1 |
Proposta de método para análise pericial em smartphone com sistema operacional android / Proposed method for forensic analisys in smartphone with android operating systemSimão, André Morum de Lima 27 September 2011 (has links)
Dissertação (mestrado)—Universidade de Brasília, Departamento de Engenharia Elétrica, 2011. / Submitted by Albânia Cézar de Melo (albania@bce.unb.br) on 2012-01-26T14:48:40Z
No. of bitstreams: 1
2011_AndreMorumLimaSimao.pdf: 4005211 bytes, checksum: 1bf9adc84d824a32112c1f1fb2286e8c (MD5) / Approved for entry into archive by Elzi Bittencourt(elzi@bce.unb.br) on 2012-02-07T09:57:03Z (GMT) No. of bitstreams: 1
2011_AndreMorumLimaSimao.pdf: 4005211 bytes, checksum: 1bf9adc84d824a32112c1f1fb2286e8c (MD5) / Made available in DSpace on 2012-02-07T09:57:03Z (GMT). No. of bitstreams: 1
2011_AndreMorumLimaSimao.pdf: 4005211 bytes, checksum: 1bf9adc84d824a32112c1f1fb2286e8c (MD5) / Existem abordagens periciais bem difundidas e documentadas para exames em aparelhos celulares e computadores, mas não são suficientemente detalhadas para atender as especificidades de um celular com o sistema operacional Android. O objetivo deste trabalho é, a partir das abordagens atuais de análise forense em telefones celulares, propor um método específico para aqueles com o sistema operacional Android, dadas as peculiaridades da plataforma e as situações encontradas pelo analista pericial. Com a crescente adoção do sistema operacional Android nos dispositivos móveis e a própria evolução da plataforma, há uma tendência natural de estes equipamentos conterem cada vez mais informações que podem ser úteis ao processo investigativo. A partir do método proposto foram mapeadas, por meio da diagramação, as situações reais com que os peritos se deparam durante as etapas de apreensão, aquisição dos dados, exame e documentação, fornecendo os subsídios necessários para realizar os procedimentos forenses da forma correta. Foram propostos estudos de caso com base em três cenários distintos. Os cenários foram criados a partir de smartphones utilizados rotineiramente por usuários com perfis de utilização distintos. Assim, foi possível verificar o trabalho desenvolvido nesta dissertação a partir da aplicação do método em diferentes situações em que o analista pode se deparar. ______________________________________________________________________________ ABSTRACT / Although there are well documented and widespread approaches about forensic exam on mobile devices and computers, they are not detailed enough to meet all the specificities of an Android phone. The goal this work is, based on the actual guidelines of cell phones forensic analysis, create a specific method for the ones with the Android operating system, given the peculiarities of the platform and the situations that the forensic analyst will face. With the increasing adoption of the Android operating system in mobile devices and the evolution of the platform itself, there is a natural tendency of these devices increasingly contain information that may be useful to the investigation process.
With this method, it was possible to map, through a workflow, real situations that forensic analysts could face in the phases of cell phone seizure, data acquisition, exam and report, giving the necessary knowledge to execute the forensic procedures in a correct way. Case studies were proposed based on three different scenarios. The scenarios were created from smartphones used routinely by users with different usage profiles. Thus, it was possible to verify the work in this thesis from the application of the method in different situations in which the analyst may come across.
|
2 |
Análise de objetos a partir da extração da memória RAM de sistemas sobre Android Run-Time (ART) / Objects analisys based on ram memory extraction over android run-time (ART) systemsSoare, Alberto Magno Muniz 16 December 2016 (has links)
Dissertação (mestrado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2016. / Submitted by Camila Duarte (camiladias@bce.unb.br) on 2017-01-26T13:34:31Z
No. of bitstreams: 1
2016_AlbertoMagnoMunizSoares.pdf: 2637603 bytes, checksum: 014fcec35129d64f57837bd31cb0b8b2 (MD5) / Approved for entry into archive by Ruthléa Nascimento(ruthleanascimento@bce.unb.br) on 2017-03-03T16:45:42Z (GMT) No. of bitstreams: 1
2016_AlbertoMagnoMunizSoares.pdf: 2637603 bytes, checksum: 014fcec35129d64f57837bd31cb0b8b2 (MD5) / Made available in DSpace on 2017-03-03T16:45:42Z (GMT). No. of bitstreams: 1
2016_AlbertoMagnoMunizSoares.pdf: 2637603 bytes, checksum: 014fcec35129d64f57837bd31cb0b8b2 (MD5) / Este trabalho tem o objetivo de apresentar uma técnica de análise de objetos em memória no ambiente de execução ART (Android Run-Time) a partir de uma extração de dados da memória volátil. Um estudo do código fonte AOSP (Android Open Source Project) foi feito para entendimento do ambiente de execução utilizado no sistema operacional Android moderno, e foram elaboradas ferramentas de software que permitem a localização, extração e interpretação de dados úteis para o contexto forense. Construídas como extensões para o framework Volatility, essas ferramentas possibilitam localizar, em uma extração de memória de um dispositivo com arquitetura ARM, instâncias de classes arbitrárias e suas propriedades de dados. / The work in this thesis aims at describe a technique for analyzing objects in memory within the execution environment ART (Android Run-Time) from a volatile memory data extraction. A study of the AOSP (Android Open Source Project) source code was necessary to understand the runtime environment used in the modern Android operating system, and software tools were developed allowing the location, extraction and interpretation of useful data for the forensic context. Built as extensions for the Volatility Framework, these tools enable to locate, in a memory extraction from a device with ARM architecture, arbitrary instances of classes and their data properties.
|
3 |
Extração e análise de memória volátil em ambientes android : uma abordagem voltada à reconstrução de trajetórias / Extraction and analysis of volatile memory in android systems : an approach focused on trajectory reconstructionSousa, João Paulo Claudino de 29 September 2016 (has links)
Dissertação (mestrado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2016. / Submitted by Fernanda Percia França (fernandafranca@bce.unb.br) on 2017-02-02T17:25:43Z
No. of bitstreams: 1
2016_JoãoPauloClaudinodeSousa.pdf: 10665963 bytes, checksum: fcb03c36f01e5e1b089b96548d2daed7 (MD5) / Approved for entry into archive by Raquel Viana(raquelviana@bce.unb.br) on 2017-02-08T20:19:46Z (GMT) No. of bitstreams: 1
2016_JoãoPauloClaudinodeSousa.pdf: 10665963 bytes, checksum: fcb03c36f01e5e1b089b96548d2daed7 (MD5) / Made available in DSpace on 2017-02-08T20:19:46Z (GMT). No. of bitstreams: 1
2016_JoãoPauloClaudinodeSousa.pdf: 10665963 bytes, checksum: fcb03c36f01e5e1b089b96548d2daed7 (MD5) / Dispositivos Android são amplamente utilizados e podem funcionar como receptores GPS. Informações de tempo e posicionamento possuem grande relevância no campo investigativo, todavia, os dados armazenados em mídia não-volátil podem ser limitados no que diz respeito à reconstrução de trajetórias. Este trabalho propõe um método de recuperação de mensagens com coordenadas GPS armazenadas na memória RAM de dispositivos móveis Android, a fim de reconstruir o trajeto trilhado pelo dispositivo. Estudos relacionados encontrados na literatura se mostraram limitados, uma vez que a maioria dos trabalhos produzidos são voltados à recuperação de informações de posicionamento de artefatos tipicamente encontrados em memória não-volátil. No desenvolvimento deste trabalho foi possível detalhar a arquitetura GPS em ambientes Android, viabilizando o entendimento dos principais mecanismos de armazenamento de coordenadas de posicionamento. Nesta linha, constatou-se que o protocolo NMEA 0183 tem importância fundamental na comunicação dos receptores GPS com os diversos tipos de aparelhos, uma vez que provê uma forma padronizada de transmissão dos dados de posicionamento. Ademais, foram realizados experimentos em diferentes ambientes, com aparelhos de distintas arquiteturas, para analisar a viabilidade da reconstrução de trajetórias com base nas mensagens do protocolo NMEA 0183 recuperadas da memória RAM, bem como nas estruturas textuais com características de coordenadas geodésicas. No desenvolvimento da técnica, foi possível verificar as dificuldades que podem atrapalhar o processo de extração e análise dos dados, bem como foram desenvolvidas ferramentas para auxiliar o processo. / Android devices are widely used and can function as GPS receivers. Time and position information have great relevance in the investigative field, however, data stored in non-volatile media may be limited with regard to the reconstruction of trajectories. This study proposes a method for recovering messages with GPS coordinates stored in RAM memory of Android mobile devices, in order to rebuild the trajectory of the device. Related literature proved limited since the majority of the studies produced were directed to recovery of positioning information from artifacts typically found in non-volatile memory. In the development of this work, it was possible to detail GPS architecture on Android environments, providing a better understanding of the positioning coordinate storage mechanisms. Along this line, it was discovered that the NMEA 0183 protocol is critical for the communication of GPS receivers with the various types of equipment, since it provides a standard way of broadcasting positioning data. Experiments were performed in different environments, with different device architectures, to analyze the feasibility of reconstruction of trajectories based on the NMEA 0183 protocol messages and geodetic coordinates in textual format retrieved from RAM memory. In developing this technique, it was possible to verify the problems that can hinder the process of extraction and analysis of data. In addition, tools have been developed to aid the process of trajectory reconstruction.
|
4 |
Ideal traffic : a framework for building monitoring systems for intelligent transportation systems.Silva, Saul Emanuel Delabrida January 2012 (has links)
Programa de Pós-Graduação em Ciência da Computação. Departamento de Ciência da Computação, Instituto de Ciências Exatas e Biológicas, Universidade Federal de Ouro Preto. / Submitted by Oliveira Flávia (flavia@sisbin.ufop.br) on 2015-11-03T18:46:29Z
No. of bitstreams: 2
license_rdf: 22190 bytes, checksum: 19e8a2b57ef43c09f4d7071d2153c97d (MD5)
DISSERTAÇÃO_IdealTrafficFramework.pdf: 4394447 bytes, checksum: 59957d5d4058cc84135f55c4a16f0df1 (MD5) / Approved for entry into archive by Gracilene Carvalho (gracilene@sisbin.ufop.br) on 2015-11-04T17:03:17Z (GMT) No. of bitstreams: 2
license_rdf: 22190 bytes, checksum: 19e8a2b57ef43c09f4d7071d2153c97d (MD5)
DISSERTAÇÃO_IdealTrafficFramework.pdf: 4394447 bytes, checksum: 59957d5d4058cc84135f55c4a16f0df1 (MD5) / Made available in DSpace on 2015-11-04T17:03:17Z (GMT). No. of bitstreams: 2
license_rdf: 22190 bytes, checksum: 19e8a2b57ef43c09f4d7071d2153c97d (MD5)
DISSERTAÇÃO_IdealTrafficFramework.pdf: 4394447 bytes, checksum: 59957d5d4058cc84135f55c4a16f0df1 (MD5)
Previous issue date: 2012 / The evolution and dissemination of network communication technology and the advanced status of embedded devices encourage the creation of solutions for monitoring cities in various environments. Intelligent Transportation Systems (ITS) is an area that makes use of these technologies, so that end-users can benefit from applications that deliver information in real time. On the other hand, administrating these applications is not a trivial task. Components may fail and invalidate an application. Usually, traffic application's architecture is centralized, fact that increases the cost of maintenance and reduces the flexibility of resources reuse. There are features required on ITS such as adaptability, scalability, heterogeneity, interoperability, openness, accessibility, and flexibility. It was not found on the literature any related work that aims to cover all these features, although some of them are requisites for ITS developed for use in North America and Europe. In this work we present IDEAL-TRAFFIC: a framework based on SOA architecture for building monitoring applications, with the ability to manage the state of the applications. IDEAL-TRAFFIC provides a simple interface that enables system administrators create applications and make them available to end-users. A self-adaptation process is included in the IDEAL-TRAFFIC framework in order to ensure fault tolerance. For the implementation of these features, rules of the application need to be considered and might depend upon the minimum of human intervention, since the framework can use third part systems or legacy systems to retrieve relevant data to continue running an application. In this thesis we have applied the IDEAL-TRAFFIC to two use cases to illustrate its use for ITS. In the first use case, we demonstrate the use of the framework in static nodes. In the second use case, we show how the framework may be integrated with vehicular networks. Three experiments have been launched. In all executions we reproduced the first use case over embedded devices. In order to demonstrate the framework accordance with the main ITS requirements, we illustrate the creation of services using XML SOA files, the communication among devices, the integration of the framework with a legacy system, and the scalability of the system. In all experiments we have obtained the expected results. This fact shows that the IDEAL-TRAFFIC is in accordance with the main ITS requirements. In the experiments launched, it was proved that the use of XML is an effective and efficient alternative, to create applications using services available by several nodes on the network. The proposed process reduces the time of creation of applications.
|
Page generated in 0.097 seconds