摘要
作为一种新兴的智能手机,Android手机发展势头极为迅猛,并越来越多的受到人们的关注。通过对Android智能手机的取证研究,在介绍了Android手机的基本工作原理后,详细描述了取证方式。通过Android SDK工具对手机内外置存储进行镜像备份,逻辑分析利用文件系统分析,查找每个应用程序自带的数据库文件来获得有价值信息,物理分析通过对内存镜像进行数据恢复以寻找删除的文件,两者互相结合。结果表明,能够从Android手机中有效寻找到潜在证据。
With the emergence of smart phones, Android maintains a fantastic development. This paper studies how to acquire digital evidence on Android-based cell phones. After introducing the fundamental principles of Android, the method of digital evidence investigation on Android-based cell phones are described in detail. With the tools provided by Android SDK, data mirroring of cell phones memory can be easily done. Then the logical acquisition and physical acquisition are combined to obtain valuable information, where the logical acquisition examines the information from some critical applications' local databases under the Android file system and the physical acquisition recovers the deleted sensitive information from mirroring files. The experiment showes the effectiveness of this forensics approach.
出处
《中国司法鉴定》
2012年第1期45-49,共5页
Chinese Journal of Forensic Sciences
