Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A mobile phone dynamic memory extraction method based on a similar kernel

A technology of dynamic memory and extraction method, applied in the direction of program loading/starting, program code conversion, instruments, etc., can solve the problems of restricting the work efficiency of investigators in extracting dynamic memory, lack of extraction programs, etc.

Active Publication Date: 2019-05-21
INST OF FORENSIC SCI OF MIN OF PUBLIC SECURITY
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since LiME has been used for a short time, and the use process needs to obtain the corresponding device source code and compile it, the lack of a mature system extraction program greatly limits the work efficiency of investigators in extracting dynamic memory.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be described in detail below in conjunction with the examples.

[0017] The invention provides a mobile phone dynamic memory extraction method based on a similar kernel, the method comprising the following steps:

[0018]1) Determine the basic detailed information of the target Android phone to be forensically obtained, and select a similar kernel source code;

[0019] Enter the about phone option in the phone settings, which gives a detailed overview of the target phone's model, Android system version, kernel version, and running memory. Among them, the Android system version and kernel version are the most critical information. The first principle of selecting a similar kernel source code is to ensure that the Android version and the kernel version are completely consistent, and then find a mobile phone model similar to the target device model, preferably the same as the target device The model of the series. Due to the difference in the k...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a similar kernel-based mobile phone dynamic memory extraction method. The method comprises the steps of selecting similar kernel source codes; collecting target system information; compiling kernel source codes; generating a .config file in a root directory; constructing a kernel module; disabling a check mechanism and re-compiling a kernel; performing cross-compilation on the source codes; compiling an external module by using an LiME tool; uploading the LiME module to a target mobile phone, and loading the module by using an insmod command; searching for a function with a dependency relationship with a _gnu_mcount_nc symbol variable in the similar kernel source codes; exporting a _gnu_mcount_nc symbol to outside; performing kernel configuration in the similar kernel codes; entering an LiME directory and assigning an external source code path to the similar kernel codes; and generating a dump memory file in an SD storage card of an Android terminal, and extracting the memory file in the mobile phone to a local computer by using pull operation at a local terminal.

Description

technical field [0001] The invention relates to a mobile phone dynamic memory extraction method, in particular to a mobile phone dynamic memory extraction method based on a similar kernel. Background technique [0002] Compared with the traditional direction of mobile phone forensics, dynamic memory forensics is an emerging field, so there are relatively few researches on dynamic memory forensics and analysis. At present, no relevant research results have been published in China, and the relevant research results are mainly concentrated in some digital survey research institutions abroad. So far, the research on mobile phone dynamic memory forensics has mainly gone through three stages, that is, the forensics method based on the command line, which is mainly represented by the kill command under the Android terminal; the forensics method based on the Android debugging tool, that is, the Android debugging tool DDMS; and Forensics methods based on compiled modules are mainly ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F8/41G06F9/445
CPCG06F8/41G06F9/4451
Inventor 康艳荣刘亚范玮郭丽莉周冬林尹春社
Owner INST OF FORENSIC SCI OF MIN OF PUBLIC SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com