PERIODIC MOBILE FORENSICS

摘要

A forensics analysis is conducted on each of multiple mobile devices in an enterprise system to detect malicious activity. The systems and methods described include storing a single baseline image for the multiple mobile devices at a server. A client-side application on each mobile device scans storage locations to identify changes in data compared to a previous scan. At least a portion of the information about the changes is sent to the server. The server reconstructs snapshot images for each mobile device based on the baseline image and the received information. Malicious activity is detected by comparing the reconstructed snapshot image to a previous snapshot image for each mobile device.

主权项

1. A method for analyzing data on a mobile device, comprising:
scanning current data in memory on a mobile device, identifying, using a processor, a plurality of changes to the current data based on a previous scan, storing information about the plurality of changes to the current data at the mobile device, sending at least a portion of the information to a server, and reconstructing the current data at the server based on the information and baseline data; analyzing data by comparing the reconstructed current data to reconstructed data based on the previous scan.