期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向手机取证的细粒度数据完整性检验方法 被引量:3

Fine-grained data integrity check methods for cell phone forensics
下载PDF
导出
摘要 手机取证过程中的多种动态性因素都会导致前后两次内存镜像不一致,从而影响获取证据的真实性和可采性。分析了手机内存中的数据变化规律,引入细粒度完整性检验方法对手机内存镜像中的数据对象按照细粒度分别进行完整性检验。结合各种案例选取不同数据对象作为证据的需求,将手机内存镜像数据划分为不同粒度的数据对象。该方法可以有效地隔离不同数据对象,使得在内存镜像变化难以避免的情况下,验证了取证镜像过程的可靠性,证明目标数据对象的完整性,从而保证作为证据的数据对象能够被法庭接受。 A variety of the dynamic factors in mobile phone forensics process can lead to inconsistencies in the back-to-back memory image, thus affecting the authenticity and admissibility of the evidence. The data variation in the phone memory is analyzed, according with the introduction of fine-grained method and the integrity of the data in the phone memory image objects is tested separately by fine-grained. Combining with different cases, select different data objects as evidence demand, and divide the phone memory image data into data objects of different size. This method can effectively isolate the different data objects, in the case of inevitable changes in memory image, verify the reliability of forensic image process and prove the integrity of the target data objects, thus ensuring data objects as evidence can be accepted by courts.
作者 赵亚杰 陈龙
机构地区 重庆邮电大学计算机取证研究所
出处 《计算机工程与设计》 CSCD 北大核心 2012年第11期4091-4094,4148,共5页 Computer Engineering and Design
基金 重庆市教委科学技术研究基金项目(KJ110505) 重庆市科技攻关计划基金项目(CSTC 2011AC2155)
关键词 手机取证 内存取证 HASH 数据对象 完整性检验 mobile phone forensics memory forensics Hash data objects integrity check
分类号 TP309.2 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1Me G, Rossi M. Internal forensic acquisition for mobile equip-ments [C]. IEEE International Symposium on Parallel and Distributed Processing, 2008.
  • 2Wayne Jansen, Rick Ayers. Guidelines on cell phone forensics [EB/OL]. http: //csrc. nist. gov/publications/nistpubs/800- 101/SP800-101. PDF, 2007.
  • 3Paul Owen, Paula Thomas, Duncan Mcphee. An analysis of the digital forensic examination of mobile phones [C]. Inf Security Res Group, Univ of Glamorgan, Pontypridd, UK: Fourth International Conference on Next Generation Mobile Applications, Services and Technologies, 2010: 25-29.
  • 4The Common Digital Evidence Storage Format Working Group. Standardizing digital evidence storage [J]. Communication of the ACM, 2006, 49 (2), 67-68.
  • 5陈龙,王国胤.一种细粒度数据完整性检验方法[J].软件学报,2009,20(4):902-909. 被引量:16
  • 6Shira Danker, Rick Ayers, Richard P Mislan. Hashing techniques for mobile device forensics [J]. Small Scale Digital Device ForensicsJournal, 2009, 6 (3): 1-6.
  • 7Alessandro Distefano, Antonio Grillo, Alessandro Lentini, et al. Mobile forensics data integrity assessment by event monitoring [J]. Small Scale Digital Device Forensics Journal, 2010, 4 (1): 1-7. http://www. ssddfj.org/papers/SSDDFJ.
  • 8Verma R K, Tomar D S, Rathore S K. Extraction and Verifi cation of Mobile Message Integrity [C]. Katra, Jammu: International Conference on Communication Systems and Network Technologies, 2011: 49-53.
  • 9Amjad Zareen. Mobile phone forensics: Challenges, analysis and tools classification [C]. Centre for Adv Studies in Eng. Islamabad, Pakistan.. Fifth IEEE International Workshop on Systematie Approaehes to Digital Forensic Engineering, 2010: 47-55.
  • 10Saleem S, Popov O, Dahman R. Evaluation of security methods for ensuring the integrity of digital evidence [C]. Digital Scene Investig Lab, Stockholm Univ. Kista, Sweden: International Conference on Innovations in Information Technology, 2011: 220-225.

二级参考文献2

共引文献15

同被引文献27

  • 1Paul M C.Forensic Analysis of Mobile Phones[D].Adelaide,Australia:University of South Australia,2005.
  • 2Svein W.Forensic Analysis of Mobile Phone Internal Memory[J].Advances in Digital Forensics,2006,(194):191-204.
  • 3Marcel B,Coert K.Forensic Data Recovery from Flash Memory[J].Small Scale Digital Device Forensics Journal,2007,1(1):1-17.
  • 4Jonkers K.The Forensic use of Mobile Phone Flasher Boxes[J].Digital Investigation,2010,(6):168-178.
  • 5Jansen W,Ayers R.Guidelines on Cell Phone Forensic:Recommendations of the National Institute of Standards and Technology[EB/OL].[2013-09-20].http://www.docin.com/p-437911651.html.
  • 6Pereira M T.Forensic Analysis of the Firefox31nternet History and Recovery of Deleted SQLite records[J].Digit Investigation,2009,5(3):93-103.
  • 7Jeon S,Bang J,Byun K.A Recovery Method of Deleted Record for SQLite Database[J].Pers Ubiquit Computer,2012,16(6):707-715.
  • 8Hipp D R.The SQLite Database File Format[EB/OL].(2013-05-30).http://www.sqlite.org/fileformat.html.
  • 9Owens M.The Definitive Guide to SQLite[M].New York,USA:Springer-Verlag,2006.
  • 10Judd,Robbins. An explanation of computer forensics[EB/OL].http://www.computerforensics.net/foren sics.htm,2010.

引证文献3

二级引证文献16

计算机工程与设计
2012年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部