A Forensics Memory Study Of Malware In Android Operating Systems

2744 words - 11 pages

I. INTRODUCTION
A
ndroid operated devices are one of the most competitive technology devices in the market, with the fastest growing market share within the mobile industry [1]. Technology experts predict that it will dominate the mobile market in the coming decade. Additionally, recent research shows a huge year over year increase in the number of Android specific malware attacks [1,3]. It is relatively straightforward to investigate such attacks when they occur on mature operating system platforms such as Windows and Linux. However, due to the immaturity of Android memory image forensics, it is relatively problematic and time consuming to conduct such investigations on Android systems. In this research, we take advantage of recent advances in Android memory forensics technologies to explore a sample of these malware attacks, utilizing the open source digital forensics Volatility, a powerful investigation framework written in Python, capable of reading memory images from different Android kernel versions, and capable of performing a wide range of memory analysis and digital evidence extraction.
Volatility analyzes memory images, which must be extracted from the physical memory of the Android device, these images are extracted using Linux Memory Extractor “LiME” [12], to this moment, I`m not aware of any other Android memory image extractor. This loadable kernel module can acquire the full memory address range from an Android system, either over the network or via an SdCard [10]. Along with various new Android specific Volatility plugins, and a custom built ARM architecture investigation profile for Volatility, these tools are used in our research to analyze running malware through the exploration of hidden processes, process structure, malicious APK activities, process caches, suspicious network connections, and other suspicious executed codes.
Commercial Android tools like FTK and Encase [19,17] can be used for Android content recovery and forensics investigation, and these tools are fairly easy to deploy, but are expensive solutions for small to medium business. This research illustrates Android memory forensics using open source, freely available tools. We use the recently available, first stable version of Volatility, rather than using older beta releases, this will provide more accurate evidence and analysis, using the new Android and employ very recently developed Android specific plugins in order to explore Android Dalvik instances, process structure and memory caches.
In the following sections, we discuss current work in the Android memory forensics field, then describe building an Android memory forensics investigation environment, the challenges involved in acquiring an Android memory image and finally we perform an experimental forensics investigations of a number of Android malware samples.
II. ANDROID MEMORY FORENSICS: AN OVERVIEW
There is wide consensus, at least in general outline, about the procedures involved in a forensic...

Find Another Essay On A Forensics Memory Study of Malware in Android Operating Systems

The Evolution Of Microsoft Operating Systems

1744 words - 7 pages computer hardware changes, so must the software connecting it with the user. Microsoft?s operating systems have evolved and changed greatly with the evolution of computer systems.Microsoft?s DOS 1.0 became one of the most important operating systems for personal computers when IBM chose to use DOS in many of their PCs. The only competitor for the operating system at the time for Intel?s 8088 processor was a version of CP/M (Control Program/Monitor

The Use of DNA in Forensics

1257 words - 5 pages The Use of DNA in Forensics DNA (noun) [deoxyribonucleic acid] first appeared 1944 : any of various nucleic acids that are usually the molecular basis of heredity, are localized especially in cell nuclei, and are constructed of a double helix held together by hydrogen bonds between purine and pyrimidine bases which project inward from two chains containing alternate links of deoxyribose and phosphate. What is forensics? fo*ren*sic [1

A study of the ecological systems map for the character of Will in "Good Will Hunting"

2126 words - 9 pages know intrinsically how to play it. He denies having a photographic memory, preferring to reduce it to the simple fact that things "just make sense". Cognitively, Will is far in advance of most, but he seems to have made a conscious decision to not act on that. He defends to Sean the careers of mechanic, or bricklayer, saying that they help someone get to work the next day, or gives someone a place to sleep. Sean tells him that while they are

Operating systems are the very basis of computer software programs.

2266 words - 9 pages systems.Since multi user systems share resources, such as the CPU, memory, storage and input/ output devices, as well as software applications and files, the operating system has to organise and control the access to these resources (called scheduling), the most common way of doing this being the Round Robin strategy where each process has a short but equal time slice. For this reason, multi user operating systems require a great deal of memory in

A Fictional Case Study in Systems and Operations Management

3106 words - 12 pages Customer service Custom print Range of products Warehousing Technology and IT Purchasing and supplies The 4v's topologyLow volume highHigh variety lowHigh variation on demand lowHigh visibility lowExplanations of the topologies and structureFor good management of systems and operations, there is the creation of a goal where in the case study; the goal is to sell different types of office supplies and also stationery to organisations

A In Depth Look At Malware, Spy-Ware, and Ad-Ware

2077 words - 8 pages has always done in the past, it may be infected with a malware. Symptoms such as longer than normal program load times, unpredictable program behavior, inexplicable changes in file sizes, inability to boot, strange graphics appearing on the screen, or unusual sounds may indicate that a malware is on the system. Also if the computer doesn't power up to the operating system, or the computer keeps freezing are a couple of signs of a computer being

Has the lack of competition in the operating systems market harmed innovation in terms of the development of Window's operating system? In other words, is XP all it should be?

1365 words - 5 pages The basic issue posed in the above question is Microsoft's monopolistic practices with software run solely in their computer operating systems (OS). Can we afford to allow America's largest corporation to get away with monopolistic practices that will affect the entire computer software industry? To allow this, would create a legal precedent so strong that it will be impossible to stop or control any other monopolistic practices in all other

A High-Performance Memory Allocator for Computer Systems

1366 words - 5 pages , “Advanced Computer Architecture: Parallelism, Scalability, and Programmability”, McCraw-Hill, I993 [4] J. M. Chang, W. H. Lee, “A study on memory allocations in C++”, Proceedings of 4th International Conference on Advance Science and Technology, Naperville, Illinois, April 4-5, 1998. pp. 53-62. [5] W. Srisa-an, C. D. Loo, and J. M. Chang “A Performance Analysis of the Active Memory Module (AMM)”, to appear in Proceedings of IEEE International Conference on Computer Design, Austin, Texas, Sep. 23-26, 2001, [6] J. M. Chang, E. F. Gehringer, “A High-performance memory allocator for object-oriented systems”, IEEE Transaction [7] Reference manual by Intel for 80386 .

A History of the FBI Regional Computing Forensics Laboratory

1219 words - 5 pages . Nelson, Bill, Phillips, Amelia, Enfinger, Frand, and Stewart, Chris (2004). Guide to Computer Forensics and Investigations Thomson, Course Technology, Boston. 2. Daphyne Saunders Thomas, Karen A. Forcht, Legal Methods of Using Computer Forensics Techniques for Comuter Crime Analysis and Investigation, Issues in Information Systems, 5 (2). 692-696. 3. No Author, History of Computer Crime, http://www.personal.psu.edu/users/j/m/jms6423/Engproj

Nestle: Operating in a Global Economy

1815 words - 7 pages leader in numerous product lines that have provided a solid foundation for sales and profit. Nestle has strong brand recognition that provides a competitive advantage to get into new markets and expand in existing markets. Operating in the global market means embracing numerous opportunities while avoiding various threats. The strategic management Nestle exhibited serves as an excellent case study in operating in a global economy. History

Short description and explanation of Forensics in the legal system

545 words - 2 pages , in which they process and give obscure, unique details about the possible suspect. Handwriting identification is done through experts that study a signature given to them and try to match it to that of a suspect captured by the police. These are most often used in false contracts and stolen identities. The art of photo enhancement was brought into the forensics world in the early 1990's. It is used to find minute details in a crime investigation

Similar Essays

A Competitive Operating Systems Comparison Essay

972 words - 4 pages micro-computers, arose in recent years. Having two highly competitive operating systems begs the question: Which one is superior?Windows 8, the newest version of Windows, is a widespread operating system favored by much of the public. An operating system is a computer program that coordinates the activities of computer hardware (this includes memory, storage devices, and printers) and allows the user to give commands to the device. Windows 8

File Managers In Operating Systems Essay

1995 words - 8 pages The operating system (OS) is a collection of software to control the computer tasks and manage proper utilization of the hardware resources. The basic operating systems are the Linux, UNIX, Mac and Microsoft Windows. There are several and diverse components of an operating system that include but not limited to the file management, security, memory and process management. The following paragraphs present the comparison of basic operating

The Market Of Operating Systems A Political Cultural Approach

4547 words - 18 pages : : Can the political-cultural approach predict the winning strategy for an actor in the market of operating systems?The Market of Operating Systems- A political-cultural approach -Course: Economic SociologyAcademic Year 2202/2003Date: Dec. 4, 02Table of ContentsIntroductionPage 1The PC Revolution - the Emergence of the fieldPage 2Windows vs. Linux - the actors in the marketPage 4Controlling The Core - conception of controlPage 5The Open Source

Evolution Of Computer Technology And Operating Systems

1971 words - 8 pages came suspicion from the government’s officials (World of Computer Science 2). Beating out every other company in personal computer sales, the suspicion that Microsoft was creating a monopoly on the personal computer market began to arise, and the government decided to take action (Contemporary Heroes and Heroines 19). This caused a stunt in the growth of operating systems, but luckily Apple began to progress in their operating system design. The