Ψηφιακή εγκληματολογία μνήμης σε συσκευές Android
Live memory forensics on Android devices
KeywordsΈξυπνες συσκευές ; Κινητές συσκευές ; Ψηφιακή εγκληματολογία μνήμης ; Δυναμική ψηφιακή εγκληματολογία μνήμης ; Memory forensics ; Android ; Smartphones ; Live memory forensics
The dissertation presents and analyzes both the theoretical and the technical information included in the science of "Live Memory Forensics on Android Devices". In the theoretical part, the Android environment (operating system, architecture, file system, etc.) is being presented and we analyze the methods used to export data from Android devices. Continuing, we mention and detail the steps that an examiner should follow to perform a digital forensic analysis of a mobile device. Then, various commercial and open source tools are mentioned with references to the information that can be recovered with the usage of each one. Subsequently, there is a more extensive reference to android memory forensics and the differences between "live" and "dead" digital forensics approach, as well as the problems / challenges posed by memory forensics in an Android environment. In the practical part of the dissertation, we analyze a memory dump from an Android device that was acquired using the tool LiME and is being analyzed using the tool Volatility.