{"title":"Android系统中易失性内存的提取与分析:基于NMEA 0183标准的轨迹重建方法","authors":"João Sousa, J. Gondim","doi":"10.1109/ARES.2016.17","DOIUrl":null,"url":null,"abstract":"Android devices are widely used in the world and can function as GPS receivers. Time and position information have great relevance in investigation, however, data stored in non-volatile media may be limited with respect to the reconstruction of trajectories, since data from GPS receivers usually remains in RAM and is not written on log files, databases, and other artifacts. A prospective method for recovering data with GPS-coordinates stored in RAM memory of Android mobile devices is presented. Experiments were performed in different scenarios, with different device architectures, to analyze the feasibility of reconstruction of trajectories based on the NMEA 0183 protocol sentences retrieved from RAM memory. In developing the technique, it was possible to verify issues that can hinder the process of extraction and analysis of data and also assess tools that have been developed to aid the process.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Extraction and Analysis of Volatile Memory in Android Systems: An Approach Focused on Trajectory Reconstruction Based on NMEA 0183 Standard\",\"authors\":\"João Sousa, J. Gondim\",\"doi\":\"10.1109/ARES.2016.17\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Android devices are widely used in the world and can function as GPS receivers. Time and position information have great relevance in investigation, however, data stored in non-volatile media may be limited with respect to the reconstruction of trajectories, since data from GPS receivers usually remains in RAM and is not written on log files, databases, and other artifacts. A prospective method for recovering data with GPS-coordinates stored in RAM memory of Android mobile devices is presented. Experiments were performed in different scenarios, with different device architectures, to analyze the feasibility of reconstruction of trajectories based on the NMEA 0183 protocol sentences retrieved from RAM memory. In developing the technique, it was possible to verify issues that can hinder the process of extraction and analysis of data and also assess tools that have been developed to aid the process.\",\"PeriodicalId\":216417,\"journal\":{\"name\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2016.17\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference on Availability, Reliability and Security (ARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2016.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Extraction and Analysis of Volatile Memory in Android Systems: An Approach Focused on Trajectory Reconstruction Based on NMEA 0183 Standard
Android devices are widely used in the world and can function as GPS receivers. Time and position information have great relevance in investigation, however, data stored in non-volatile media may be limited with respect to the reconstruction of trajectories, since data from GPS receivers usually remains in RAM and is not written on log files, databases, and other artifacts. A prospective method for recovering data with GPS-coordinates stored in RAM memory of Android mobile devices is presented. Experiments were performed in different scenarios, with different device architectures, to analyze the feasibility of reconstruction of trajectories based on the NMEA 0183 protocol sentences retrieved from RAM memory. In developing the technique, it was possible to verify issues that can hinder the process of extraction and analysis of data and also assess tools that have been developed to aid the process.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
