Follow Us:
Monday, August 15, 2022
Premium

New tool recovers phone’s information to aid investigators

The contents of volatile memory are gone as soon as the phone is shut down, however, it can reveal surprising amounts of forensic data if the device is up and running, says lead researcher Dongyan Xu

By: IANS | New York |
August 13, 2016 5:25:41 pm
Mobile phones help solve criminal case, Purdue University, Criminal cases solved through mobile phones, cyber crime investigation, Cyber crime investigation using mobile phones, smartphone's volatile memory, smartphone's volatile memory helps solve crime cases, RetroScope, USENIX Security Symposium, latest news, World news, International news, tech news Investigators might be able obtain more timely forensic information toward solving a crime or an attack, using a smartphone’s volatile memory, says lead researcher Dongyan Xu. (File Photo)

A new tool to recover information stored in smartphone’s volatile memory could give investigators important clues to solve a criminal case, say researchers.

With the new device, the researchers from Purdue University move the focus from a smart phone’s hard drive, which holds information after the phone is shut down, to the device’s RAM, which is volatile memory.

“We argue this is the frontier in cyber crime investigation in the sense that the volatile memory has the freshest information from the execution of all the apps,” said lead researcher Dongyan Xu.

“Investigators are able to obtain more timely forensic information toward solving a crime or an attack,” Xu noted.

Subscriber Only Stories
Re-Defining The Tradition In Folk Art: An Art Educator’s PerspectivePremium
Symbiosis School of Sports Sciences (SSSS) launches undergraduate program...Premium
MIT World Peace University launches Five-Year Integrated B.Tech with MBA ...Premium
Bring Home The Ultimate Solution For The Whole Family With Airtel Xstream...Premium

Although the contents of volatile memory are gone as soon as the phone is shut down, it can reveal surprising amounts of forensic data if the device is up and running.

The team’s early research resulted in work that could recover the last screen displayed by an Android application.

Building on that, Xu said, it was discovered that apps left a lot of data in the volatile memory long after that data was displayed.

Advertisement

RetroScope makes use of the common rendering framework used by Android to issue a redraw command and obtain as many previous screens as available in the volatile memory for any Android app.

The device requires no previous information about an app’s internal data.

The screens recovered, beginning with the last screen the app displayed, are presented in the order they were seen previously.

Advertisement

“Anything that was shown on the screen at the time of use is indicated by the recovered screens, offering investigators a litany of information,” Xu said.

In testing, RetroScope recovered anywhere from three to 11 previous screens in 15 different apps, an average of five pages per app.

[youtube https://www.youtube.com/watch?v=vhN-gc4ykrk%5D

The findings were presented during the USENIX Security Symposium in Austin, Texas.

“We feel without exaggeration that this technology really represents a new paradigm in smart phone forensics,” he said.

“It is very different from all the existing methodologies for analysing both hard drives and volatile memories,” Xu noted.

📣 Join our Telegram channel (The Indian Express) for the latest news and updates

For all the latest Technology News, download Indian Express App.

First published on: 13-08-2016 at 05:25:41 pm
Latest Comment
Post Comment
Read Comments
Advertisement
Advertisement
Advertisement
X