共查询到19条相似文献,搜索用时 203 毫秒
1.
作为新兴的智能手机,Windows Phone手机呈稳步发展趋势,并越来越受到人们的关注.在介绍了WindowsPhone 7手机的系统架构和安全模型后,就取证遇到的问题详细地描述了取证方式,探讨了如何对Windows Phone 7智能手机进行取证.通过使用原生级方法和Windows Phone SDK访问Window Phone 7内核和其他数据来获得手机的有价值信息,同时通过一系列工具来分析手机上的文件.结果表明,能够从Windows Phone 7手机中有效寻找到短信、电子邮件、社交活动等证据资料. 相似文献
2.
本文介绍了基于Android平台的智能手机应用MTP协议[1]在PC机构建的一个虚拟文件系统[2]中进行案件检验的实例。涉案手机因设置了手机防盗锁且USB调试未打开,现有的手机取证工具无法对其数据进行提取。通过查询手机生产日期推断该手机版本支持MTP协议,并尝试利用MTP协议查看和拷贝手机内的文件,最终找到QQ文件夹下保存的解锁密码,解除屏幕锁后利用现有手机取证工具成功提取到涉案手机中的短信息、即时通讯记录等与案件相关的信息,为手机检验中破解第三方软件设置的屏幕锁解锁提供了一种新的方法。 相似文献
3.
Android智能手机锁屏密码及破解方法研究 总被引:1,自引:0,他引:1
随着移动通信技术的迅速发展和广泛应用,手机内部包含的信息已经成为犯罪侦查重要的线索和证据来源。由于人们对数据安全和隐私保护意识的提高,以及涉案嫌疑人的反侦查意识的增强,涉案的智能手机通常带有锁屏密码,在这种情况下,如何对其中的数据进行提取、处理和分析成为一个重要的研究方向。本文主要针对Android手机的锁屏问题进行研究,详细介绍了Android智能手机三种锁屏密码,即手势密码、PIN码密码以及复杂密码的文件结构和存储原理,分析了如何借助Android的ADB(Android debug bridge)调试模式方法来对Android智能手机进行手动的密码绕过或清除,针对Android手机在调试模式打开和未打开的情况下提出了不同的解决方法用于对手机进行密码破解和清除,这些方法在笔者实践中证明具有较高的实用性。 相似文献
4.
移动通信的发展带动了智能终端的普及,随之带来的还有更多的手机犯罪、然而在犯罪手机上取证时往往受到了手机屏幕锁的阻碍。本文研究分析了目前具有最大智能终端市场的Android平台上的屏幕解锁技术:先简单阐述了Android平台的系统架构;然后针对Android智能终端上不同的屏幕锁定方式分别进行研究分析,总结对应加密流程和明文密码规则来简化解锁步骤,提高解密效率;使取证能在更短的时间内完成工作;最后,提出了更多的解锁方式,使取证遇到屏幕锁定时能进行灵活的选择 相似文献
5.
6.
随着科学技术的不断发展和应用的不断推广,手机在人们日常生活中发挥越来越大的作用,手机取证也逐渐成为司法实践活动中的重要手段之一。文章从检察机关执法办案中开展手机取证工作的必要性出发,通过对近年来手机取证工作在检察机关开展现状的介绍,分析、总结了手机取证工作遇到的困难,并对今后手机取证工作开展的方向提出了建议。 相似文献
7.
PDU模式下的短信息编码方式,被GSM手机广泛运用。在实际检验鉴定工作中,涉案手机检验量大幅增加,并且手机检验分析系统无法解析镜像文件的情况时有发生,检验人员只有对PDU有足够的了解,才能对手机取证驾轻就熟。通过对PDU模式结构的实例分析,手工成功恢复出手机短信息,这种分析的方法和经验可以应用于所有GSM手机的短信息取证。 相似文献
8.
通过分析国产及山寨手机的软件结构特征,发现QQ数据的存储规律,结合实例介绍在国产手机、山寨手机上应用取证分析工具对QQ数据进行解析、提取的步骤、方法。 相似文献
9.
在对新型涉网犯罪的打击过程中,犯罪嫌疑人手机数据的采集是取证的关键环节,而在实战中,手机中存在至关重要线索和证据的微信聊天记录通常会被删除。如何能够快速、高效地恢复犯罪嫌疑人手机中已删除的微信聊天记录,是相关案件侦查过程中面临的亟待解决的问题。本文采用了目前最普遍使用的四款取证系统的最新版本,分别对当下主流的三十余款型号的华为和苹果手机进行微信数据采集,并在第一次采集完成后,对旧系统版本的实验手机进行系统升级后再次采集数据,以此比对分析不同取证系统恢复华为、苹果手机已删除微信聊天记录的效果。本文能为相关案件侦办中取证工具的选择提供参考。 相似文献
10.
通过基于淘宝指数的比较观察,分析中国智能手机市场,得出结论:中国智能手机市场上销量最大的手机,是中档次手机。当代中国智能手机市场上的主要的消费者,是中档次智能手机的消费者。相对高档次手机的购买者中的女性所占比例要高于相对低档次手机的购买者中女性所占比例。并结合对于中国本土智能手机厂商提出在手机中增加吸引男性消费者的因素以扩大销量的建议。 相似文献
11.
At the time of this writing, Android devices are widely used, and many studies considering methods of forensic acquisition of data from Android devices have been conducted. Similarly, a diverse collection of smartphone forensic tools has also been introduced. However, studies conducted thus far do not normally guarantee data integrity required for digital forensic investigations. Therefore, this work uses a previously proposed method of Android device acquisition utilizing ‘Recovery Mode’. This work evaluates Android Recovery Mode variables that potentially compromise data integrity at the time of data acquisition. Based on the conducted analysis, an Android data acquisition tool that ensures the integrity of acquired data is developed, which is demonstrated in a case study to test tool's ability to preserve data integrity. 相似文献
12.
WeChat is one of the most popular instant-messaging smartphone applications in the world. At the end of 2015, WeChat had 697 million monthly active users from over 200 countries. Although WeChat was designed originally for communication between relatives and friends, its abundant social functions are now also used by criminals for communication, and even for the organization and coordination of criminal acts. Therefore, communication records of social networking services like WeChat extracted from the smartphones of criminals are always the vital digital evidences for the investigation and prosecution of criminal cases. At present, only a few literatures focused on WeChat forensics. This paper describes several common questions that arise in forensic examinations of Android WeChat and provides corresponding technical methods that are useful to address these questions. This paper is intended to provide vital references for the investigators and researchers working on the digital forensics. 相似文献
13.
The increased use of social networking applications on smartphones makes these devices a goldmine for forensic investigators. Potential evidence can be held on these devices and recovered with the right tools and examination methods. This paper focuses on conducting forensic analyses on three widely used social networking applications on smartphones: Facebook, Twitter, and MySpace. The tests were conducted on three popular smartphones: BlackBerrys, iPhones, and Android phones. The tests consisted of installing the social networking applications on each device, conducting common user activities through each application, acquiring a forensically sound logical image of each device, and performing manual forensic analysis on each acquired logical image. The forensic analyses were aimed at determining whether activities conducted through these applications were stored on the device's internal memory. If so, the extent, significance, and location of the data that could be found and retrieved from the logical image of each device were determined. The results show that no traces could be recovered from BlackBerry devices. However, iPhones and Android phones store a significant amount of valuable data that could be recovered and used by forensic investigators. 相似文献
14.
手机物证检验及其在刑事侦查中的应用 总被引:4,自引:2,他引:2
随着移动通信技术的迅速发展和广泛应用,手机内部包含的信息已经成为犯罪侦查重要的线索和证据来源。采用专门的符合物证鉴定原理要求的技术方法检验手机的SIM卡存储器、主板存储器和闪存卡,可以获得大量的手机使用者个人信息、通信内容信息、通信发生信息、使用者写入存储信息和手机设置信息等大量信息资料。手机检验结果给出的这些信息具有非常高的侦查和证据价值的,手机也因此成为物证鉴定领域内一个新的检验对象。 相似文献
15.
Android operating system has the highest market share in 2014; making it the most widely used mobile operating system in the world. This fact makes Android users the biggest target group for malware developers. Trend analyses show large increase in mobile malware targeting the Android platform. Android's security mechanism is based on an instrument that informs users about which permissions the application needs to be granted before installing them. This permission system provides an overview of the application and may help gain awareness about the risks. However, we do not have enough information to conclude that standard users read or digital investigators understand these permissions and their implications. Digital investigators need to be on the alert for the presence of malware when examining Android devices, and can benefit from supporting tools that help them understand the capabilities of such malicious code. This paper presents a permission-based Android malware detection system, APK Auditor that uses static analysis to characterize and classify Android applications as benign or malicious. APK Auditor consists of three components: (1) A signature database to store extracted information about applications and analysis results, (2) an Android client which is used by end-users to grant application analysis requests, and (3) a central server responsible for communicating with both signature database and smartphone client and managing whole analysis process. To test system performance, 8762 applications in total, 1853 benign applications from Google's Play Store and 6909 malicious applications from different sources were collected and analyzed by the system developed. The results show that APK Auditor is able to detect most well-known malwares and highlights the ones with a potential in approximately 88% accuracy with a 0.925 specificity. 相似文献
16.
Abdullah Azfar M.S. Kim‐Kwang Raymond Choo Ph.D. Lin Liu Ph.D. 《Journal of forensic sciences》2016,61(5):1337-1350
Due to the popularity of Android devices and applications (apps), Android forensics is one of the most studied topics within mobile forensics. Communication apps, such as instant messaging and Voice over IP (VoIP), are one popular app category used by mobile device users, including criminals. Therefore, a taxonomy outlining artifacts of forensic interest involving the use of Android communication apps will facilitate the timely collection and analysis of evidentiary materials from such apps. In this paper, 30 popular Android communication apps were examined, where a logical extraction of the Android phone images was collected using XRY, a widely used mobile forensic tool. Various information of forensic interest, such as contact lists and chronology of messages, was recovered. Based on the findings, a two‐dimensional taxonomy of the forensic artifacts of the communication apps is proposed, with the app categories in one dimension and the classes of artifacts in the other dimension. Finally, the artifacts identified in the study of the 30 communication apps are summarized using the taxonomy. It is expected that the proposed taxonomy and the forensic findings in this paper will assist forensic investigations involving Android communication apps. 相似文献
17.
Increasingly, Android smartphones are becoming more pervasive within the government and industry, despite the limited ways to detect malicious applications installed to these phones' operating systems. Although enterprise security mechanisms are being developed for use on Android devices, these methods cannot detect previously unknown malicious applications. As more sensitive enterprise information becomes available and accessible on these smartphones, the risk of data loss inherently increases. A malicious application's actions could potentially leave sensitive data exposed with little recourse. Without an effective corporate monitoring solution in place for these mobile devices, organizations will continue to lack the ability to determine when a compromise has occurred. This paper presents research that applies traditional digital forensic techniques to remotely monitor and audit Android smartphones. The smartphone sends changed file system data to a remote server, allowing for expensive forensic processing and the offline application of traditional tools and techniques rarely applied to the mobile environment. The research aims at ascertaining new ways of identifying malicious Android applications and ultimately attempts to improve the state of enterprise smartphone monitoring. An on-phone client, server, database, and analysis framework was developed and tested using real mobile malware. The results are promising that the developed detection techniques identify changes to important system partitions; recognize file system changes, including file deletions; and find persistence and triggering mechanisms in newly installed applications. It is believed that these detection techniques should be performed by enterprises to identify malicious applications affecting their phone infrastructure. 相似文献
18.
The Android platform has been deployed across a wide range of devices, predominately mobile phones, bringing unprecedented common software features to a diverse set of devices independent of carrier and manufacturer. Modern digital forensics processes differentiate collection and analysis, with collection ideally only occurring once and the subsequent analysis relying upon proper collection. After exploring special device boot modes and Android’s partitioning schema we detail the composition of an Android bootable image and discuss the creation of such an image designed for forensic collection. The major contribution of this paper is a general process for data collection of Android devices and related results of experiments carried out on several specific devices. 相似文献
19.
《Science & justice》2020,60(2):180-190
In forensic investigations it is often of value to establish whether two phones were used by the same person during a given time period. We present a method that uses time and location of cell tower registrations of mobile phones to assess the strength of evidence that any pair of phones were used by the same person. The method is transparent as it uses logistic regression to discriminate between the hypotheses of same and different user, and a standard kernel density estimation to quantify the weight of evidence in terms of a likelihood ratio. We further add to previous theoretical work by training and validating our method on real world data, paving the way for application in practice. The method shows good performance under different modeling choices and robustness under lower quantity or quality of data. We discuss practical usage in court. 相似文献