A team of researchers that included an Indian-origin scientist, developed a new technique to assist law enforcement professionals to collect data from smartphones while investigating crimes.
With more usage of mobile technology in today’s world, data enclosed in the memory of smartphones just as vital as evidence recovered from traditional crime scenes.
The new RetroScope now changes the complete focus from a smartphone’s hard drive, which hold data after the mobile is shut down, to the device’s RAM, which is volatile memory.
“We argue this is the frontier in cybercrime investigation in the sense that the volatile memory has the freshest information from the execution of all the apps,” said Dongyan Xu, professor at Purdue University, who led the research along with colleague Xiangyu Zhang.
Xu noted that investigators were able to obtain timely forensic data towards resolving a crime or an attack.
In order to uncover information, scientists including doctoral students Rohit Bhatia thought that instead of concentrating on searching for that data, the mobile’s graphical rendering code would be re-targeted to distinct memory areas to retrieve and bring up many previous screens shown by an app.
The new technique, RetroScope makes use of rendering framework which was used by Android to impose a redraw command and get as many previous screeNs as possible in the volatile memory for any Android app.
He also noted that without any exaggeration, this technology could really represents a new paradigm in smartphone forensics.
This new technique was very different from the existing methodologies for analysing both hard drives and volatile memories.