Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Digital forensic method and system based on Android memory dump technology

A memory dump, digital technology, applied in the field of forensic analysis, can solve problems such as difficulties in digital forensics, difficulties in encrypting data by applications and recovering deleted records, etc., achieving a wide range of technical and market application value, and improving effectiveness and integrity.

Inactive Publication Date: 2015-09-23
NANJING UNIV OF POSTS & TELECOMM
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to overcome the digital forensics difficulties of traditional forensics technology in Android mobile terminals, mainly aiming at the problems of obtaining encrypted data of applications and recovering and deleting records, and providing a technical method for analyzing Android physical memory through memory dump , mine encrypted and deleted data for apps, and detect devices for malicious programs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Digital forensic method and system based on Android memory dump technology
  • Digital forensic method and system based on Android memory dump technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The invention will be described in further detail in accordance with the accompanying drawings below.

[0033] Traditional mobile phone forensics technologies mainly include physical image dump and file system analysis. Although these two methods can obtain a lot of user data, they cannot directly analyze encrypted data and they are all post-event analysis, which cannot analyze the data in the current running process. , and rootkits that run in the kernel state cannot be caught. For digital forensics personnel, memory analysis is very important, because all data in the memory RAM is stored in plain text, not only can analyze the data of running applications, but also can determine whether there is maliciousness by analyzing the kernel structure Program running. In view of this, the present invention proposes a digital forensics method and system based on Android memory dump technology.

[0034] Such as figure 1 As shown, the present invention proposes a kind of digit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a digital forensic method and system based on Android memory dump technology. The system comprises the following steps: determining that the Android equipment has been rooted, and starting a USB debugging function; dumping a physical memory of the Android equipment; statically searching the dumped Android memory to excavate sensitive data; dynamically analyzing the physical memory, listing information such as running processes, open ports and loading modules of the equipment, detecting whether rogue program is existent in the equipment; analyzing structure features stored in the memory through application program data, and extracting locally encrypted and stored application data; detecting different type data of the application program, namely: text, voice, pictures and the like, and attempting to recover deleted data in the memory; searching user information such as username, password and the like in the memory to detect whether the application program can safely protect user privacy; and generating a digital forensic summary report according to the memory analysis result. Through the adoption of the method and system disclosed by the invention, the effectiveness and completeness of the digital forensic at a mobile terminal are improved, and the extensive technical and market application value are realized.

Description

technical field [0001] The present invention relates to the technical field of forensics analysis, in particular to the technical field of Android platform forensics in digital forensics, and specifically refers to a digital forensics method and system based on Android memory dump technology. Background technique [0002] Android digital forensics refers to the process in which forensic personnel extract, transmit, save, analyze and submit electronic evidence existing in Android mobile terminals or other electronic devices in accordance with legal norms. When forensics personnel use digital forensics tools to forensics Android devices, they can reason and analyze the case based on the analysis results of the data in the device by the forensics tools, and finally get a forensics report generated by the forensics tools. Since the purpose of digital forensics is to collect and discover evidence from related electronic devices such as mobile electronic devices, two key technolog...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F3/06G06F11/14G06F21/56
Inventor 孙国梓周帆杨一涛李华康王壮
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com