| 面向MTK山寨手机的电子证据分析与取证 |
| |
| 引用本文: | 程丽,蒋琳,何孟飞.面向MTK山寨手机的电子证据分析与取证[J].信阳师范学院学报(自然科学版),2014(4):581-584. |
| |
| 作者姓名: | 程丽 蒋琳 何孟飞 |
| |
| 作者单位: | 1. 河南师范大学 现代教育技术中心,河南 新乡,453007
2. 哈尔滨工业大学 深圳研究生院,广东 深圳,518055 |
| |
| 基金项目: | 河南省软科学研究计划项目(112400450460);河南省教育厅自然科学研究计划项目 |
| |
| 摘 要: | 针对基于MTK平台和NAND Flash的山寨手机进行了手机取证技术研究,通过逆向工程解析了手机中关键数字证据(通话记录与网页浏览记录)的物理层数据格式,进一步研究复杂操作下这两种关键数字证据在山寨手机中的存储管理机制和取证技术.对于被删除的数据记录,可以通过对底层二进制数据的详细分析进行检测,并依据数据存储特征进行恢复.
|
| 关 键 词: | 手机取证 山寨手机 NAND Flash 通话记录 网页记录 |
Digital Investigation and Forensics on MTK-based Pirated Phone |
| |
| Cheng Li,Jiang Lin,He Mengfei.Digital Investigation and Forensics on MTK-based Pirated Phone[J].Journal of Xinyang Teachers College(Natural Science Edition),2014(4):581-584. |
| |
| Authors: | Cheng Li Jiang Lin He Mengfei |
| |
| Institution: | Cheng Li;Jiang Lin;He Mengfei;Modern Educational Technology Center,Henan Normal University;Shenzhen Graduate School,Harbin Institute of Technology; |
| |
| Abstract: | MTK-based pirated phone with NAND flash was analyzed and the related forensics techniques were studied. The physical storage format of two key digital evidences(call record and web history) in pirated phone was analyzed and parsed using reverse engineering. Based on this,the storage mechanism and forensics techniques for the two digital evidences with complicated operations were studied. The results showed that purposely deleting operation could be detected by analyzing low-level binary image. Furthermore,some of the records could be successfully retrieved. |
| |
| Keywords: | mobile forensics pirated phone NAND Flash call record Web history |
| 本文献已被 CNKI 万方数据 等数据库收录! |
