基于iPhone的数据提取与恢复研究
发布时间:2018-11-12 14:53
【摘要】:随着移动互联网的发展,移动智能终端市场的竞争日益加剧。在中高端智能手机市场中,以iOS为操作系统的iPhone广受用户欢迎。移动智能终端类似于个人电脑,可以下载功能丰富的第三方应用程序,逐渐成为了人们工作、生活中的必备工具。iPhone中存储着大量用户数据,在移动互联网的数字犯罪中成为了案件证据采集中的一个重要的数据来源,这些数据信息往往能够为案件侦破提供线索,因此iPhone取证成为目前电子取证领域新的研究方向和热点。虽然目前国外市场上出现了种类较多的支持iPhone取证的智能终端取证软件,但是大多价格昂贵,且购买流程复杂,有些需要司法认证才能购买。从功能角度上分析,大多国外的取证软件对于第三方应用程序支持有限,主要局限于Twitter, Facebook, Skype等国外比较流行的软件,国内几乎没有用户使用这些软件。而国内智能终端取证研究起步较晚,传统的手机取证工具也不能支持目前热门的第三方应用程序分析。所以对iPhone中的热门应用程序数据进行提取和恢复是很有必要的。本文在讨论研究iPhone取证必要性以及取证技术的基础上,探讨了iPhone热点应用程序数据提取和恢复的关键问题,包括对备份数据、手机内存中的数据进行提取和镜像的方法,以及对已删除数据进行恢复的方法等等。重点以微博、微信、手机QQ等热点应用程序为例进行了应用程序痕迹记录解析,分析了应用程序目录下的重点文件以及数据库文件的重点存储表,对聊天记录、语音文件等进行了解析。并且通过SQLite底层结构分析方法,定位已删除数据偏移地址,提取删除数据,以手机QQ聊天记录为例,实现了应用程序中已删除数据的恢复。
[Abstract]:With the development of mobile Internet, the competition of mobile intelligent terminal market is becoming more and more serious. In the mid-high-end smartphone market, iPhone with iOS as the operating system is popular with users. Mobile smart terminals, similar to personal computers, can download rich third-party applications, and have gradually become an essential tool for people to work and live. IPhone stores a lot of user data. Digital crime on the mobile Internet has become an important data source in case evidence collection, which can often provide clues for case detection. Therefore, iPhone forensics has become a new research direction and hot spot in the field of electronic forensics. Although there are many kinds of intelligent terminal forensics software supporting iPhone forensics in foreign markets, most of them are expensive, and the process of purchase is complicated, some of them need judicial authentication to buy. From a functional point of view, most of the foreign forensics software for third-party applications support is limited, mainly limited to Twitter, Facebook, Skype and other popular foreign software, almost no domestic users use these software. But the domestic intelligent terminal forensics research started late, the traditional mobile phone forensics tools can not support the current hot third-party application analysis. So it is necessary to extract and recover the hot application data in iPhone. On the basis of discussing the necessity and technology of iPhone forensics, this paper discusses the key problems of data extraction and recovery in iPhone hot application program, including the methods of extracting and mirroring the backup data and the data in the memory of mobile phone. And the deleted data recovery methods and so on. Focus on Weibo, WeChat, Mobile QQ and other hot applications for example application trace record analysis, analysis of the application directory and database files of the key storage table, chat records, The voice file is analyzed. Through the method of SQLite bottom structure analysis, the deleted data offset address is located, and the deleted data is extracted. Taking Mobile QQ chat record as an example, the recovery of deleted data in the application program is realized.
【学位授予单位】:武汉邮电科学研究院
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN929.53
本文编号:2327431
[Abstract]:With the development of mobile Internet, the competition of mobile intelligent terminal market is becoming more and more serious. In the mid-high-end smartphone market, iPhone with iOS as the operating system is popular with users. Mobile smart terminals, similar to personal computers, can download rich third-party applications, and have gradually become an essential tool for people to work and live. IPhone stores a lot of user data. Digital crime on the mobile Internet has become an important data source in case evidence collection, which can often provide clues for case detection. Therefore, iPhone forensics has become a new research direction and hot spot in the field of electronic forensics. Although there are many kinds of intelligent terminal forensics software supporting iPhone forensics in foreign markets, most of them are expensive, and the process of purchase is complicated, some of them need judicial authentication to buy. From a functional point of view, most of the foreign forensics software for third-party applications support is limited, mainly limited to Twitter, Facebook, Skype and other popular foreign software, almost no domestic users use these software. But the domestic intelligent terminal forensics research started late, the traditional mobile phone forensics tools can not support the current hot third-party application analysis. So it is necessary to extract and recover the hot application data in iPhone. On the basis of discussing the necessity and technology of iPhone forensics, this paper discusses the key problems of data extraction and recovery in iPhone hot application program, including the methods of extracting and mirroring the backup data and the data in the memory of mobile phone. And the deleted data recovery methods and so on. Focus on Weibo, WeChat, Mobile QQ and other hot applications for example application trace record analysis, analysis of the application directory and database files of the key storage table, chat records, The voice file is analyzed. Through the method of SQLite bottom structure analysis, the deleted data offset address is located, and the deleted data is extracted. Taking Mobile QQ chat record as an example, the recovery of deleted data in the application program is realized.
【学位授予单位】:武汉邮电科学研究院
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN929.53
【参考文献】
中国期刊全文数据库 前1条
1 吴叶科;宋如顺;陈波;;基于手机的取证调查模型研究[J];计算机时代;2010年12期
,本文编号:2327431
本文链接:https://www.wllwen.com/kejilunwen/wltx/2327431.html
