DFRWS Android firmware research available

Earlier I pointed out DFRWS2015 conference:
Well, presentations of most are online now:


Amongst many interesting forensic presentations, one firmware-centric one that caught my eye was:

“New acquisition method based on firmware update protocols for Android smartphones”
Seung Jei Yang, Jung Ho Choi, Ki Bom Kim and Tae Joo Chang
Android remains the dominant OS in the smartphone market even though the iOS share of the market increased during the iPhone 6 release period. As various types of Android smartphones are being launched in the market, forensic studies are being conducted to test data acquisition and analysis. However, since the application of new Android security technologies, it has become more difficult to acquire data using existing forensic methods. In order to address this problem, we propose a new acquisition method based on analyzing the firmware update protocols of Android smartphones. A physical acquisition of Android smartphones can be achieved using the flash memory read command by reverse engineering the firmware update protocol in the bootloader. Our experimental results demonstrate that the proposed method is superior to existing forensic methods in terms of the integrity guarantee, acquisition speed, and physical dump with screen-locked smart-phones (USB debugging disabled).

Click to access DFRWS2015-8.pdf

Click to access DFRWS2015-p8.pdf


new Android firmware research at DFRWS next week

DFRWS USA 2016, the Digital Forensics Research Conference USA 2015 is happening next week in Philadelphia, PA, USA. [DFRWS is the acronym, so I’m guessing it was a WorkShop before it was a Conference?] DFRWS is held in cooperation with the ACM’s SIG on Security, Audit and Control (SIGSAC).  Next week, there are a lot of interesting forensic and RE talks happening, but I only see one firmware-related one, from a quick look at the schedule:

“New acquisition method based on firmware update protocols for Android smartphones”
Seung Jei Yang, Jung Ho Choi, Ki Bom Kim, and Tae Joo Chang

Also, if you search the archives, you’ll find a handful of firmware-related talks (not many). DFRWS EU 2016 will be held from March 29 to April 1, 2016 in Lausanne, Switzerland.