| Android智能手机的取证 |
| |
| 引用本文: | 姚伟,沙晶.Android智能手机的取证[J].中国司法鉴定,2012(1):45-49. |
| |
| 作者姓名: | 姚伟 沙晶 |
| |
| 作者单位: | 1. 公安部第三研究所上海201204
2. 公安部第三研究所上海201204;上海辰星电子数据司法鉴定中心 上海201204 |
| |
| 摘 要: | 作为一种新兴的智能手机,Android手机发展势头极为迅猛,并越来越多的受到人们的关注。通过对Android智能手机的取证研究,在介绍了Android手机的基本工作原理后,详细描述了取证方式。通过Android SDK工具对手机内外置存储进行镜像备份,逻辑分析利用文件系统分析,查找每个应用程序自带的数据库文件来获得有价值信息,物理分析通过对内存镜像进行数据恢复以寻找删除的文件,两者互相结合。结果表明,能够从Android手机中有效寻找到潜在证据。
|
| 关 键 词: | Android智能手机 手机取证 AndroidSDK 镜像备份 |
Digital Evidence Investigation on Android Smart Phone |
| |
| YAO Wei
,
SHA Jing.Digital Evidence Investigation on Android Smart Phone[J].Chinese Journal of Forensic Sciences,2012(1):45-49. |
| |
| Authors: | YAO Wei SHA Jing |
| |
| Institution: | 1,2 (1.The Third Institute,Ministry of Public Security,Shanghai 201204,China; 2.Shanghai Stars Digital Forensic Center,Shanghai 201204,China) |
| |
| Abstract: | With the emergence of smart phones,Android maintains a fantastic development.This paper studies how to acquire digital evidence on Android-based cell phones.After introducing the fundamental principles of Android,the method of digital evidence investigation on Android-based cell phones are described in detail.With the tools provided by Android SDK,data mirroring of cell phones memory can be easily done.Then the logical acquisition and physical acquisition are combined to obtain valuable information,where the logical acquisition examines the information from some critical applications’ local databases under the Android file system and the physical acquisition recovers the deleted sensitive information from mirroring files.The experiment showes the effectiveness of this forensics approach. |
| |
| Keywords: | Android smart phone digital evidence investigation on cell phone Android SDK data mirroring |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
