Research And Realization Of Android System Simulation And Memory Forensics

The rapid development of network and information technology,the widespread popularity of smart phones make people enter the mobile Internet era.Intelligent terminals play an increasingly important role in people's lives.On the other hand,Android system has become the highest market share of mobile-side operating system,downloads and the frequency use of application on Android platform are also increasing.With the popularity of Android,the related crimes and various types of disputes continue to increase.Therefore,the demand for forensic research on the Android has become increasingly strong.In addition,judicial authorities also need to analyze mobile intelligent terminal of the potential suspec in the case detection.However,there are still many deficiencies in commonality,compatibility and efficiency for the forensics research of Android smart device.In this thesis,we put solving the deficiencies in commonality,compatibility and efficiency of the existing Android forensics solution as the start point.We deeply researched the Android simulation technology and memory forensics technology,designed and implemented Android simulation system and Android memory forensics system.The main works are as follows:1.Analyzed the development of Android system,explouded the significance of the research of Android forensics,listed the domestic and foreign latest research results on Android forensics by summarizing the domestic and foreign literatures,pointed out the shortcomings of the current research results,including:bad commonality of forensics method,poor compatibility of forensics system,low efficiency of memory forensics technology.2.Did research on related technology about Android system simulation technology and Android memory forensics technology,including:Android system architecture,Android file system and application storage,Android system property system,SDK development kit,Android process and process memory space,the access and read of Android process and process memory space,commonly used character encoding of memory information.Laid the foundation for further research3.Did research on Android simulation technology,designed a forensic scheme based on Android simulation technology,implemented a set of Android simulation system.The core functions of the system includes:simulation data extraction and preprocessing,simulator source code modification and compilation,system information and application restore.The implemented system can restore the short message,the contact,the call record and the application program on the target device.The test results show that the application success rate of 26 sample applications is 84.6%and the system is compatible with the latest version of the Android operating system.4.Studied Android memory forensic technology,presented an Android memory forensics scheme based on process extraction and implemented a set of Android memory forensics system.The core modules of the system include:memory memory extraction module and memory analysis module.The system realized the analysis of NetEase mailbox master,momo,WeChat based.The valuable evidence was extracted from each memory image under different circumstances.The memory extraction test results showed that the memory size of the method proposed in this paper wasless than 4%of the original method.