本文介绍了对Android 手机物理内存镜像进行关键字搜索获取删除短信数据的案件检验实例。本案中嫌
Android 手机检验中删除短信检验提供了一种新的方法。-This paper introduces a digital forensic examination on storage dump an Android smart phone to access
the deleted SMS data. The SMS data had been deleted by the suspect the Android smart phone. Part of the deleted SMS
data could be recovered using DC-4500 mobile phone forensic system and Oxygen Forensic Suite 2014, but proved to be
irrelevant to the case. Commonly, the above software can only analyze the SMS file, thus the deleted data would no
longer exist in the SMS if the sqlite had already recycled the storage space. Therefore, a new inspection
method was deployed to access the deleted SMS data. At first, the Android phone was rooted and its hex-dump got with DC-
4500 mobile phone forensic system, and then some keywords were selected and searched through the hex-dump by X-Way
Forensics. Subjected to further analysis, the evidentially deleted SMS data fragment that the suspects tried to destroy after
committing their crime, was finally found in the free space of hex-dum
