In this paper, we aim at recovering valuable information from encrypted smartphones. Roughly speaking, we analyze the characteristics of the remanence eff ect on smartphones, prove that Android's boot sequence enable us to perform cold boot attacks, and show that valuable information can be retrieved from RAM. To this end, we present our recovery tool Frost (Forensic Recovery of Scrambled Telephones). Frost can be loaded to a smartphone after we got physical access to it, and without the need to have user privileges on it. We carry out our experiments exemplarily for Galaxy Nexus devices.
Detailed research description with pictures: FROST: Forensic Recovery Of Scrambled Telephones
Technical report: Forensic Recovery of Scrambled Telephones
Easy readable article in Forbes: "Frost" Attack Unlocks Android Phones' Data By Chilling Their Memory In A Freezer
Cracked 4-digit PIN