Windows Mobile LiveSD Forensics |
| |
| Authors: | Eyüp S Canlar Mauro Conti Bruno Crispo Roberto Di Pietro |
| |
| Affiliation: | 1. Department of Computer Science, Sapienza University of Rome, Via Salaria 133, I-00198 Rome, Italy;2. Department of Computer Science, VU University Amsterdam, Boelelaan 1081a, 1081HV Amsterdam, The Netherlands;3. Department of Mathematics, University of Padua, Via Trieste 63, I-35131 Padua, Italy;4. Department of Information Engineering and Computer Science, University of Trento, Via Sommarive 14, I-38123 Povo, Italy;5. Department of Mathematics, Roma Tre University of Rome, Largo San Leonardo Murialdo 1, I-00146 Rome, Italy |
| |
| Abstract: | More and more often, smartphones are relevant targets of civil and criminal investigations. Currently, there are several tools available to acquire forensic evidence from smartphones. Unfortunately, most of these tools require to connect the smartphone under investigation through a cable to an external device, like a computer or a multimeter. Some tools even require to disassemble the chips from the smartphone board.In this paper, we propose LiveSD Forensics, an on-device live data acquisition solution, to acquire evidence from both the Random-Access Memory (RAM) and the Electronically Erasable Programmable Read Only Memory (EEPROM) of Windows Mobile Devices.To the best of our knowledge, LiveSD Forensics is the only tool that performs on-device live data acquisition of the RAM and the EEPROM of Windows Mobile Devices. LiveSD Forensics uses a standard SD-Card equipped with tailored code to perform the data acquisition. Compared to other existing tools, LiveSD also generates the smallest memory alteration. Finally, to assess the effectiveness of the proposed methodology, we test LiveSD in a practical scenario, that is retrieving from the RAM the cryptographic key used by a known on-the-fly encryption tool. Results support the quality and effectiveness of our proposal. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
