主管:中华人民共和国司法部
主办:司法鉴定科学研究院
ISSN 1671-2072  CN 31-1863/N
中国司法鉴定

中国司法鉴定 ›› 2012 ›› Issue (1): 45-49.

• • 上一篇    下一篇

Android智能手机的取证

姚 伟1,沙 晶1,2   

  1. 1.公安部第三研究所 上海 201204; 2.上海辰星电子数据司法鉴定中心 上海 201204
  • 收稿日期:2011-03-31 出版日期:2012-01-15 发布日期:2022-07-12
  • 作者简介:姚伟(1984-),男,研究实习员,硕士,主要从事计算机安全、Linux内核和Android手机开发的研究工作。

Digital Evidence Investigation on Android Smart Phone

YAO Wei1, SHA Jing1, 2   

  1. 1. The Third Institute, Ministry of Public Security, Shanghai 201204, China; 2. Shanghai Stars Digital Forensic Center, Shanghai 201204, China
  • Received:2011-03-31 Published:2012-01-15 Online:2022-07-12

PDF

被引次数

50

摘要:

作为一种新兴的智能手机,Android手机发展势头极为迅猛,并越来越多的受到人们的关注。通过对Android智能手机的取证研究,在介绍了Android手机的基本工作原理后,详细描述了取证方式。通过Android SDK工具对手机内外置存储进行镜像备份,逻辑分析利用文件系统分析,查找每个应用程序自带的数据库文件来获得有价值信息,物理分析通过对内存镜像进行数据恢复以寻找删除的文件,两者互相结合。结果表明,能够从Android手机中有效寻找到潜在证据。

关键词: Android智能手机, 手机取证, Android SDK, 镜像备份

Abstract:

With the emergence of smart phones, Android maintains a fantastic development. This paper studies how to acquire digital evidence on Android-based cell phones. After introducing the fundamental principles of Android, the method of digital evidence investigation on Android-based cell phones are described in detail. With the tools provided by Android SDK, data mirroring of cell phones memory can be easily done. Then the logical acquisition and physical acquisition are combined to obtain valuable information, where the logical acquisition examines the information from some critical applications’ local databases under the Android file system and the physical acquisition recovers the deleted sensitive information from mirroring files. The experiment showes the effectiveness of this forensics approach.

Key words: Android smart phone, digital evidence investigation on cell phone, Android SDK, data mirroring

中图分类号: