摘要
目前,新型电信诈骗案件中,使用手机恶意程序进行诈骗、网络赌博等违法犯罪的案件逐渐增多。本文将研究Android应用程序包(APK)取证方法,为网络诈骗案件侦查提供线索。本文对手机APK的结构、APK的提取方式、逆向工具分析、APK获取的权限进行了总结,并通过实际案例,从静态分析和动态分析两方面研究了手机APK的取证方法。静态分析是对证据进行固定,使用逆向分析工具对APK文件进行反编译,分析源码函数功能,找到回传邮箱,动态分析是通过安卓模拟器模拟手机APK和用Fiddler进行抓包测试,最终分析出APK的网络行为,并对涉案内容进行了证据固定。
Presently,illicit and maleficent cases are gradually increasing among the new telecom fraud crimes by way of mobile phone-implanted malicious programs to defraud and/or gamble online.Android application package(APK)was here parsed into electronic forensics so as to provide reference and impartation for investigation of relevant network fraud cases.The mobile phone-operated APK was therewith dissected into its structure,extraction method,reverse-analysis tool and access authorization.Through one actual case,the electronic forensics were probed into the mobile phone-running APK from both static and dynamic analysis.Static analysis was used to fix such the evidence that reverse-analysis tools can be deployed to decompile the APK file,analyze the source function plus its effect,and find the returned mailbox.The dynamic analysis was adopted to simulate the mobile phone-operated APK through an Android simulator,test the packet capture with Fiddler,unveil the network behavior of APK,and eventually fix the case-involved contents as evidence.
作者
戴芬
刘洪伟
樊婕
李璐
DAI Fen;LIU Hongwei;FAN Jie;LI Lu(Liaocheng Public Security Bureau,Liaocheng 252000,Shandong,China)
出处
《刑事技术》
2021年第4期349-353,共5页
Forensic Science and Technology
关键词
电子取证
安卓系统
手机APK
逆向分析
electronic forensics
Android system
mobile phone-operating APK
reverse analysis