| With the development of science and technology,smart phones have become indispensable assistants in people's life,and people rely more and more on smart phones.Android operating system plays a dominant role in all smart devices,so the forensic analysis of Android devices can provide strong evidence for the vast majority of electronic equipment-related crimes.However,the existing Android forensics technology still has many shortcomings.On the one hand,with the internationalization of social activities and the improvement of application security,the traditional forensics tools still lack the breadth of application research,and the research on forensics of encrypted data is progressing slowly.On the other hand,the method of memory extraction also has some disadvantages,such as high restriction conditions and high operation difficulty.With the development of NFC payment,face recognition and unlocking technology,the forensic research of these technologies has lagged behind.In order to overcome the shortcomings of existing research on Application forensics,such as breadth of application forensics,dimension of information acquisition,compatibility and operability,this paper studies overseas applications,password storage and memory extraction from the perspective of application analysis.At the same time,it explores the current NFC payment technology and face recognition unlocking technology.The main work of this paper is as follows:1.The development status of Android system is analyzed,and the significance of forensics for Android devices is expounded.This paper lists the latest research results of Android forensics at home and abroad,and points out the shortcomings of Android forensics research: narrow application scope of domestic forensics tools,single object of forensics,high limitation of memory forensics tools.2.The related technologies of Android application forensics,Android memory extraction and NFC,face recognition technology forensics are studied and analyzed,including: Android system architecture,Android file system,Android Dalvik virtual machine,Android debugging bridge,encryption algorithm of application data and Android reverse engineering.It provides a theoretical basis for the following research.3.32 popular overseas applications are studied and analyzed.A forensic method based on feature analysis is proposed.The DLL files are compiled for each application and integrated into the final forensic software.The results show that this method can obtain chat records,search records,contacts and other types of data in applications.4.This paper studies the application of user password forensics,and proposes a three-stage Forensics Research program,which includes data positioning stage,reverse search stage and decryption verification stage.Using this scheme,the application is analyzed and forensics is obtained.Three kinds of plaintext of application user password are successfully analyzed.Practice proves that this scheme can obtain application user password information accurately and effectively.5.The technology of Android memory extraction is studied,and a process-based memory extraction method is proposed.By extracting memory from multiple applications including instant messaging,browser,netdisk,mailbox and payment,it is found that this method saves nearly 90% of the space compared with the literature method.At the same time,the integrity of data extracted by this method is analyzed theoretically.Compared with the usual memory extraction tools,this method is easy to operate and has high versatility.6.Research and analysis of NFC payment technology,starting from the local application and NFC payment module,and through the analysis of protocols and standards,obtain the uid,transaction amount,transaction date and other information.This paper also analyses the unlocking technology of face recognition,puts forward a method of exploring the face data as a breakthrough point,locates the face data file,and explores the overall structure of the face unlocking program,which paves the way for further forensic research. |
PDF Full Text Request