期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Hash的YAFFS2文件各版本恢复算法研究 被引量:3

Research on Different Versions of YAFFS2 File Recovery Algorithm Based on Hash
下载PDF
导出
摘要 Android取证过程中,包含了数据提取、数据恢复等方向,其中数据恢复是Android取证研究中非常重要的一个环节,只有更好、更多地恢复终端中的数据,特别是一些被修改或者删除的数据,才能更好地开展对后续数据的分析和研究。YAFFS2文件系统是一种新型的快速闪存文件系统,该文件系统被设计用在使用NAND闪存技术的移动终端中,也是目前广泛应用于Android移动终端中的新型文件系统。文章选择YAFFS2文件系统作为研究对象,提出了一种基于Hash的YAFFS2文件各版本恢复算法。首先通过反向扫描获得该文件系统中的数据信息;然后将具有相同对象头信息的数据提取,并将其中的信息存入Hash链表中;最后重构文件以实现对多个版本的文件恢复。文章通过在Linux系统下搭建YAFFS2文件系统环境,并进行实验,证明了该算法可有效地对各类型数据文件进行恢复,特别是可恢复SQLite3数据库文件,并且可恢复各类型文件的多个版本,实现并达到了设计算法的预期目标,也为后续对Android取证中其他方面的研究打下了一定的基础。 In digital forensic, the technology of Android forensic becomes hot spot of research currently. And there are some research interests such as data extraction, data recovery for Android forensic. Among these research interests, data recovery is one of the most important step. YAFFS2 is a new fl ash file system. It is designed for mobile devices which use NAND fl ash and is widely used in Android devices. Thus, this paper proposes a method that recover different versions of YAFFS2 file based on Hash. Through extracting and storing the same object header information into Hash linked list, it can recover different versions of file. The experiment is executed under Linux system with YAFFS2 file system environment. And the experiment results show that the method can recover different types of file especially SQLite3 file and recover different versions of different types of file effectively. And this method lays the foundation for the follow-up research of Android forensic.
作者 李亚萌 何泾沙
机构地区 北京工业大学软件学院
出处 《信息网络安全》 2016年第5期51-57,共7页 Netinfo Security
基金 国家高技术研究发展计划(国家863计划)[2015AA017204]
关键词 数字取证 文件恢复 ANDROID系统 YAFFS2 HASH digital forensics file recovery Android YAFFS2 Hash
分类号 TP309.3 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献14

  • 1The Statistics Portal. Market Share Worldwide Smartphone Shipmentsby Operating System from 2014 to 2020[EB/OL] .http: //www.statista.com/statistics/272307/market-share-forecast-for-smartphone-operating-systems, 2014-4-1.
  • 2VENEMAW. File Recovery Techniques Wietse Investigates the Topicof File Recovery by Reconstructing Past Behavior and Examining DeletedFile Access Time Patterns and other Attributes [J]. DOCTOR DOBBSJOURNAL, 2000,25(12): 74-81.
  • 3ZHANGN, WANG J. Research of File Recovery in WindowsFAT32[C]//IEEE, 2015 International Conference on Intelligent SystemsResearch and Mechatronics Engineering, April 11-13,2015,Zhengzhou,China. Pairs: Atlantis Press, 2015:33-36.
  • 4BURGHARDTA,FELDMAN A J. Using the HFS+ Journal forDeleted File Recovery [J]. Digital Investigation, 2008 (5): S76-S82.
  • 5LUCKJ, STOKES M. An Integrated Approach to Recovering DeletedFiles from NAND Flash Data [J]. Small Scale Digital Device ForensicsJournal, 2008’ 2(1):1-13.
  • 6LEES, SHON T. Improved Deleted File Recovery Technique forExt2/3 File System [J]. The Journal of Supercomputing, 2014, 70(1):20-30.
  • 7LIQ, HU X,WU H. Database Management Strategy and RecoveryMethods of Android[C]//IEEE. 2014 5th IEEE International Conferenceon Software Engineering and Service Science (ICSESS), June 27-29,2014,Beijing, CHna.New York: IEEE, 2014: 727-730.
  • 8MANNINGC. How YAFFS Works [EB/OL]. http://www.yaffi.net/documents/how-yaffi-works, 2012/2016.
  • 9YANGX, XU M,ZHANG H. File Recovering from YAFFS2 Basedon Object Headers and Metadata[C]// Proceedings of 4th InternationalConference on Graphic and Image Processing, October 5,2012,Singapore.Bellingham: International Society for Optics and Photonics,2013:876806-876806-8.
  • 10王随刚,吴莎莎,李昂.智能手机取证技术研究[J].警察技术,2012(5):3-7. 被引量:7

二级参考文献16

  • 1王海英,周长伦,亓丕水,宋佐江,位晓晓.智能手机数据的提取与恢复[J].机械管理开发,2012,27(1):189-191. 被引量:6
  • 2http ://www.sqlite.org/filefomat.html.
  • 3Paul M C.Forensic Analysis of Mobile Phones[D].Adelaide,Australia:University of South Australia,2005.
  • 4Svein W.Forensic Analysis of Mobile Phone Internal Memory[J].Advances in Digital Forensics,2006,(194):191-204.
  • 5Marcel B,Coert K.Forensic Data Recovery from Flash Memory[J].Small Scale Digital Device Forensics Journal,2007,1(1):1-17.
  • 6Jonkers K.The Forensic use of Mobile Phone Flasher Boxes[J].Digital Investigation,2010,(6):168-178.
  • 7Jansen W,Ayers R.Guidelines on Cell Phone Forensic:Recommendations of the National Institute of Standards and Technology[EB/OL].[2013-09-20].http://www.docin.com/p-437911651.html.
  • 8Pereira M T.Forensic Analysis of the Firefox31nternet History and Recovery of Deleted SQLite records[J].Digit Investigation,2009,5(3):93-103.
  • 9Jeon S,Bang J,Byun K.A Recovery Method of Deleted Record for SQLite Database[J].Pers Ubiquit Computer,2012,16(6):707-715.
  • 10Hipp D R.The SQLite Database File Format[EB/OL].(2013-05-30).http://www.sqlite.org/fileformat.html.

共引文献18

同被引文献26

引证文献3

二级引证文献5

信息网络安全
2016年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部