TL;DR The researchers claim this is a new memory forensic method to gather information from recently used apps from Android devices. Instead of extracting GUI-data from memory images, they extract app-internal data from them (which persists longer than the GUI-data) and restore the View from that data. With this method they can recreate multiple views in the past instead of only one if GUI-data is targeted directly. The method is app-agnostic and doesn't need any knowledge about the targeted apps. They tested their attack against at least 15 apps with success.
They call their method "RetroScope", sourcecode of their forensic tool can be found at Github:
1 comment
[ 2.4 ms ] story [ 13.2 ms ] threadThey call their method "RetroScope", sourcecode of their forensic tool can be found at Github:
https://github.com/ProjectRetroScope/RetroScope