| With the rapid development of communication technology,smart mobile devices have become one of the main communication tools.It gradually replaces the computer as an important medium for storing,processing and disseminating in the information age.However,the popularity of smart mobile devices has caused many new types of criminal activities,such as mobile payment fraud,dissemination of obscene information and virus software.These have brought new challenges to judicial work,and require one extract evidences from mobile device.As a result,mobile digital forensics technology has been developed,and has become a new research hotspot in the field of information security.This paper considering the four aspects of protection,acquisition,inspection and analysis,following the guiding principles of digital forensics,focusing on three themes of data acquisition,data analysis and data reporting,has designed a mobile digital forensics system based on Windows platform.This paper firstly introduces the background of project and the research status at home and abroad,then expounds the purpose and significance of study.Secondly,the basic knowledge and technology are introduced,including framework of Android OS,introduction of ADB,knowledge of Root,file system and data recovery.Then,overall framework,system functions and development environment are put forward.After this,this paper designs the core modules involving Android physical acquisition and file system analysis.For Android physical acquisition,after considering the differences between kinds of technology,this paper designed two acquisition engines including Root-based and Recovery-based,giving consideration to both MTD partition and MMC partition.For file system analysis,specially file system on Android system,after deeply learning the basic knowledge of Ext4 file system,the scheme of file system analysis is put forward,and the analysis and search engine is also carried out.After exploring the possibility of data recovery when application is uninstalled from Android device,this paper advance a data recovery method based on hash value matching of journal.The mobile digital forensics system is composed of three components,mobile data acquisition,mobile data analysis and cloud part.They work together to complete the protection,acquisition,inspection and analysis,reporting.The system provides users with a stable,full-featured,simple interaction Windows-based system,and cover the shortage of demestic similar forensics products.It also provides the judiciary a more efficient means of detection by scientific acquisition,protection,analysis and digital evidence presentation. |
PDF Full Text Request