loading
Documents

Research.Publish.Connect.

Paper

Authors: Alberto Magno Muniz Soares and Rafael Timóteo de Sousa Jr.

Affiliation: University of Brasília (UnB), Brazil

ISBN: 978-989-758-209-7

Keyword(s): Mobile Device Forensics, Memory Forensics, Memory Analysis, Android.

Abstract: This paper describes a technique for analysing objects in memory within the execution environment Android Runtime (ART) using a volatile memory data extraction. A study of the AOSP (Android Open Source Project) source code was necessary to understand the runtime environment used in the modern Android operating system, and software tools were developed allowing the location, extraction and interpretation of useful data for the forensic context. Built by the authors as extensions for the Volatility Framework, these tools help to locate, in a memory extraction from a device compliant with the ARM architecture, arbitrary instances of classes and their data properties.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.80.4.76

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Muniz Soares, A. and Jr., R. (2017). A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART).In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 147-156. DOI: 10.5220/0006204101470156

@conference{icissp17,
author={Alberto Magno Muniz Soares. and Rafael Timóteo de Sousa Jr..},
title={A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART)},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={147-156},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006204101470156},
isbn={978-989-758-209-7},
}

TY - CONF

JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART)
SN - 978-989-758-209-7
AU - Muniz Soares, A.
AU - Jr., R.
PY - 2017
SP - 147
EP - 156
DO - 10.5220/0006204101470156

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.