du.sePublications
Change search
Refine search result
1 - 1 of 1
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Hedlund, Niklas
    Dalarna University, School of Technology and Business Studies, Computer Engineering.
    IT­-Forensisk undersökning av flyktigt minne: På Linux och Android enheter2013Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
    Abstract [en]

    The ability to be able to make a efficient investigation of volatile memory is something that getsmore and more important in IT forensic investigations. Partially for Linux and Windows based PCsystems but also for mobile devices in the form of the Android or devices based on other mobileoperative systems.Android uses a modified Linux kernel where the modifications exclusively are to adapt it to thedemands that exists in a operative system targeting mobile devices. These modifications containsmessage passing systems between processes as well as changes to the memory subsystems in theaspect of handling and monitoring.Since these two kernels are so closely related it is possible to use the same basic principles for dum-ping and analysing of the memory. The actual memory dumping is done by a kernel module whichin this report is done by the software called LiME which handles both kernels very well.Tools used to analyse the memory needs to understand the memory layout used on the systemin question, depending on the type of analyse method used it might also need information aboutthe different symbols involved. The tool used in this project is called Volatility which in theory iscapable of extracting all the information needed in order to make a correct investigation.The purpose was to expand on existing methods for analysing volatile memory on Linux-basedsystems, in the form of PC machines as well as embedded systems like Android. Difficulties arisedwhen the analysing of volatile memory for Android could not be completed according to existinggoals. The final result came to show that memory analysis targeting the PC platform is bothsimpler and more straight forward then what it is if Android is involved.

1 - 1 of 1
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf