•  
  •  
 

Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

In conducting criminal investigations it is quite common that forensic examiners need to recover evidentiary data from smartphones used by offenders. However, examiners encountered difficulties in acquiring complete memory dump from MTK Android phones, a popular brand of smartphones, due to a lack of technical knowledge on the phone architecture and that system manuals are not always available. This research will perform tests to capture data from MTK Android phone by applying selected forensic tools and compare their effectiveness by analyzing the extracted results. It is anticipated that a generic extraction tool, once identified, can be used on different brands of smartphones equipped with the same CPU chipset.

References

Kidnapping & extortion: Police ecstatic over toys to tackle cell phone crime, published in The Express Tribune, October 19, 2012, http://tribune.com.pk/story/453569/kidna pping-extortion-police-ecstatic-over-toys-to- tackle-cell-phone-crime/

Investigating and analyzing the web-based contents on Chinese Shanzhai mobile phones, IEEE/SADFE 2012, http://hub.hku.hk/bitstream/10722/18964 8/1/Content.pdf Det.

Cynthia A. Murphy , Developing Process for Mobile Device Forensics, http://www.mobileforensicscentral.com/mf c/documents/Mobile%20Device%20Forensi c%20Process%20v3.0.pdf

MediaTek from Wikipedia, http://en.wikipedia.org/wiki/ MediaTek Top 140 quad-core MT6582 dual sim phones listed with specifications, GizChina.com, March 3, 2014, http://www.gizchina.com/2014/03/03/top- 140-quad-core-mt6582-dual-sim-phoneslisted-specifications/

Persistent Challenges with Smartphone Forensics, Digital Forensic Investigator, February 8, 2013, http://www.dfinews.com/articles/2013/02/ 6-persistent-challenges-smartphoneforensics

J. Sylve et al., Android Memory Capture and Applications for Security and Privacy, University of New Orleans Theses and Dissertations. Paper 1400, 2011, http://scholarworks.uno.edu/cgi/viewconte nt.cgi?article=2348&context=td

Joseph T. Sylve, Android Memory Capture and Applications for Security and Privacy, University of New Orleans Theses and Dissertations, 2011, http://scholarworks.uno.edu/cgi/viewconte nt.cgi?article=2348&context=td Ismael

Valenzuela, Acquiring volatile memory from Android based devices with LiME Forensics Part I, Ismael Valenzuela, April 23, 2012, http://blog.opensecurityresearch.com/2012 /04/acquiring-volatile-memory-from- android.html

Lessard J, Kessler G.C.,Android Forensics: Simplifying Cell Phone Examinations, ECU Publications Pre.2011, http://ro.ecu.edu.au/cgi/viewcontent.cgi?a rticle=7480&context=ecuworks

Vidas, Zhang & Christin, 2011, Toward a general collection methodology for Android devices, http://www.dfrws.org/2011/proceedings/07 -339.pdf

Vijith Vijayan, Android Forensic Capability and Evaluation of Extraction Tools, April 2012, http://www.academia.edu/1632597/Androi d_Forensic_Capability_and_Evaluation_ of_Extraction_Tools)

Digital Forensic on MTK-based Shanzhai Mobile Phone with NAND Flash, ICDFI, Beijing, China 2012, http://secmeeting.ihep.ac.cn/paper/Paper _Mengfei_He_ICDFI2012.pdf FlashTool V3.1004.00

Application Note, MediaTek, January 27,2009, http://www.mtk2000.ucoz.ru/FlashTool_V 3.1004.00_Application_Note.pdf

UFED Touch Ultimate, Cellebrite, https://www.cellebrite.com/images/stories /brochures/UFED-Touch-Ultimate- ENGLISH-web.pdf

SP Flash Tool + MediaTek MT65XX Drivers Download and Installation Guide including Bricked Devices, updated July 31, 2014, http://laurentiumihet.ro/sp-flash-tool- mediatek-mt65xx-drivers-download-andinstallation-guide-including-bricked- devices/

Volcano Box, http://www.volcano- box.com/features.html X-Ways Forensics, http://www.x- ways.net/forensics/

UFED Physical Analyzer, Cellebrite, http://www.cellebrite.com/mobileforensics/products/applications/ufed- physical-analyzer

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.