You can run but you cannot hide from memory: Extracting im evidence of Android apps
Authors: Nisioti, A., Mylonas, A., Katos, V., Yoo, P.D. and Chryssanthou, A.
Journal: Proceedings - IEEE Symposium on Computers and Communications
Pages: 457-464
ISBN: 9781538616291
ISSN: 1530-1346
DOI: 10.1109/ISCC.2017.8024571
Abstract:Smartphones have become a vital part of our business and everyday life, as they constitute the primary communication vector. Android dominates the smartphone market (86.2%) and has become pervasive, running in 'smart' devices such as tablets, TV, watches, etc. Nowadays, instant messaging applications have become popular amongst smartphone users and since 2016 are the main way of messaging communication. Consequently, their inclusion in any forensics analysis is necessary as they constitute a source of valuable data, which might be used as (admissible) evidence. Often, their examination involves the extraction and analysis of the applications' databases that reside in the device's internal or external memory. The downfall of this method is the fact that databases can be tampered or erased, therefore the evidence might be accidentally or maliciously modified. In this paper, a methodology for retrieving instant messaging data from the volatile memory of Android smartphones is proposed, instead of the traditional database retrieval. The methodology is demonstrated with the use of a case study of four experiments, which provide insights regarding the behavior of such data in memory. Our experimental results show that a large amount of data can be retrieved from the memory, even if the device's battery is removed for a short time. In addition, the retrieved data are not only recent messages, but also messages sent a few months before data acquisition.
https://eprints.bournemouth.ac.uk/30563/
Source: Scopus
You Can Run but You Cannot Hide from Memory: Extracting IM evidence of Android Apps
Authors: Nisioti, A., Mylonas, A., Katos, V., Yoo, P.D. and Chryssanthou, A.
Journal: 2017 IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (ISCC)
Pages: 457-464
ISSN: 1530-1346
https://eprints.bournemouth.ac.uk/30563/
Source: Web of Science (Lite)
You can run but you cannot hide from memory: Extracting IM evidence of Android apps
Authors: Nisioti, A., Mylonas, A., Katos, V., Yoo, P.D. and Chryssanthou, A.
Journal: 2017 IEEE Symposium on Computers and Communications (ISCC)
Pages: 457-464
DOI: 10.1109/ISCC.2017.8024571
https://eprints.bournemouth.ac.uk/30563/
Source: Manual
You can run but you cannot hide from memory: Extracting IM evidence of Android apps.
Authors: Nisioti, A., Mylonas, A., Katos, V., Yoo, P.D. and Chryssanthou, A.
Journal: ISCC
Pages: 457-464
Publisher: IEEE Computer Society
ISBN: 978-1-5386-1629-1
DOI: 10.1109/ISCC.2017.8024571
https://eprints.bournemouth.ac.uk/30563/
https://ieeexplore.ieee.org/xpl/conhome/8016448/proceeding
Source: DBLP
You can run but you cannot hide from memory: Extracting IM evidence of Android apps
Authors: Nisioti, A., Mylonas, A., Katos, V., Yoo, P. and Chryssanthou, A.
Conference: IEEE Symposium on Computers and Communications (ISCC)
Pages: 457-464
Abstract:Smartphones have become a vital part of our business and everyday life, as they constitute the primary communication vector. Android dominates the smartphone market (86.2%) and has become pervasive, running in `smart' devices such as tablets, TV, watches, etc. Nowadays, instant messaging applications have become popular amongst smartphone users and since 2016 are the main way of messaging communication. Consequently, their inclusion in any forensics analysis is necessary as they constitute a source of valuable data, which might be used as (admissible) evidence. Often, their examination involves the extraction and analysis of the applications' databases that reside in the device's internal or external memory. The downfall of this method is the fact that databases can be tampered or erased, therefore the evidence might be accidentally or maliciously modified. In this paper, a methodology for retrieving instant messaging data from the volatile memory of Android smartphones is proposed, instead of the traditional database retrieval. The methodology is demonstrated with the use of a case study of four experiments, which provide insights regarding the behavior of such data in memory. Our experimental results show that a large amount of data can be retrieved from the memory, even if the device's battery is removed for a short time. In addition, the retrieved data are not only recent messages, but also messages sent a few months before data acquisition.
https://eprints.bournemouth.ac.uk/30563/
Source: BURO EPrints