A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART)

被引:7
作者
Muniz Soares, Alberto Magno [1 ]
de Sousa, Rafael Timoteo, Jr. [1 ]
机构
[1] Univ Brasilia, Eletr Engn Dept, Brasilia, DF, Brazil
来源
ICISSP: PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY | 2017年
关键词
Mobile Device Forensics; Memory Forensics; Memory Analysis; Android;
D O I
10.5220/0006204101470156b
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This paper describes a technique for analysing objects in memory within the execution environment Android Runtime (ART) using a volatile memory data extraction. A study of the AOSP (Android Open Source Project) source code was necessary to understand the runtime environment used in the modern Android operating system, and software tools were developed allowing the location, extraction and interpretation of useful data for the forensic context. Built by the authors as extensions for the Volatility Framework, these tools help to locate, in a memory extraction from a device compliant with the ARM architecture, arbitrary instances of classes and their data properties.
引用
收藏
页码:147 / 156
页数:10
相关论文
共 13 条
[1]  
[Anonymous], HIDING BEHIND ART
[2]  
[Anonymous], 3227 RFC IETF
[3]  
Apostolopoulos D., 2013, C E BUS E SERV E SOC, P178, DOI 10.1007/978-3-642-37437-1_15
[4]  
Backes M., 2016, ARXIV160706619 CORN
[5]  
Carrier B. D., 2003, IJDE, V1
[6]  
Drake J.J., 2014, Android hacker's handbook
[7]   Post-Mortem Memory Analysis of Cold-Booted Android Devices [J].
Hilgers, Christian ;
Macht, Holger ;
Mueller, Tilo ;
Spreitzenbarth, Michael .
2014 8TH INTERNATIONAL CONFERENCE ON IT SECURITY INCIDENT MANAGEMENT & IT FORENSICS (IMF 2014), 2014, :62-75
[8]  
Hogset E.S., 2015, THESIS
[9]  
Ligh MH, 2014, ART MEMORY FORENSICS
[10]  
Sabanal P., 2014, STATE ART EXPLORING
12