Windows mobile live SD forensics

Eyüp S. Canlar, Mauro Conti, Bruno Crispo, Roberto Di Pietro

Research output: Contribution to journalArticlepeer-review

14 Scopus citations


More and more often, smartphones are relevant targets of civil and criminal investigations. Currently, there are several tools available to acquire forensic evidence from smartphones. Unfortunately, most of these tools require to connect the smartphone under investigation through a cable to an external device, like a computer or a multimeter. Some tools even require to disassemble the chips from the smartphone board. In this paper, we propose LiveSD Forensics, an on-device live data acquisition solution, to acquire evidence from both the Random-Access Memory (RAM) and the Electronically Erasable Programmable Read Only Memory (EEPROM) of Windows Mobile Devices. To the best of our knowledge, LiveSD Forensics is the only tool that performs on-device live data acquisition of the RAM and the EEPROM of Windows Mobile Devices. LiveSD Forensics uses a standard SD-Card equipped with tailored code to perform the data acquisition. Compared to other existing tools, LiveSD also generates the smallest memory alteration. Finally, to assess the effectiveness of the proposed methodology, we test LiveSD in a practical scenario, that is retrieving from the RAM the cryptographic key used by a known on-the-fly encryption tool. Results support the quality and effectiveness of our proposal. © 2012 Elsevier Ltd.
Original languageEnglish (US)
Pages (from-to)677-684
Number of pages8
JournalJournal of Network and Computer Applications
Issue number2
StatePublished - Mar 1 2013
Externally publishedYes

Bibliographical note

Generated from Scopus record by KAUST IRTS on 2023-09-20

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Networks and Communications
  • Computer Science Applications


Dive into the research topics of 'Windows mobile live SD forensics'. Together they form a unique fingerprint.

Cite this