Volatile Memory Message Carving: A "per process basis" Approach

نویسندگان

  • Aisha Ibrahim Ali-Gombe
  • Aisha Ali-Gombe
چکیده

The pace at which data and information transfer and storage has shifted from PCs to mobile devices is of great concern to the digital forensics community. Android is fast becoming the operating system of choice for these hand-held devices, hence the need to develop better forensic techniques for data recovery cannot be over-emphasized. This thesis analyzes the volatile memory for Motorola Android devices with a shift from traditional physical memory extraction to carving residues of data on a “per process basis”. Each Android application runs in a separate process within its own Dalvik Virtual Machine (JVM) instance, thus, the proposed “per process basis” approach. To extract messages, we first extract the runtime memory of the MotoBlur application, then carve and reconstruct both deleted and undeleted messages (emails and chat messages). An experimental study covering two Android phones is also presented.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Forensic Carving of Wireless Network Information from the Android Linux Kernel

.................................................................................................................... v Chapter 1 Introduction ............................................................................................. 1 1.1 Motivation ................................................................................................................. 1 1.2 Android Operating System...

متن کامل

Novel Log Management for Sender-based Message Logging

Among message logging approaches, volatile logging by sender processes considerably alleviates the normal operation overhead of synchronous logging on stable storage. But, this approach forces each process to maintain log information of its sent messages in its limited volatile memory. This paper presents a novel log management algorithm to effectively eliminate the volatile log information at ...

متن کامل

Lightweight Log Management Algorithm for Removing Logged Messages of Sender Processes With Little Overhead

Sender-based message logging allows each message to be logged in the volatile storage of its corresponding sender. This behavior avoids logging messages on the stable storage synchronously and results in lower failure-free overhead than receiver-based message logging. However, in the first approach, each process should keep in its limited volatile storage the log information of its sent message...

متن کامل

Improved Content Aware Image Retargeting Using Strip Partitioning

Based on rapid upsurge in the demand and usage of electronic media devices such as tablets, smart phones, laptops, personal computers, etc. and its different display specifications including the size and shapes, image retargeting became one of the key components of communication technology and internet. The existing techniques in image resizing cannot save the most valuable information of image...

متن کامل

Improving Message Logging Protocols Scalability through Distributed Event Logging

Message logging is an attractive solution to provide fault tolerance for message passing applications because it is more scalable than coordinated checkpointing. Sender-based message logging is a well known optimization that allows to save messages payload in the sender memory and so only the events corresponding to message receptions have to be logged reliably using an event logger. In existin...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013