| In this era of in-depth embracing mobile Internet,smartphones have penetrated into every corner of life and are imperceptibly changing the lifestyles of people.Naturally,the smartphone keeps a lot of traces left by users,and thus it also becomes an important source of evidence which forensic investigators should be pay close attention.The most of attention of traditional smartphone forensics is the built-in memory of smartphone,and the related research focuses on the method of data acquisition,and less in data analysis.However,with the types and quantities of data in the built-in memory of smartphone are increasing,simply listing the extracted data has been unable to meet the reality forensics,and the further in-depth analysis of the data is required.In addition,in order to protect the privacy of user data,the latest version of the mobile application gradually began to encrypt the data in storage system.The data stored in the built-in memory of the smartphone is likely to be encrypted garbled information,and thus the research focus of smartphone forensics should be shifted to the RAM memory of the mobile phone at the right time.According to the above,this thesis mainly studies on Android smartphone forensics analysis methods,the main research content and contribution are as follows:Firstly,this thesis take the built-in memory of Android smartphone as the object of forensics,the method of acquiring and analyzing its storage data is studied,and the association analysis method is used to analyze the singular devices data so that we can mining the hidden rules of user communication behavior that provides clues and basis for further forensic investigation.Secondly,this thesis take the RAM memory of Android smartphone as the object of forensics,the method of acquiring and analyzing its storage data is studied.In addition,this thesis,taking the mainstream mobile phone mailbox application as an example,studies the storage regularity of the residual traces in the RAM after user use the mailbox application.Moreover,the method of forensic analysis which is studied and summarized in this thesis can also be applied to other applications for Android smartphone.Thirdly,this thesis implements a prototype tool for the Android smartphone forensics,namely EmailFinder,which can automatically analyze the image files of the RAM to extract the email-related information,and thus effectively improve the efficiency of forensic investigators. |
PDF Full Text Request