Research On Key Technologys Of Dynamic Forensics For Android Handsets

During the criminal investigation or judicial decision process, we often need to carry out a detailed forensic work, how to completely extracted raw data which used as evidence in judicial has a very important significance.The contents of the research and implementation in this paper include:(1) Through the analysis of the characteristics of the Android system, and combined with the requirements of the invasive forensics technology and the characteristics of the extracted evidence. Designed and implemented an application for intrusive evidence in Android, which uses the way of binding and implanting, and realizes the concealment and automation in the injection. When injected into the handsets that to be conducted evidence collection, realized the file for evidence pass back and extraction of user's data in Android handsets by the way of instruction intercept analysis.(2) Analyzed the network communication type of android and the network traffic data generated by network interactive access of Android. On the basis of the above analysis, this paper proposes and designs a non intrusive dynamic forensics system for Android terminal traffic. And use a non intrusive method to get the traffic data through the platform. Designed and implemented of the various modules to meet the needs of forensics investigators.(3) The decision tree algorithm is studied in this paper, and optimized for the Android handsets traffic non intrusive forensics system. In this paper, a large number of traffic which is extracted by the non intrusive forensic technology is studied, and selected and extracted the feature vectors which are needed to build the decision tree model.(4) Designed and validated the classification performance of the decision tree model based on Android handsets traffic automatic classification and recognition of the classification results of the design and validation of the design. The experimental results show that the method in dynamic forensics analysis of android traffic has higher identification accuracy. The method studied in this paper has a low false rate, and more stable, has ability to meet the needs of forensics investigators to dynamic forensic the android traffic data.