A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART)
Alberto Magno Muniz Soares, Rafael Timóteo de Sousa Jr.
2017
Abstract
This paper describes a technique for analysing objects in memory within the execution environment Android Runtime (ART) using a volatile memory data extraction. A study of the AOSP (Android Open Source Project) source code was necessary to understand the runtime environment used in the modern Android operating system, and software tools were developed allowing the location, extraction and interpretation of useful data for the forensic context. Built by the authors as extensions for the Volatility Framework, these tools help to locate, in a memory extraction from a device compliant with the ARM architecture, arbitrary instances of classes and their data properties.
DownloadPaper Citation
in Harvard Style
Muniz Soares A. and Jr. R. (2017). A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART) . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 147-156. DOI: 10.5220/0006204101470156
in Bibtex Style
@conference{icissp17,
author={Alberto Magno Muniz Soares and Rafael Timóteo de Sousa Jr.},
title={A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART)},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={147-156},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006204101470156},
isbn={978-989-758-209-7},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART)
SN - 978-989-758-209-7
AU - Muniz Soares A.
AU - Jr. R.
PY - 2017
SP - 147
EP - 156
DO - 10.5220/0006204101470156