I. INTRODUCTION
A
ndroid operated devices are one of the most competitive technology devices in the market, with the fastest growing market share within the mobile industry [1]. Technology experts predict that it will dominate the mobile market in the coming decade. Additionally, recent research shows a huge year over year increase in the number of Android specific malware attacks [1,3]. It is relatively straightforward to investigate such attacks when they occur on mature operating system platforms such as Windows and Linux. However, due to the immaturity of Android memory image forensics, it is relatively problematic and time consuming to conduct such investigations on Android systems. In this research, we take advantage of recent advances in Android memory forensics technologies to explore a sample of these malware attacks, utilizing the open source digital forensics Volatility, a powerful investigation framework written in Python, capable of reading memory images from different Android kernel versions, and capable of performing a wide range of memory analysis and digital evidence extraction.
Volatility analyzes memory images, which must be extracted from the physical memory of the Android device, these images are extracted using Linux Memory Extractor “LiME” [12], to this moment, I`m not aware of any other Android memory image extractor. This loadable kernel module can acquire the full memory address range from an Android system, either over the network or via an SdCard [10]. Along with various new Android specific Volatility plugins, and a custom built ARM architecture investigation profile for Volatility, these tools are used in our research to analyze running malware through the exploration of hidden processes, process...
... middle of paper ...
.../~niekt0/fmem/doc/foriana.pdf
[22] Memdump. IBM. [Online] Avaialbe: http://publib.boulder.ibm.com/infocenter/tivihelp/v24r1/index.jsp?topic=%2Fcom.ibm.itcamfad.doc_7.1%2FABD001%2Fmsve2%2FIDSource%2Fhelps%2Fitcam_71_msve_help%2FDownloading_ISA.MDDforJ.html
[23] Anderson, David. (2003,2008). White paper: Red Hat Crash Utility. Redhat Software Inc. [Online] Available: http://people.redhat.com/anderson/crash_whitepaper/
[24] Haruyama, Takahiro. ( July 04, 2013). Windows Memory Forensics Analysis using Encase. [Online] Available: http://www.slideshare.net/takahiroharuyama5/takahiro-haruyama-ceic20110515
[25] Juanru Li. Dawu Gu. yuhao Lua. (2012). Android Malware Forensics: Reconstruction of Malicious Events: Dept of Computer Science and Engineering, Shanghai Jiao Tong University. [Online] Available: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6258204
In the final chapter of The Impossible Knife of Memory, the main character of the book, Hayley begins it off talking about being in a fairytale. If this was her fairytale, this chapter would be her happily ever after. Before this chapter of the book, her life had been disorganized frequently because of her father’s disorder. Her father, Andy Kincain, a war veteran, has PTSD. Also known as Post Traumatic Stress Disorder; this disorder is caused by seeing or experiencing a very intense, and terrifying event. In Andy’s case, the war was what caused his condition.
The Access Data’s FTK is a regular approved computerized analysis software that can aid in the decryption of passwords within a visceral amalgamate (Banday, 2011). This will help quickly analyze emails. This software backs several favorable automation like Credant, SafeBoot, EFS, and S/MIME to name a few (Banday, 2011). The EnCase forensic is another tool that would aid in an email extraction by imaging a drive and maintain the forensic evidence in a file configuration like LEF or E01 (Banday,
Forensics investigations that require the analyzation and processing of digital evidence can be influenced both positively and negatively by a number of outside sources. In this paper, we will explore how physical security plays a role in forensics investigations activities. We will start by examining how physical and environmental security might impact the forensics investigation process. Next, we will discuss the role that physical and logical security zones play in supporting effective forensics activities. We will illustrate how centralized and decentralized physical and environmental security affects the forensics professional’s approach toward the investigation. Lastly, we will evaluate some potential areas of risk related to the physical security of our case study organization, Widget Factory, identified in Attachment 1.
The malicious software can lock the data in a way that is not difficult for an expert to reverse (Ali 89). Nevertheless, there is a more advanced method that involves the use of cryptoviral extortion to encrypt data and demand a ransom to decrypt the data. In such case, it is difficult for experts to recover files without a decryption key (Ali 89). Ransomware attacks are normally executed using a Trojan or a file that is disguised as an email attachment that seems legitimate to the user. In the last five years, ransomware attackers were able to target multiple computers through the use of a botnet (Ali 88). A botnet enables cyber criminals to attack an entire system by compromising the network. The ability to kidnap multiple systems makes ransomware a significant cyber security threat. The cybercriminals demand ransom in the form digital currencies such as bitcoins and ukash because they are difficult to
Nordwall, Bruce. “Deployable Recorders Provide Potential Boon to Crash Recoveries.” IPN International Product News. 20 March 2000. 86-87.
Millions of people all around the world are using Smartphones, like iPhones, which turns out to be crucial part of our lives. We are using them not only for calling but we also store unbelievably huge amount of personal information. We have there all our contacts, calls and messages and all our pictures that we save and keep in the phones. A
Many viruses are so good at covering their tracks that you may not even realize they are t...
The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of computer crimes, law enforcement agencies use computer forensic to investigate these offenses. Actually, computer crimes are governed by specific laws and dealt with through conducting a computer forensic investigation (Easttom & Taylor, 2011, p.337). Notably, a computer forensic investigation is usually carried out through the use of computer forensic tools, which help in collection of evidence based on the specific offense.
The data a computer forensics acquisition tool collects is stored as an image file in one of three formats. Two formats are open source and the third is proprietary. Each vendor has unique features, so several different proprietary formats are available. Depending on the ...
What did they do ? Before we talk about it any further, we have to know some definitions that we use in digital forensics and digital evidence, not only two of them but the others too. This chapter will explain about it . Before we talk about it any further, we have to know the definition of what we are talking about. In the introduction we already know what digital forensic and digital evidence shortly are. In this chapter, we will more explore what they are, and some state that we found when we search about digital forensic and digital evidence. Computer forensics is a broad field and applied to the handling of crimes related to information technology. The goal of computer forensic is to securing and analyzing digital
Petersen, R. (2004). Red Hat: The Complete Reference Enterprise Linux & Fedora Edition: The Complete Reference. Retrieved from http://eduunix.ccut.edu.cn/index2/html/linux/McGraw.Hill.Red.Hat.The.Complete.Reference.Enterprise.Linux.and.Fedora.Edition.eBook-DDU/7213/toc.html
Malicious software in short known as Malware. It is also known as computer Contaminant. Similar to biological parasite, malware also reside in a Host. Malware will get installed on host without user’s consent. Generally a software is considered malware based on the intent of the creator...
The problem of spyware is only getting worse and there is no sign of it slowing down. In most cases the sign of spyware is not even evident and it allows the spyware to temper with the hardware mechanics of the computer eventually slowing down the computer’s performance. Peop...
In this audit we have compared two operating system windows and android. android phones are more efficient then windows as it is an open source platform though it is unsecured , one can easilly modifiy the code.
In today’s days malware is designated as a software which aims to disturb a computer with the consent or permission of the owner. This term “Malware” is used by computer professionals to describe a varied forms of destructive, annoying and intrusive software code. This word “Malware” is used to indicate all types of malware which include a true set of viruses.