Skip to main content
Conference ProceedingsOPEN ACCESS

Retrofitting mobile devices for capturing memory-resident malware based on system side-effects

IFIP Advances in Information and Communication Technology (2019) 569 59-72
DOI: 10.1007/978-3-030-28752-8_4
1Citations
Citations of this article
6Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Sophisticated memory-resident malware that target mobile phone platforms can be extremely difficult to detect and capture. However, triggering volatile memory captures based on observable system side-effects exhibited by malware can harvest live memory that contains memory-resident malware. This chapter describes a novel approach for capturing memory-resident malware on an Android device for future analysis. The approach is demonstrated by making modifications to the Android debuggerd daemon to capture memory while a vulnerable process is being exploited on a Google Nexus 5 phone. The implementation employs an external hardware device to store a memory capture after successful exfiltration from the compromised mobile device.

Author supplied keywords

Cite

CITATION STYLE

APA

Grimmett, Z., Staggs, J., & Shenoi, S. (2019). Retrofitting mobile devices for capturing memory-resident malware based on system side-effects. In IFIP Advances in Information and Communication Technology (Vol. 569, pp. 59–72). Springer New York LLC. https://doi.org/10.1007/978-3-030-28752-8_4

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free