You may find this paper of interest...
Abstract. At the end of 2011, Google released version 4.0 of its Android
operating system for smartphones. For the first time, Android smartphone
owners were supplied with a disk encryption feature that transparently
encrypts user partitions. On the downside, encrypted smartphones are
a nightmare for IT forensics and law enforcement, because brute force
appears to be the only option to recover encrypted data by technical
means. However, RAM contents are necessarily left unencrypted and, as
we show, they can be acquired from live systems with physical access only.
To this end, we present the data recovery tool Frost (Forensic Recovery
of Scrambled Telephones). Using Galaxy Nexus devices from Samsung
as an example, we show that it is possible to perform cold boot attacks
against Android smartphones and to retrieve valuable information from
RAM. This information includes personal messages, photos, passwords
and even the encryption key. Since smartphones get switched o only
seldom, and since the tools that we provide must not be installed before
the attack, our method can be applied in real cases.
read more......http://www1.cs.fau.de/filepool/projects/frost/frost.pdf
Abstract. At the end of 2011, Google released version 4.0 of its Android
operating system for smartphones. For the first time, Android smartphone
owners were supplied with a disk encryption feature that transparently
encrypts user partitions. On the downside, encrypted smartphones are
a nightmare for IT forensics and law enforcement, because brute force
appears to be the only option to recover encrypted data by technical
means. However, RAM contents are necessarily left unencrypted and, as
we show, they can be acquired from live systems with physical access only.
To this end, we present the data recovery tool Frost (Forensic Recovery
of Scrambled Telephones). Using Galaxy Nexus devices from Samsung
as an example, we show that it is possible to perform cold boot attacks
against Android smartphones and to retrieve valuable information from
RAM. This information includes personal messages, photos, passwords
and even the encryption key. Since smartphones get switched o only
seldom, and since the tools that we provide must not be installed before
the attack, our method can be applied in real cases.
read more......http://www1.cs.fau.de/filepool/projects/frost/frost.pdf