检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:胡志强 蓝锴 Hu Zhiqiang;Lan Kai(Beijing Institute of Computer Technology and Application,Beijing 100854)
机构地区:[1]北京计算机技术及应用研究所,北京100854
出 处:《网络空间安全》2021年第6期19-25,共7页Cyberspace Security
摘 要:以微信为研究切入口,提取出微信SQLite数据库中的聊天记录、朋友圈等信息并进行分析。以16进制读取SQLite和预写式日志(WAL)并分析其存储结构和工作原理,可以分析出带有删除标识的信息,使用基于WAL的快速恢复方法和基于Type字段的深度恢复方法,通过对WAL日志文件和Type字段中带有删除标识字段的修改,达到恢复数据库表中被删除信息的目的。分别对这两种方法进行数据恢复实验,并对实验结果进行分析,以证明这两种数据恢复方法的有效性。侧重研究了SQLite数据恢复方法的实验设计、过程与结果分析,对智能手机的误删恢复和手机取证等进行了有益的探索和研究。In this paper,the WeChat is taken as research entrance,pick up and analyze message logs and circles of SQLite in WeChat.SQLite and WAL (Write Ahead Log) were read in hex to analyze their storage structure and working principle.After that,analyze the information that with deleting identities.It’s two SQLite data recovery ways used that based on WAL and Type words.These ways recover deleted data of lists in SQLite by changing the information that with deleting identities in Write Ahead Log and Type words.Doing the experiment on these two methods as well as analyzing the result to prove the effectiveness of these ways.This paper focuses on the design,process and result analysis of SQLite data recovery methods,makes beneficial exploration and research for data recovery and Mobile phone forensics.
关 键 词:SQLITE 微信 预写式日志 数据恢复 手机取证
分 类 号:TP309.3[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28
