主管:中华人民共和国司法部
主办:司法鉴定科学研究院
ISSN 1671-2072  CN 31-1863/N
Chinese Journal of Forensic Sciences

Chinese Journal of Forensic Sciences ›› 2024 ›› Issue (4): 60-64.DOI: 10.3969/j.issn.1671-2072.2024.04.008

• Forensic Science • Previous Articles     Next Articles

Exploring the Authenticity Analysis of Android Instant Messaging Applications Records in Forensic Practice

TIAN Ye, LI Zhijun, GUO Hong, LI Yan, YANG Kai, MAO Xiao   

  1. Shanghai Key Laboratory of Forensic Medicine, Key Laboratory of Forensic Science, Ministry of Justice, Shanghai Forensic Service Platform, Academy of Forensic Science, Shanghai 200063, China
  • Received:2023-07-17 Published:2024-07-15 Online:2024-07-16

司法鉴定实践中基于Android即时通讯记录的真实性实例分析探究

田  野,李致君,郭  弘,李  岩,杨  恺,毛  晓   

  1. 司法鉴定科学研究院 上海市司法鉴定专业技术服务平台 司法部司法鉴定重点实验室,上海 200063
  • 作者简介:田野(1988—),女,助理研究员,博士,主要从事电子数据鉴定、声像资料鉴定研究。E-mail:tiany@ssfjd.cn
  • 基金资助:
    科研院所公益研究专项(GY2023G-5,GY2022G-7);上海市司法鉴定专业技术服务平台资助项目。

PDF

Abstract: Objective Instant messaging applications provide convenient services, such as WeChat, QQ, and DingTalk, but their nature also made them a potential target by cyber criminals to conduct malicious activities. As a result, instant messaging records have become an important source of evidence in cyber investigation cases. However, research on the authenticity of instant messaging applications records is relatively scarce, which may make them lose credibility. Therefore, a method for the analysis of the authenticity of android instant messaging applications records is quite essential. Methods In combined with forensic practice, we performed a more in-depth analysis of the storage structure of instant communication records, such as the storage paths and formats of text messages, images, videos, and other data types in the device, to reveal their internal data management and storage mechanisms. Meanwhile, the authenticity of instant communication records was further explored in terms of data characteristics such as timestamps, contents of sent/received messages, and logical rationality. Results Through the study of authenticity forensics cases of Android instant messaging records, the method explored in this paper can effectively identify the tampering traces that exist in instant messaging records. Conclusion The research of related authentication techniques has theoretical research significance and practical application value. The research can provide important references for researchers engaged in digital forensics.

Key words: digital forensics, instant messaging records examination, authenticity analysis

摘要: 目的 即时通讯应用程序(如微信、QQ和钉钉)提供便捷服务的同时,也因其特性而使其成为网络犯罪分子进行恶意活动的潜在目标。因此,即时通讯记录成为网络调查案件的重要证据来源。然而,目前针对即时通讯记录真实性的研究相对匮乏,这可能会使其在司法实践中失去公信力。方法 结合司法鉴定工作实务,对即时通讯记录的存储结构进行分析,如文本信息、图片、视频等多种数据类型在设备中的存储路径和格式,揭示其内在的数据组织和存储机制。同时,结合数据特征,如时间戳、发送/接收的信息内容以及逻辑合理性等方面,进一步对即时通讯记录的真实性进行探究。结果 从基于Android即时通讯记录真实性司法鉴定实例研究出发,所探讨的方法能够有效鉴别即时通讯记录存在窜改痕迹。结论 相关鉴定技术的研究对通讯记录的真实性鉴定具有重要的理论研究意义和实践应用价值,有助于为从事数字取证的研究人员提供重要参考。

关键词: 电子数据鉴定, 即时通讯记录鉴定, 真实性分析

CLC Number: