信阳师范学院学报(自然科学版)
信暘師範學院學報(自然科學版)
신양사범학원학보(자연과학판)
JOURNAL OF XINYANG NORMAL UNIVERSITY(NATURAL SCIENCE EDITION)
2014年
4期
581-584
,共4页
程丽%蒋琳%何孟飞
程麗%蔣琳%何孟飛
정려%장림%하맹비
手机取证%山寨手机%NAND Flash%通话记录%网页记录
手機取證%山寨手機%NAND Flash%通話記錄%網頁記錄
수궤취증%산채수궤%NAND Flash%통화기록%망혈기록
mobile forensics%pirated phone%NAND Flash%call record%Web history
针对基于MTK平台和NAND Flash的山寨手机进行了手机取证技术研究,通过逆向工程解析了手机中关键数字证据(通话记录与网页浏览记录)的物理层数据格式,进一步研究复杂操作下这两种关键数字证据在山寨手机中的存储管理机制和取证技术。对于被删除的数据记录,可以通过对底层二进制数据的详细分析进行检测,并依据数据存储特征进行恢复。
針對基于MTK平檯和NAND Flash的山寨手機進行瞭手機取證技術研究,通過逆嚮工程解析瞭手機中關鍵數字證據(通話記錄與網頁瀏覽記錄)的物理層數據格式,進一步研究複雜操作下這兩種關鍵數字證據在山寨手機中的存儲管理機製和取證技術。對于被刪除的數據記錄,可以通過對底層二進製數據的詳細分析進行檢測,併依據數據存儲特徵進行恢複。
침대기우MTK평태화NAND Flash적산채수궤진행료수궤취증기술연구,통과역향공정해석료수궤중관건수자증거(통화기록여망혈류람기록)적물리층수거격식,진일보연구복잡조작하저량충관건수자증거재산채수궤중적존저관리궤제화취증기술。대우피산제적수거기록,가이통과대저층이진제수거적상세분석진행검측,병의거수거존저특정진행회복。
MTK-based pirated phone with NAND flash was analyzed and the related forensics techniques were studied. The physical storage format of two key digital evidences ( call record and web history) in pirated phone was analyzed and parsed using reverse engineering. Based on this, the storage mechanism and forensics techniques for the two digital evidences with complicated operations were studied. The results showed that purposely deleting operation could be detected by analyzing low-level binary image. Furthermore, some of the records could be successfully re-trieved.
