Figure 2 - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Source publication
The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this devic...
Context in source publication
Citations
... As the capacity of the main memory grows in Android smartphones, the forensic research for volatile memory was introduced (Sylve et al., 2012). The analysis of social networking applications (Mutawa et al., 2012), the prototype enterprise monitoring system for Android smartphones (Grover, 2013), and the Kindle forensics (Hannay, 2011;Iqbal et al., 2013) were also studied. ...
Abstract Android remains the dominant OS in the smartphone market even though the iOS share of the market increased during the iPhone 6 release period. As various types of Android smartphones are being launched in the market, forensic studies are being conducted to test data acquisition and analysis. However, since the application of new Android security technologies, it has become more difficult to acquire data using existing forensic methods. In order to address this problem, we propose a new acquisition method based on analyzing the firmware update protocols of Android smartphones. A physical acquisition of Android smartphones can be achieved using the flash memory read command by reverse engineering the firmware update protocol in the bootloader. Our experimental results demonstrate that the proposed method is superior to existing forensic methods in terms of the integrity guarantee, acquisition speed, and physical dump with screen-locked smartphones (USB debugging disabled).
... The first notable published research on Kindle Forensics was by Peter Hannay at Edith Cowan University [14]. His research offered insight into forensically examining the various partitions on a Kindle by enabling the debug mode and then enabling usb networkingthus treating the Kindle like a network device to acquire data from it. ...
This research presents two developed approaches for the forensic acquisition of an Amazon Kindle Fire HD. It describes the forensic acquisition and analysis of the Amazon Kindle Fire HD device. Two developed methods of acquisition are presented; one requiring a special cable to reflash the boot partition of the device with a forensic acquisition environment (Method A), and the other exploiting a vulnerability in the device's Android operating system (Method B). A case study is then presented showing the various digital evidence that can be extracted from the device. The results indicate that Method A is more favorable because it utilizes a general methodology that does not exploit a vulnerability that could potentially be patched by Amazon in future software updates.
... The first notable published research on Kindle Forensics was by Peter Hannay at Edith Cowan University [14]. His research offered insight into forensically examining the various partitions on a Kindle by enabling the debug mode and then enabling usb networkingthus treating the Kindle like a network device to acquire data from it. ...
This research presents two developed approaches for the forensic acquisition of an Amazon Kindle Fire HD. It describes the forensic acquisition and analysis of the Amazon Kindle Fire HD device. Two developed methods of acquisition are presented; one requiring a special cable to reflash the boot partition of the device with a forensic acquisition environment (Method A), and the other exploiting a vulnerability in the device's Android operating system (Method B). A case study is then presented showing the various digital evidence that can be extracted from the device. The results indicate that Method A is more favorable because it utilizes a general methodology that does not exploit a vulnerability that could potentially be patched by Amazon in future software updates.
In this chapter, we conduct a forensic analysis of Amazon’s Kindle Fire HD and report on our findings.
Recent research in Android device forensics has largely focused on evidence recovery from NAND flash memory. However, pervasive deployment of NAND flash encryption technologies and the increase in malware infections which reside only in main memory have motivated an urgent need for the forensic study of main memory. Existing Android main memory forensics techniques are hardly being adopted in practical forensic investigations because they often require solving several usability constraints, such as requiring root privilege escalation, custom kernel replacement, or screen lock bypass. Moreover, there are still no commercially available tools for acquiring the main memory data of smart devices. To address these problems, we have developed an automated tool, called AMD, which is capable of acquiring the entire content of main memory from a range of Android smartphones and smartwatches. In developing AMD, we analyzed the firmware update protocols of these devices by reverse engineering the Android bootloader. Based on this study, we have devised a method that allows access to main memory data through the firmware update protocols. Our experimental results show that AMD overcomes the usability constraints of previous main memory acquisition approaches and that the acquired main memory data of a smartphone or smartwatch can be accurately used in forensic investigations.
