摘要
文章阐述了一种由具体内容映射文件系统一般规律的分析方法,从逻辑单元和文件内容的组成入手,从文件目录和其它信息结构的存储结构展开,最终得到文件系统的基本结构和各种参数,实现了基于手动写入参数的半手工解析技术。文中技术除了可以用于一般文件系统的解析,更重要的是可以应用于未知文件系统—黑莓文件系统的直接数据镜像解析。通过这种方法的应用,可以更深入理解文件系统的一般规律,完善文件系统解析的思路,并掌握一定的黑莓文件系统思想,最后实现黑莓手机镜像的取证。
This paper describes a it to form a logical unit and the contents of the ifle to start the mapping ifle by the speciifc content of the general rules of the system analysis method, and stored in the directory structure of files and other information structures unfold, and ultimately get the basic structure of the ifle system and the various kinds of parameters to achieve a written argument based on manual semi-manual analytical techniques. In addition it can be used to parse the ifle system in general, and more importantly applied to the unknown ifle system-direct data ifle system mirroring BlackBerry resolution. By application of this method can be more in-depth understanding of the general rules of the ifle system, the ifle system to improve analytical thinking, and to master certain BlackBerry ifle systems thinking, and ifnally realize the mirror BlackBerry forensics.
出处
《信息网络安全》
2014年第9期214-216,共3页
Netinfo Security
关键词
黑莓
文件系统
解析
取证
逻辑单元
BlackBerry
ifle system
analytical
forensics
logical unit
