| Digital forensics, as a means of applying computer technology to extract and analyze digital information as evidence, had been taken seriously since the popularity of personal computer.Nowadays, smart phones have become an essential tool in people’s daily life, and it is endowed with more and more functions with the improvement of its performance. It’s easy to figure out that various types of information closely related to the cell phone holders is stored in the phone, so it is very likely to get a lot of evidence according to mobile phone forensics. In real life, mobile phone forensics can be used as a way of seeking analysis of events, such as many criminal cases, liability judgment of traffic accident, telecommunication fraud cases using mobile phone, and many other business disputes.After the analysis of many critical data, such as contacts, call records, SMS, browser’s history, calendar events, wireless connection history, and Baidu Map’s location history, it is found that such data is stored in the format of SQLite database. According to the detailed analysis of the structure of SQLite, it is found that we can not only extract those records not deleted, but also recover those deleted records by using our self designed algorithms. Considering the diversity of Android applications (more than one browser), it’s necessary for the system to achieve flexibility by designing a server which can do some forensics information configuration. By defining those fields with the meaning of time stamp or URL, some targeted processing and analysis can be accomplished.By analyzing relevant technologies and feasibility of the system, a forensics system based on SQLite is designed. This system implements extraction of the original file, protection of the original evidence, SQLite database record extraction and recovery engine, analysis and retrieve of records, forensics report generation. After several experiments, the designed forensics system can accurately extract and analyze the phone’s critical data, and the results can reflect some historical behaviors of the phone holder to some extent. |
PDF Full Text Request