DocumentCode
2162053
Title
Dump and analysis of Android volatile memory on Wechat
Author
Zhou, Fan ; Yang, Yitao ; Ding, Zhaokun ; Sun, Guozi
Author_Institution
College of Computer, Nanjing University of Posts and Telecommunications, 210003, China
fYear
2015
fDate
8-12 June 2015
Firstpage
7151
Lastpage
7156
Abstract
With the popularity of smartphones, various types of mobile crimes emerge endlessly. Evidence from mobile phones is mostly obtained by non-volatile physical memory dump and file system analysis. The two methods can extract lots of private data, but often invalid for encrypted and deleted data. In this paper, we discuss the Android volatile memory and introduce some methods to dump the memory. Analysis on the Android volatile memory are also presented using software tools. At last the paper provides an in-depth analysis of Android memory structures to extract the encrypted chats and deleted messages on a popular social network application called Wechat [1]. The results show that all chats can be extracted in the form of plaintext, including some deleted messages.
Keywords
Androids; Cryptography; Humanoid robots; Kernel; Random access memory; Smart phones; Android forensics; Memory analysis; RAM; Volatile memory acquisition; Wechat;
fLanguage
English
Publisher
ieee
Conference_Titel
Communications (ICC), 2015 IEEE International Conference on
Conference_Location
London, United Kingdom
Type
conf
DOI
10.1109/ICC.2015.7249467
Filename
7249467
Link To Document