Forensic Recovery of Scrambled Telephones
  • Tilo Müller
  • Michael Spreitzenbarth
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7954)


At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently encrypts user partitions. On the downside, encrypted smartphones are a nightmare for IT forensics and law enforcement, because brute force appears to be the only option to recover encrypted data by technical means. However, RAM contents are necessarily left unencrypted and, as we show, they can be acquired from live systems with physical access only. To this end, we present the data recovery tool Frost (Forensic Recovery of Scrambled Telephones). Using Galaxy Nexus devices from Samsung as an example, we show that it is possible to perform cold boot attacks against Android smartphones and to retrieve valuable information from RAM. This information includes personal messages, photos, passwords and the encryption key. Since smartphones get switched off only seldom, and since the tools that we provide must not be installed before the attack, our method can be applied in real cases.


Digital Evidence Brute Force Attack USENIX Association USENIX Security Symposium User Partition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Smith, A.: 35% of American adults own a smartphone. Pew Internet and American Life Project. Pew Research Center (July 2011)Google Scholar
  2. 2.
    Ponemon Institute LLC. The Lost Smartphone Problem: Benchmark study of U.S. organizations. In: Ponemon Institute Research Report. sponsored by McAfee (October 2011)Google Scholar
  3. 3.
    Gutmann, P.: Data Remanence in Semiconductor Devices. In: Proceedings of the 10th USENIX Security Symposium, Washington, D.C. USENIX Association (August 2001)Google Scholar
  4. 4.
    Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold Boot Attacks on Encryptions Keys. In: Proceedings of the 17th USENIX Security Symposium, San Jose, CA, August 2008, pp. 45–60. Princeton University, USENIX Association (August 2008)Google Scholar
  5. 5.
    Android Open Source Project (AOSP). Notes on the implementation of encryption in Android 3.0,
  6. 6.
    Turan, M., Barker, E., Burr, W., Chen, L.: Special Publication 800-132: Recommendation for Password-Based Key Derivation. Technical report, NIST, Computer Security Division, Information Technology Laboratory (December 2010)Google Scholar
  7. 7.
    Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge Attacks on Smartphone Touch Screens. In: WOOT 2010, 4th USENIX Workshop on Offensive Technologies. Department of Computer and Information Science, University of Pennsylvania (August 2010)Google Scholar
  8. 8.
    Kumar, M.: Android facial recognition based unlocking can be fooled with photo. The Hacker News (November 2011),
  9. 9.
    Skorobogatov, S.: Data Remanence in Flash Memory Devices. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 339–353. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Anderson, R., Kuhn, M.: Tamper Resistance – a Cautionary Note. In: The Second USENIX Workshop on Electronic Commerce Proceedings, Oakland, California, pp. 1–11. USENIX Association (November 1996)Google Scholar
  11. 11.
    Rahmati, A., Salajegheh, M., Holcomb, D., Sorber, J., Burleson, W., Fu, K.: TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices withou Clocks. In: 21st USENIX Security Symposium, Bellevue, WA, UMass Amherst, USENIX Association (August 2012)Google Scholar
  12. 12.
    Saxena, N., Voris, J.: We Can Remember It for You Wholesale: Implications of Data Remanence on the Use of RAM for True Random Number Generation on RFID Tags. In: 5th Workshop on RFID Security (RFIDSec), Leuven, Belgium, Polytechnic Institute of New York University (July 2009)Google Scholar
  13. 13.
    xdadevelopers. Google Play Nexus not wiping after Bootloader Unlock. Thread 1650830 (April 2012),
  14. 14.
    xdadevelopers. Internal Memory Data Recovery - Yes We Can! Thread 1994705 (November 2012),
  15. 15.
    xdadevelopers. GT-i9100 Galaxy SII FAQ. Thread 1046748 (April 2011),
  16. 16.
    Sylve, J.: LiME - Linux Memory Extractor. In: ShmooCon 2012, Washingtion, D.C. Digital Forensics Solutions, LLC (January 2012)Google Scholar
  17. 17.
    Zugelder, M.: (April 2012),
  18. 18.
    Cannon, T., Bradford, S.: Into the Droid: Gaining Access to Android User Data. In: DefCon 2012. VIA Forensics (July 2012)Google Scholar
  19. 19.
    Müller, T., Freiling, F., Dewald, A.: TRESOR Runs Encryption Securely Outside RAM. In: 20th USENIX Security Symposium, San Francisco, California. University of Erlangen-Nuremberg, USENIX Association (August 2011)Google Scholar
  20. 20.
    Müller, T., Taubmann, B., Freiling, F.C.: TreVisor: OS-Independent Software-Based Full Disk Encryption Secure Against Main Memory Attacks. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 66–83. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Tilo Müller
    • 1
  • Michael Spreitzenbarth
    • 1
  1. 1.Department of Computer ScienceFriedrich-Alexander University of Erlangen-NurembergGermany

Personalised recommendations