Streamlining Extraction and Analysis of Android RAM Images

Simon Broenner; Hans Höfken; Marko Schuba

doi:10.5220/0005652802550264

Streamlining Extraction and Analysis of Android RAM Images

Simon Broenner, Hans Höfken, Marko Schuba

2016

Abstract

The Android operating system powers the majority of the world’s mobile devices and has been becoming increasingly important in day-to-day digital forensics. Therefore, technicians and analysts are in need of reliable methods for extracting and analyzing memory images from live Android systems. This paper takes different existing, extraction methods and derives a universal, reproducible, reliably documented method for both extraction and analysis. In addition the VOLIX II front-end for the Volatility Framework is extended with additional functionality to make the analysis of Android memory images easier for technically non-adept users.

Download

Paper Citation

in Harvard Style

Broenner S., Höfken H. and Schuba M. (2016). Streamlining Extraction and Analysis of Android RAM Images . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 255-264. DOI: 10.5220/0005652802550264

in Bibtex Style

@conference{icissp16,
author={Simon Broenner and Hans Höfken and Marko Schuba},
title={Streamlining Extraction and Analysis of Android RAM Images},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={255-264},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005652802550264},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Streamlining Extraction and Analysis of Android RAM Images
SN - 978-989-758-167-0
AU - Broenner S.
AU - Höfken H.
AU - Schuba M.
PY - 2016
SP - 255
EP - 264
DO - 10.5220/0005652802550264