摘要
公安机关在对iOS设备进行分析取证时,为保护电子证据的完整性、真实性和原始性,通常对iTunes备份文件进行分析取证。为此,针对如何解析iTunes备份文件进行了详细的技术研究,分析了备份文件的结构和索引文件Manifest.mbdb中目录项结构,进而提出解析iTunes备份文件的技术方法,并且在此基础上开发了一款软件程序并实现了对iTunes备份文件的数据还原。
While analyzing forensics of iOS equipment, public security organs always analyze forensics of iTunes backup files to protect integrity, authenticity and primitiveness of electronic evidences. We made detailed technical research about how to analyze iTunes backup files, analyzed structure of backup files and structure of catalogue in index file Manifest. mbdb, and proposed technical method to analyze iTunes backup file. Based on the above, we developed software and realized data recovery of iTunes backup files.
出处
《浙江科技学院学报》
CAS
2016年第5期367-372,共6页
Journal of Zhejiang University of Science and Technology
