CAJ | 학술논문

随着移动通信技术的发展和应用的推广，手机犯罪成为新的犯罪趋势，手机取证是打击该类犯罪的一个有效手段。直接调用API方法不能恢复Android手机数据，现有方法存在无法恢复删除数据部分被覆盖的问题。为此，通过分析Android系统SQLite数据库的文件结构和数据记录的寻址方式，提出一种Android系统删除数据恢复方法，即探测估算预提取数据所在表的每个Type字段，提取恢复删除数据，结合尽最大努力恢复方法，针对删除数据部分被覆盖的情况，讨论其恢复的可能性并进行获取。在Android手机模拟器上进行验证，结果表明，该方法能成功恢复删除数据，与传统方法相比，在不影响信息提取精确度的前提下，提高了删除数据的恢复率。
수착이동통신기술적발전화응용적추엄，수궤범죄성위신적범죄추세，수궤취증시타격해류범죄적일개유효수단。직접조용API방법불능회복Android수궤수거，현유방법존재무법회복산제수거부분피복개적문제。위차，통과분석Android계통SQLite수거고적문건결구화수거기록적심지방식，제출일충Android계통산제수거회복방법，즉탐측고산예제취수거소재표적매개Type자단，제취회복산제수거，결합진최대노력회복방법，침대산제수거부분피복개적정황，토론기회복적가능성병진행획취。재Android수궤모의기상진행험증，결과표명，해방법능성공회복산제수거，여전통방법상비，재불영향신식제취정학도적전제하，제고료산제수거적회복솔。
With the development and the wide application of mobile communication technology, mobile phone crimes become a new trend,and mobile phone forensics is an effective means to crack down on mobile phone crimes. In view of the problems that the traditional method calling API directly cannot restore the data of Android mobile phone and existing methods cannot restore the deleted data that section covered,through deep analysis of Android SQLite database file structure and the addressing mode of data record,the method that detects and estimates each Type field in the table is proposed. This method uses extraction recovery to process deleted data,combines“restore method with best effort” to discuss the recovery possibility of the deleted data that part covered,and obtains the deleted data. This method is carried out on the Android emulator. Experimental result shows that this method can restore deleted data successfully,and compared with traditional algorithm,it improves the recovery rate of deleted data with no affection of the information extraction accuracy.