Font Size: a A A

Research On Communication Data Proactive Forensics Of Mobile Intelligent Devices Based On Protocol Reverse Engineering

Posted on:2016-10-10Degree:MasterType:Thesis
Country:ChinaCandidate:R R GuFull Text:PDF
GTID:2308330503477507Subject:Information and Communication Engineering
Abstract/Summary:
The intelligent mobile terminals have being playing increasing important roles in our daily life thanks to the development of operation system on intelligent mobile terminal, the popularization and covering of high speed wireless network, as well as the explosive growth of the mobile application market. Meanwhile, crimes based on intelligent mobile terminals to steal private data, to conduct frauds, or even to accomplish malicious attacks have flooded all the corners of daily life. Therefore, data forensics from intelligent mobile terminals is of great significance in defending these illegal stuffs. However, the dominant data forensics methods are in passive models, which are concentrating on afterwards forensics by collecting and analyzing the residual information in the intelligent mobile terminals to reflect the criminal facts. These methods ignore the real-time forensics of communication data, making the data less persuading and lowering their legal effects.In this thesis, our research focuses on data forensics from network communication of applications on intelligent mobile terminals. But most of the applications apply private protocols of self-definition without public specification. This makes the data intercepted from network communication cannot be presented as direct evidence. Concerning these problems, we have designed and established a proactive forensics system based on protocol reverse engineering for the communication data on intelligent mobile terminals. And detailed work is listed in the following four parts in this thesis:1. Background research on the current forensics situation of intelligent mobile terminals. We further analyze the existing problems, and propose a proactive forensics scheme for communication data of applications on intelligent mobile terminals.2. Proposal of evidence extraction scheme based on protocol reverse engineering. We first trace and record the instructions about how the application processing network communication data by dynamic data taint technology. Then utilize the recorded information from instructions to analyze taint spreading situation and extract the detailed processing message from communication data. Finally, extract the format of communication data according to the message format analytic strategy. The extracted formats are stored as evidence data.3. Proposal of inferring the communication protocol among applications. This proposal would cluster the messages with similar formats and summarize the general structure of each type of message. Then, infer the state machine of application protocol by inference strategy with the messages observed according to the state machine. Eventually, compare the inferred state machine with state machines of existing protocol in string similar degree algorithm to find the communication protocols of the applications.4. The design and realization of a proactive forensic system for communication data of applications based on Android. The system consists of forensic agent module, evidence analysis module and evidence storage module. Among them, the forensic agent module traces the message processing instruction information of target application. The evidence analysis module reverses the message format, infers the state machine and obtains the application communication protocol by comparing state machine. The evidence storage module can assure a periodic evidence chain by storing the information of message format, state machine and protocol. Finally, we accomplish the communication data forensics of ES file browser and mail app with the designed system.
Keywords/Search Tags:Intelligent mobile terminal, Proactive forensics, Protocol reverse engineering, Communication data
Related items