文件名称:Extracting-the-Deleted-SMS
介绍说明--下载内容均来自于网络,请自行研究使用
本文介绍了对Android 手机物理内存镜像进行关键字搜索获取删除短信数据的案件检验实例。本案中嫌
疑人已对涉案手机进行了数据删除操作,现有手机取证工具只能获取部分删除短信数据。但通过获取该手机物
理存储镜像,并结合案情选定关键词对镜像进行关键字搜索,最终提取到了与案件相关的删除短信数据,为
Android 手机检验中删除短信检验提供了一种新的方法。-This paper introduces a digital forensic examination on storage dump an Android smart phone to access
the deleted SMS data. The SMS data had been deleted by the suspect the Android smart phone. Part of the deleted SMS
data could be recovered using DC-4500 mobile phone forensic system and Oxygen Forensic Suite 2014, but proved to be
irrelevant to the case. Commonly, the above software can only analyze the SMS file, thus the deleted data would no
longer exist in the SMS if the sqlite had already recycled the storage space. Therefore, a new inspection
method was deployed to access the deleted SMS data. At first, the Android phone was rooted and its hex-dump got with DC-
4500 mobile phone forensic system, and then some keywords were selected and searched through the hex-dump by X-Way
Forensics. Subjected to further analysis, the evidentially deleted SMS data fragment that the suspects tried to destroy after
committing their crime, was finally found in the free space of hex-dum
疑人已对涉案手机进行了数据删除操作,现有手机取证工具只能获取部分删除短信数据。但通过获取该手机物
理存储镜像,并结合案情选定关键词对镜像进行关键字搜索,最终提取到了与案件相关的删除短信数据,为
Android 手机检验中删除短信检验提供了一种新的方法。-This paper introduces a digital forensic examination on storage dump an Android smart phone to access
the deleted SMS data. The SMS data had been deleted by the suspect the Android smart phone. Part of the deleted SMS
data could be recovered using DC-4500 mobile phone forensic system and Oxygen Forensic Suite 2014, but proved to be
irrelevant to the case. Commonly, the above software can only analyze the SMS file, thus the deleted data would no
longer exist in the SMS if the sqlite had already recycled the storage space. Therefore, a new inspection
method was deployed to access the deleted SMS data. At first, the Android phone was rooted and its hex-dump got with DC-
4500 mobile phone forensic system, and then some keywords were selected and searched through the hex-dump by X-Way
Forensics. Subjected to further analysis, the evidentially deleted SMS data fragment that the suspects tried to destroy after
committing their crime, was finally found in the free space of hex-dum
(系统自动生成,下载前可以参看下载内容)
下载文件列表
Android智能手机中删除短信的提取.pdf