【摘要】：隨著移動(dòng)互聯(lián)網(wǎng)的發(fā)展,移動(dòng)智能終端市場(chǎng)的競(jìng)爭(zhēng)日益加劇。在中高端智能手機(jī)市場(chǎng)中,以iOS為操作系統(tǒng)的iPhone廣受用戶(hù)歡迎。移動(dòng)智能終端類(lèi)似于個(gè)人電腦,可以下載功能豐富的第三方應(yīng)用程序,逐漸成為了人們工作、生活中的必備工具。iPhone中存儲(chǔ)著大量用戶(hù)數(shù)據(jù),在移動(dòng)互聯(lián)網(wǎng)的數(shù)字犯罪中成為了案件證據(jù)采集中的一個(gè)重要的數(shù)據(jù)來(lái)源,這些數(shù)據(jù)信息往往能夠?yàn)榘讣䝼善铺峁┚�索,因此iPhone取證成為目前電子取證領(lǐng)域新的研究方向和熱點(diǎn)。雖然目前國(guó)外市場(chǎng)上出現(xiàn)了種類(lèi)較多的支持iPhone取證的智能終端取證軟件,但是大多價(jià)格昂貴,且購(gòu)買(mǎi)流程復(fù)雜,有些需要司法認(rèn)證才能購(gòu)買(mǎi)。從功能角度上分析,大多國(guó)外的取證軟件對(duì)于第三方應(yīng)用程序支持有限,主要局限于Twitter, Facebook, Skype等國(guó)外比較流行的軟件,國(guó)內(nèi)幾乎沒(méi)有用戶(hù)使用這些軟件。而國(guó)內(nèi)智能終端取證研究起步較晚,傳統(tǒng)的手機(jī)取證工具也不能支持目前熱門(mén)的第三方應(yīng)用程序分析。所以對(duì)iPhone中的熱門(mén)應(yīng)用程序數(shù)據(jù)進(jìn)行提取和恢復(fù)是很有必要的。本文在討論研究iPhone取證必要性以及取證技術(shù)的基礎(chǔ)上,探討了iPhone熱點(diǎn)應(yīng)用程序數(shù)據(jù)提取和恢復(fù)的關(guān)鍵問(wèn)題,包括對(duì)備份數(shù)據(jù)、手機(jī)內(nèi)存中的數(shù)據(jù)進(jìn)行提取和鏡像的方法,以及對(duì)已刪除數(shù)據(jù)進(jìn)行恢復(fù)的方法等等。重點(diǎn)以微博、微信、手機(jī)QQ等熱點(diǎn)應(yīng)用程序?yàn)槔M(jìn)行了應(yīng)用程序痕跡記錄解析,分析了應(yīng)用程序目錄下的重點(diǎn)文件以及數(shù)據(jù)庫(kù)文件的重點(diǎn)存儲(chǔ)表,對(duì)聊天記錄、語(yǔ)音文件等進(jìn)行了解析。并且通過(guò)SQLite底層結(jié)構(gòu)分析方法,定位已刪除數(shù)據(jù)偏移地址,提取刪除數(shù)據(jù),以手機(jī)QQ聊天記錄為例,實(shí)現(xiàn)了應(yīng)用程序中已刪除數(shù)據(jù)的恢復(fù)。
[Abstract]:With the development of mobile Internet, the competition of mobile intelligent terminal market is becoming more and more serious. In the mid-high-end smartphone market, iPhone with iOS as the operating system is popular with users. Mobile smart terminals, similar to personal computers, can download rich third-party applications, and have gradually become an essential tool for people to work and live. IPhone stores a lot of user data. Digital crime on the mobile Internet has become an important data source in case evidence collection, which can often provide clues for case detection. Therefore, iPhone forensics has become a new research direction and hot spot in the field of electronic forensics. Although there are many kinds of intelligent terminal forensics software supporting iPhone forensics in foreign markets, most of them are expensive, and the process of purchase is complicated, some of them need judicial authentication to buy. From a functional point of view, most of the foreign forensics software for third-party applications support is limited, mainly limited to Twitter, Facebook, Skype and other popular foreign software, almost no domestic users use these software. But the domestic intelligent terminal forensics research started late, the traditional mobile phone forensics tools can not support the current hot third-party application analysis. So it is necessary to extract and recover the hot application data in iPhone. On the basis of discussing the necessity and technology of iPhone forensics, this paper discusses the key problems of data extraction and recovery in iPhone hot application program, including the methods of extracting and mirroring the backup data and the data in the memory of mobile phone. And the deleted data recovery methods and so on. Focus on Weibo, WeChat, Mobile QQ and other hot applications for example application trace record analysis, analysis of the application directory and database files of the key storage table, chat records, The voice file is analyzed. Through the method of SQLite bottom structure analysis, the deleted data offset address is located, and the deleted data is extracted. Taking Mobile QQ chat record as an example, the recovery of deleted data in the application program is realized.
【學(xué)位授予單位】：武漢郵電科學(xué)研究院
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TN929.53

【參考文獻(xiàn)】

中國(guó)期刊全文數(shù)據(jù)庫(kù) 前1條

1 吳葉科;宋如順;陳波;;基于手機(jī)的取證調(diào)查模型研究[J];計(jì)算機(jī)時(shí)代;2010年12期

，

本文編號(hào)：2327431