New acquisition method based on firmware update protocols for Android smartphones
| Autor: | Jung Ho Choi, Ki Bom Kim, Taejoo Chang, Seung Jei Yang |
|---|---|
| Rok vydání: | 2015 |
| Předmět: |
Reverse engineering
Computer science media_common.quotation_subject USB Android forensics computer.software_genre Flash memory Bootloader law.invention Android physical acquisition law Android (operating system) media_common Flash memory read command business.industry Firmware Firmware update protocol Computer Science Applications Medical Laboratory Technology Debugging Android Beam Embedded system Operating system business computer Law Booting |
| Zdroj: | Digital Investigation. 14:S68-S76 |
| ISSN: | 1742-2876 |
| DOI: | 10.1016/j.diin.2015.05.008 |
| Popis: | Android remains the dominant OS in the smartphone market even though the iOS share of the market increased during the iPhone 6 release period. As various types of Android smartphones are being launched in the market, forensic studies are being conducted to test data acquisition and analysis. However, since the application of new Android security technologies, it has become more difficult to acquire data using existing forensic methods. In order to address this problem, we propose a new acquisition method based on analyzing the firmware update protocols of Android smartphones. A physical acquisition of Android smartphones can be achieved using the flash memory read command by reverse engineering the firmware update protocol in the bootloader. Our experimental results demonstrate that the proposed method is superior to existing forensic methods in terms of the integrity guarantee, acquisition speed, and physical dump with screen-locked smartphones (USB debugging disabled). |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect