This talk will present the first methodology and toolset for acquisition and deep analysis of volatile physical memory from Android devices. We will discuss some of the challenges in performing Android memory acquisition, discuss our new kernel module for dumping memory, and specifically addresses the difficulties in developing device-independent acquisition tools. We will also present analyses of kernel structures using newly developed Volatility functionality.
Our acquisition tool, currently named DMD, supports dumping memory to either the SD card on the phone or to the local network. Not only will we release our tool at ShmooCon, but we will also allow attendees to rename it.
This presentation will illustrate the potential that deep memory analysis offers to digital forensics investigators, hackers, and anyone else who's just wondering what their phone has been thinking about all day.
Joe Sylve is a Senior Security Researcher at Digital Forensics Solutions, where he conducts forensic investigations and penetration tests, engineer.s new applications to support security and forensics functions, performs training on incident response handling and digital forensics, and conducts research on cutting edge techniques in computer security.
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.