Android Mind Reading: Memory Acquisition and Analysis with DMD and Volatility
No ratings
Presented at ShmooCon 2012 by
"This talk will present the first methodology and toolset for acquisition and deep analysis of volatile physical memory from Android devices. We will discuss some of the challenges in performing Android memory acquisition, discuss our new kernel module for dumping memory, and specifically addresses the difficulties in developing device-independent acquisition tools. We will also present analyses of kernel structures using newly developed Volatility functionality. Our acquisition tool, currently named DMD, supports dumping memory to either the SD card on the phone or to the local network. Not only will we release our tool at ShmooCon, but we will also allow attendees to rename it. This presentation will illustrate the potential that deep memory analysis offers to digital forensics investigators, hackers, and anyone else who's just wondering what their phone has been thinking about all day."