Abstract
More and more often, smartphones are relevant targets of civil and criminal investigations. Currently, there are several tools available to acquire forensic evidence from smartphones. Unfortunately, most of these tools require to connect the smartphone under investigation through a cable to an external device, like a computer or a multimeter. Some tools even require to disassemble the chips from the smartphone board. In this paper, we propose LiveSD Forensics, an on-device live data acquisition solution, to acquire evidence from both the Random-Access Memory (RAM) and the Electronically Erasable Programmable Read Only Memory (EEPROM) of Windows Mobile Devices. To the best of our knowledge, LiveSD Forensics is the only tool that performs on-device live data acquisition of the RAM and the EEPROM of Windows Mobile Devices. LiveSD Forensics uses a standard SD-Card equipped with tailored code to perform the data acquisition. Compared to other existing tools, LiveSD also generates the smallest memory alteration. Finally, to assess the effectiveness of the proposed methodology, we test LiveSD in a practical scenario, that is retrieving from the RAM the cryptographic key used by a known on-the-fly encryption tool. Results support the quality and effectiveness of our proposal. © 2012 Elsevier Ltd.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 677-684 |
| Number of pages | 8 |
| Journal | Journal of Network and Computer Applications |
| Volume | 36 |
| Issue number | 2 |
| DOIs | |
| State | Published - Mar 1 2013 |
| Externally published | Yes |
Bibliographical note
Generated from Scopus record by KAUST IRTS on 2023-09-20ASJC Scopus subject areas
- Hardware and Architecture
- Computer Networks and Communications
- Computer Science Applications
