摘要
近年来"伪基站"在实际检验鉴定工作中给我国司法部门带来了巨大挑战。本文首先简要阐述了"伪基站"的工作原理、常用的取证方法及存在的问题,然后着重介绍了"伪基站"的后台数据库文件的数据存储结构,并通过实例分析,对数据库保存的发送记录在删除前后的数据变化进行了仔细比对,证明了数据库中删除文件恢复的可行性。最后笔者利用数据库文件成功恢复提取出"伪基站"中未覆盖的发送任务记录。这种方法和经验可以应用于绝大多数"伪基站"的取证。
Pseudo-base station is frequently used by culprits to conduct telecommunication frauds.With a briefintroduction of its operation principle,commonly-adopted forensic evidence collection choices and problems about pseudobasestation,this paper focuses on the data-storage structure that is utilized in the database of pseudo-base station.Throughan example,the changed data were carefully compared and analyzed to the database-stored sent-records before and afterdeletion,demonstrating the feasibility to recover the deleted records,and finally making the unmasked sent-records recoveredand extracted from the database file stored in the pseudo-base station.Therefore,such a methodology and experience could beapplied into forensic evidence collection for most pseudo-base stations.
作者
胡颖
HU Ying(Hunan Provincial Public Security Bureau, Changsha 410001, China)
出处
《刑事技术》
2017年第5期350-354,共5页
Forensic Science and Technology
关键词
伪基站
数据库恢复
发送任务
pseudo-base station
database recovery
sending task
