共查询到20条相似文献,搜索用时 0 毫秒
1.
In this paper we present a methodology for the forensic analysis of the artifacts generated on Android smartphones by Telegram Messenger, the official client for the Telegram instant messaging platform, which provides various forms of secure individual and group communication, by means of which both textual and non-textual messages can be exchanged among users, as well as voice calls.Our methodology is based on the design of a set of experiments suitable to elicit the generation of artifacts and their retention on the device storage, and on the use of virtualized smartphones to ensure the generality of the results and the full repeatability of the experiments, so that our findings can be reproduced and validated by a third-party.In this paper we show that, by using the proposed methodology, we are able (a) to identify all the artifacts generated by Telegram Messenger, (b) to decode and interpret each one of them, and (c) to correlate them in order to infer various types of information that cannot be obtained by considering each one of them in isolation.As a result, in this paper we show how to reconstruct the list of contacts, the chronology and contents of the messages that have been exchanged by users, as well as the contents of files that have been sent or received. Furthermore, we show how to determine significant properties of the various chats, groups, and channels in which the user has been involved (e.g., the identifier of the creator, the date of creation, the date of joining, etc.). Finally, we show how to reconstruct the log of the voice calls made or received by the user.Although in this paper we focus on Telegram Messenger, our methodology can be applied to the forensic analysis of any application running on the Android platform. 相似文献
2.
3.
4.
《Forensic Science International: Genetics Supplement Series》2013,4(1):e125-e126
Traditional body fluid identification methods use a variety of technologically diverse techniques that do not permit the identification of all body fluids. Definitive identification of the biological material present can be crucial to a fuller understanding of the circumstances pertaining to a crime. Thus definitive molecular based strategies for the conclusive identification of forensically relevant biological fluids need to be developed. Messenger (mRNA) profiling is an example of such a molecular based approach.Current mRNA body fluid identification assays typically involve either capillary electrophoresis (CE) or quantitative RT-PCR (qRT-PCR) platforms, each with its own limitations. Both platforms require the use of expensive fluorescently labeled primers or probes. CE-based assays require separate amplification and detection steps thus increasing the time required for analysis. For qRT-PCR assays, only 3 or 4 markers can be included in a single reaction since each requires a different fluorescent dye. To simplify mRNA profiling assays and to reduce the time and cost of analysis, we have developed multiplex high resolution melt (HRM) assays that provide an identification of all forensically relevant biological fluids and tissues. 相似文献
5.
Memory analysis has been successfully utilized to detect malware in many high profile cases. The use of signature scanning to detect malicious tools is becoming an effective triaging and first response technique. In particular, the Yara library and scanner has emerged as the defacto standard in malware signature scanning for files, and there are many open source repositories of yara rules. Previous attempts to incorporate yara scanning in memory analysis yielded mixed results. This paper examines the differences between applying Yara signatures on files and in memory and how yara signatures can be developed to effectively search for malware in memory. For the first time we document a technique to identify the process owner of a physical page using the Windows PFN database. We use this to develop a context aware Yara scanning engine which can scan all processes simultaneously using a single pass over the physical image. 相似文献
6.
7.
Niken Dwi Wahyu Cahyani Ph.D Kim‐Kwang Raymond Choo Ph.D. Nurul Hidayah Ab Rahman Ph.D. Helen Ashman Ph.D. 《Journal of forensic sciences》2019,64(1):243-253
Advances in technologies including development of smartphone features have contributed to the growth of mobile applications, including dating apps. However, online dating services can be misused. To support law enforcement investigations, a forensic taxonomy that provides a systematic classification of forensic artifacts from Windows Phone 8 (WP8) dating apps is presented in this study. The taxonomy has three categories, namely: Apps Categories, Artifacts Categories, and Data Partition Categories. This taxonomy is built based on the findings from a case study of 28 mobile dating apps, using mobile forensic tools. The dating app taxonomy can be used to inform future studies of dating and related apps, such as those from Android and iOS platforms. 相似文献
8.
Forensic DNA analysis has the potential to provide useful information for criminal justice even in cases where there is no match, neither between the DNA profile generated from the crime scene and the existing DNA profiles in criminal databases, nor between the DNA collected at a crime scene and potential suspects. In contrast to traditional forensic genetic testing, forensic familial DNA searching does not provide evidence, but helps to generate investigative leads and narrow down the range of potential offenders. The aim of this study is to examine, whether there is a need for special regulation of this topic in Hungary. 相似文献
9.
10.
Niken Dwi Wahyu Cahyani M.S. Ben Martini Ph.D. Kim‐Kwang Raymond Choo Ph.D. Nurul Hidayah Ab Rahman Ph.D. Helen Ashman Ph.D. 《Journal of forensic sciences》2018,63(3):868-881
Communication apps can be an important source of evidence in a forensic investigation (e.g., in the investigation of a drug trafficking or terrorism case where the communications apps were used by the accused persons during the transactions or planning activities). This study presents the first evidence‐based forensic taxonomy of Windows Phone communication apps, using an existing two‐dimensional Android forensic taxonomy as a baseline. Specifically, 30 Windows Phone communication apps, including Instant Messaging (IM) and Voice over IP (VoIP) apps, are examined. Artifacts extracted using physical acquisition are analyzed, and seven digital evidence objects of forensic interest are identified, namely: Call Log, Chats, Contacts, Locations, Installed Applications, SMSs and User Accounts. Findings from this study would help to facilitate timely and effective forensic investigations involving Windows Phone communication apps. 相似文献
11.
We present a novel approach for the construction and application of cryptographic hashes to user space memory for the purposes of verifying the provenance of code in memory images. Several key aspects of Windows behaviour which influence this process are examined in-depth. Our approach is implemented and evaluated on a selection of malware samples with user space components as well as a collection of common Windows applications. The results demonstrate that our approach is highly effective at reducing the amount of memory requiring manual analysis, highlighting the presence of malicious code in all the malware sampled. 相似文献
12.
血液、脑脊液中尼可刹米的HPLC法分析 总被引:3,自引:0,他引:3
目的建立血液、脑脊液中尼可刹米的HPLC检测方法。方法取空白血液或脑脊液添加不同量的尼可刹米对照液,碱化后用二氯甲烷等有机溶剂提取,用HPLC方法检测。对方法的萃取回收率、线性、精密度等进行考察。结果方法选用二氯甲烷作为萃取溶剂,萃取回收率大于60%。血液中尼可刹米的在0.5~100μg/ml范围内线性良好,R2为0.9993;脑脊液中尼可刹米的线性范围为0.1~100μg/ml,R2为0.9996,最低检出限是5ng(S/N≥3)。检测血液和脑脊液中的尼可刹米方法的精密度均小于6%。结论所建方法准确、简便、灵敏度高,适用于法医毒物分析和临床药物分析。 相似文献
13.
人血浆中尼莫地平气相色谱分析方法 总被引:1,自引:0,他引:1
建立人血液中尼莫地平的气相色谱分析方法 ,扩大药物检测范围及检测手段 ,以适应法医学鉴定的需要。以NaNO2 为氧化剂 ,将尼莫地平完全氧化成其吡啶衍生物 (PA)后用GC ECD进行分析。以标准尼莫地平对方法的线性范围、精密度进行了测试 ;以人血浆标准添加尼莫地平对样品处理方法、回收率进行考察。所建方法的线性范围是 1 2 1~ 2 4 2ng·ml 1(γ =0 9993) ;最低检出限为 1 0mg·ml 1(S/N =3) ;日内与日间的变异系数分别为 (5 77± 2 31) %与 (5 5 3± 0 70 ) % (n =4) ;平均回收率为 91 0 %~ 99 9%。该方法可用于尼莫地平血药浓度监测及法医学鉴定。 相似文献
14.
《Forensic Science International: Genetics Supplement Series》2019,7(1):164-166
The aim of this study is to evaluate the actual use of serological/DNA analyses in the investigations carried out on adult sexual violence victims in Italy during the years 2006–2015.The victims were assisted in the largest Italian rape center, in Milan (Soccorso Violenza Sessuale e Domestica – SVSeD - Service for Sexual and Domestic Violence).The total number of sexual violence victims examined during the years 2006–2015 (adults and minors) was 3521, in 1697 of cases, biological evidence had been collected, while the number of adult victims (>18 y.o.) examined was 2300, in 1211 of cases biological evidence had been collected.Biological evidence was collected from the victims’ bodies using two swabs in five anogenital areas (labia maiora, labia minora, perineum, perianal and anal/rectum regions) and two swabs in all other skin areas suggested by the victims as areas of possible contact (double swab technique). Clothes were also collected on a case by case basis for the search of biological stains. Despite the proper collection, handling and chain of custody for all the swabs/items collected, serological/DNA analyses were requested in 86 cases out of 1211 only (710%). This percentage dropped to 190% when considering adolescent victims (13–19 y.o.).The reason why Italian Magistrates make little use of the powerful tool of DNA analyses in sexual assault cases, still remains unclear. Legal and procedural aspects are therefore also discussed. 相似文献
15.
目的 建立测定单根毛发中吗啡含量的放免方法。方法 用卵清蛋白-琥珀酰吗啡作免疫原,免疫新西兰白兔获得高品质抗血清;HPLC纯化~(125)Ⅰ-吗啡,建立放射免疫方法,测定正常人和吸毒人员单根毛发。结果 抗体亲和常数为3.25×10~(11)L/M,放化纯度为95%,比放射性112μCi/μg;方法的灵敏度为0.01ng/ml。对5例正常人及5例戒毒所吸毒人员的单根毛发进行了检测。单根毛发长度9~24cm,重量为0.7~2.1mg,5例正常人测值为1.75±0.37ng/mg(x±s);5例吸毒人员测值为471±204ng/mg(x±s)。结论 所建方法可准确定量单根毛发中吗啡的含量。 相似文献
16.
固相微萃取-气相色谱质谱法测定血浆中的氯氮平浓度 总被引:1,自引:0,他引:1
目的建立固相微萃取-气相色谱质谱法测定人血浆中氯氮平浓度的方法。方法以固相微萃取法提取血浆中的氯氮平,萃取头为100μm聚二甲基硅氧烷,洛沙平作内标,用气相色谱质谱选择离子法进行检测。结果本文建立的方法在5~2000 ng/ml浓度范围内呈线性关系,检测限为0.1 ng/ml(信噪比>3),低、中、高浓度(100、500、1000 ng/ml)平均相对回收率分别为98.6%、94.6%和94.6%,日内、日间RSD分别小于7.4%和7.1%。结论本文建立的固相微萃取-气相色谱质谱法灵敏度高、准确度好、操作简便,适用于氯氮平急性中毒案件的检测。 相似文献
17.
颌面数字X线片性别判定指标的研究 总被引:1,自引:0,他引:1
目的筛选颌面侧位数字X线片(digital radiology,DR)的骨性定量指标,评估其在法医学性别判定中的应用价值。方法按纳入标准随机抽取颌面DR侧位片220例。对15项骨性指标(S-N,N-Me,Cd-Gn,S-Ns,S-Go(L),S-Gn,Cd-Go(L),SNA,SNB,SN-Npog,SN-MP,Gonial A,SN-RP,SN-NNs,SN-SGn)进行定量测量,采用方差分析方法分析各项指标是否有性别差异,应用逐步判别分析方法筛选出判别力较好的指标、建立判别函数并进行回代检验判别函数。结果200例颌面DR侧位片的15项指标中S-N,N-Me,Cd-Gn,S-Ns,S-Go(L),S-Gn,Cd-Go(L),SN-NNs等8项的性别差异有统计学意义(P<0.001);S-N,Cd-Gn,S-Ns,S-Gn 4项被纳入逐步判别函数。结论颌面DR侧位片中4项骨性指标(S-N,Cd-Gn,S-Ns,S-Gn)可用于性别判定,其判别准确率为95%。 相似文献
18.
人线粒体DNA序列分析在法医学中的应用研究及其进展 总被引:1,自引:0,他引:1
综述人线粒体DNA(m tDNA)序列分析在法医学种属鉴别、个体识别,以及个体年龄推断中的应用研究及其进展,展望对m tDNA异质性的研究及建立人m tDNA数据库,并具有重要的法医学实践意义。 相似文献
19.