RetroScope can be the next frontier in cybercrime analysis
WASHINGTON: Scientists, including one of Indian-origin, have developed a new technique that may help law enforcement officers gather data from mobile phones while investigating crimes.
The increasing use of mobile technology in the current society has made information kept in the memory of smartphones just as vital important as evidence recovered from traditional crime scenes.
The new technique, called RetroScope, moves the main focus from a smartphone’s storage drive, which gets information after the phone is close down, to the device’s RAM, which is volatile memory.
“We argue this is the frontier in cyber crime investigation in the sense that the Volatile memory has the finest information from the performance of all the applications, ” said Dongyan Xu, professor at Purdue University, who led the research along with colleague Xiangyu Zhang.
“Investigators can obtain more timely forensic information toward solving against the law or an harm, ” Xu said.
Even though the contents of risky memory have passed away as soon as the phone is turn off, it can unveil surprising quantities of forensic data if the device is up and running.
It was uncovered that programs remaining a lot of information in the volatile memory space long after that data was displayed, Xu said.
To discover that data, researchers including doctoral students Rohit Bhatia theorised that rather than focusing on searching for that data, the phone’s graphical making code could be re-targeted to specific memory areas to obtain and bring up several previous displays shown by an application.
RetroScope use the common rendering framework employed by Google android to issue a redraw command and obtain as much previous screens as available in the volatile memory space for any Android application.
The screens recovered, starting with the last display the software displayed, are presented in the order they were seen recently.
“Anything that was shown on the screen at the time of use is indicated by the recovered screens, offering researchers a litany details”, Xu said.
In screening, RetroScope recovered between 3 to 11 previous displays in 15 different applications, an average of five pages per app. The programs ranged from popular social media platforms Facebook and Instagram to more privacy-conscious programs and others.
“We feel without hyperbole that this technology really represents a new paradigm in smart phone forensics, ” Xu said. “It is completely different from all the existing methodologies for analyzing both hard disk drives and volatile memories, ”
Source : economicstimes indiatimes