Sign In

Communications of the ACM

ACM TechNews

Retroscope Opens Doors to the Past in Smartphone Investigations

View as: Print Mobile App Share:

Purdue University researchers are working on a technique that could help law enforcement access data from smartphones when investigating crimes.


Researchers at Purdue University are developing a technique that could help law enforcement recover evidence from smartphones when investigating crimes.

The technique, RetroScope, gathers data from a device's random-access memory, which is more volatile than the information stored on a phone's hard drive.

"We argue this is the frontier in cybercrime investigation in the sense that the volatile memory has the freshest information from the execution of all the apps," says Purdue professor Dongyan Xu. "Investigators are able to obtain more timely forensic information toward solving a crime or an attack."

To uncover data, a phone's graphical rendering can be retargeted to specific memory areas, obtaining several previous screens shown by an app. RetroScope uses Android's rendering framework to issue a redraw command to recover as many previous screens as the volatile memory holds, beginning with the last screen the app displayed.

Researchers were able to recover three to 11 screens in 15 different apps, ranging from social media platforms to more privacy-oriented apps. In the case of a criminal investigation, Xu says the technique could be a valuable tool in uncovering evidence. "We feel without exaggeration that this technology really represents a new paradigm in smartphone forensics," Xu notes.

From Purdue University News
View Full Article


Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


No entries found