phones (May 2012), http://www.robota.nl
Dr.Web, Mobile security suite (May 2012), http://www.drweb.com
Lookout, Mobile security (May 2012), https://www.mylookout.com
Gartner: Market Share: mobile communication devices by region and country, 3q11 (November 2011), http://www.gartner.com
Gartner: Gartner says sales of mobile devices grew 5.6 percent in third quarter of 2011; smartphone sales increased 42 percent, (November 2011), http://www.gartner.com/it/page.jsp?id=1848514
Statcounter, Top 8 mobile operating systems (February 2012), http://gs.statcounter.com/#mobile_os-ww-monthly-201202-201202-bar
Sales, J.: Symbian os internals: Real-time kernel programming (January 2006)
Vomel, S., Freiling, F.C.: A survey of main memory acquisition and analysis techniques for the windows operating system. Digital Investigation 8(1), 3–22 (2011)
Thing, V.L.L., Ng, K.-Y., Chang, E.-C.: Live memory forensics of mobile phones. Digital Investigation 7, S114–S120 (2010)
Zdziarski, J.: iPhone forensics. OI’Reilly Media (September 2008)
Hoog, A., Strzempka, K.: iPhone and iOS forensics. Syngress (June 2011)
Paraben: Device seizure, http://www.paraben.com/
Sourceforge, P3nfs, http://sourceforge.net/projects/p3nfs.berlios/
Breeuwsma, I.M.F.: Forensic imaging of embedded systems using jtag (boundary-scan). Digital Investigation 3(1), 32–42 (2006)
Savoldi, A., Gubian, P.: Symbian forensics: An overview. In: IEEE International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 529–533 (August 2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Thing, V.L.L., Chua, ZL. (2013). Smartphone Volatile Memory Acquisition for Security Analysis and Forensics Investigation. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds) Security and Privacy Protection in Information Processing Systems. SEC 2013. IFIP Advances in Information and Communication Technology, vol 405. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39218-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-39218-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39217-7
Online ISBN: 978-3-642-39218-4
eBook Packages: Computer ScienceComputer Science (R0)