检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:龙源[1] 邢桂东[1] 郭丽莉[1] 楚川红[1] 仲利静[1]
出 处:《刑事技术》2015年第4期338-339,共2页Forensic Science and Technology
摘 要:本文介绍了对Android手机物理内存镜像进行关键字搜索获取删除短信数据的案件检验实例。本案中嫌疑人已对涉案手机进行了数据删除操作,现有手机取证工具只能获取部分删除短信数据。但通过获取该手机物理存储镜像,并结合案情选定关键词对镜像进行关键字搜索,最终提取到了与案件相关的删除短信数据,为Android手机检验中删除短信检验提供了一种新的方法。This paper introduces a digital forensic examination on storage dump from an Android smart phone to access the deleted SMS data. The SMS data had been deleted by the suspect from the Android smart phone. Part of the deleted SMS data could be recovered using DC-4500 mobile phone forensic system and Oxygen Forensic Suite 2014, but proved to be irrelevant to the case. Commonly, the above software can only analyze the SMS database file, thus the deleted data would no longer exist in the SMS database if the sqlite database had already recycled the storage space. Therefore, a new inspection method was deployed to access the deleted SMS data. At first, the Android phone was rooted and its hex-dump got with DC-4500 mobile phone forensic system, and then some keywords were selected and searched through the hex-dump by X-Way Forensics. Subjected to further analysis, the evidentially deleted SMS data fragment that the suspects tried to destroy after committing their crime, was finally found in the free space of hex-dump. Currently, Android smart-phones involved in cases are even more commonly emerging, resulting in the ever-increased necessity to get relevant hex-dumps from the phones and obtain data through keyword-searching into them. The method of this paper could be taken as a reference for future work.
关 键 词:手机取证 Android智能手机 删除短信 空余空间
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.17.153.20