【摘要】：隨著移動互聯(lián)網(wǎng)的發(fā)展,移動智能終端市場的競爭日益加劇。在中高端智能手機(jī)市場中,以iOS為操作系統(tǒng)的iPhone廣受用戶歡迎。移動智能終端類似于個人電腦,可以下載功能豐富的第三方應(yīng)用程序,逐漸成為了人們工作、生活中的必備工具。iPhone中存儲著大量用戶數(shù)據(jù),在移動互聯(lián)網(wǎng)的數(shù)字犯罪中成為了案件證據(jù)采集中的一個重要的數(shù)據(jù)來源,這些數(shù)據(jù)信息往往能夠為案件偵破提供線索,因此iPhone取證成為目前電子取證領(lǐng)域新的研究方向和熱點(diǎn)。雖然目前國外市場上出現(xiàn)了種類較多的支持iPhone取證的智能終端取證軟件,但是大多價格昂貴,且購買流程復(fù)雜,有些需要司法認(rèn)證才能購買。從功能角度上分析,大多國外的取證軟件對于第三方應(yīng)用程序支持有限,主要局限于Twitter, Facebook, Skype等國外比較流行的軟件,國內(nèi)幾乎沒有用戶使用這些軟件。而國內(nèi)智能終端取證研究起步較晚,傳統(tǒng)的手機(jī)取證工具也不能支持目前熱門的第三方應(yīng)用程序分析。所以對iPhone中的熱門應(yīng)用程序數(shù)據(jù)進(jìn)行提取和恢復(fù)是很有必要的。本文在討論研究iPhone取證必要性以及取證技術(shù)的基礎(chǔ)上,探討了iPhone熱點(diǎn)應(yīng)用程序數(shù)據(jù)提取和恢復(fù)的關(guān)鍵問題,包括對備份數(shù)據(jù)、手機(jī)內(nèi)存中的數(shù)據(jù)進(jìn)行提取和鏡像的方法,以及對已刪除數(shù)據(jù)進(jìn)行恢復(fù)的方法等等。重點(diǎn)以微博、微信、手機(jī)QQ等熱點(diǎn)應(yīng)用程序為例進(jìn)行了應(yīng)用程序痕跡記錄解析,分析了應(yīng)用程序目錄下的重點(diǎn)文件以及數(shù)據(jù)庫文件的重點(diǎn)存儲表,對聊天記錄、語音文件等進(jìn)行了解析。并且通過SQLite底層結(jié)構(gòu)分析方法,定位已刪除數(shù)據(jù)偏移地址,提取刪除數(shù)據(jù),以手機(jī)QQ聊天記錄為例,實現(xiàn)了應(yīng)用程序中已刪除數(shù)據(jù)的恢復(fù)。
[Abstract]:With the development of mobile Internet, the competition of mobile intelligent terminal market is becoming more and more serious. In the mid-high-end smartphone market, iPhone with iOS as the operating system is popular with users. Mobile smart terminals, similar to personal computers, can download rich third-party applications, and have gradually become an essential tool for people to work and live. IPhone stores a lot of user data. Digital crime on the mobile Internet has become an important data source in case evidence collection, which can often provide clues for case detection. Therefore, iPhone forensics has become a new research direction and hot spot in the field of electronic forensics. Although there are many kinds of intelligent terminal forensics software supporting iPhone forensics in foreign markets, most of them are expensive, and the process of purchase is complicated, some of them need judicial authentication to buy. From a functional point of view, most of the foreign forensics software for third-party applications support is limited, mainly limited to Twitter, Facebook, Skype and other popular foreign software, almost no domestic users use these software. But the domestic intelligent terminal forensics research started late, the traditional mobile phone forensics tools can not support the current hot third-party application analysis. So it is necessary to extract and recover the hot application data in iPhone. On the basis of discussing the necessity and technology of iPhone forensics, this paper discusses the key problems of data extraction and recovery in iPhone hot application program, including the methods of extracting and mirroring the backup data and the data in the memory of mobile phone. And the deleted data recovery methods and so on. Focus on Weibo, WeChat, Mobile QQ and other hot applications for example application trace record analysis, analysis of the application directory and database files of the key storage table, chat records, The voice file is analyzed. Through the method of SQLite bottom structure analysis, the deleted data offset address is located, and the deleted data is extracted. Taking Mobile QQ chat record as an example, the recovery of deleted data in the application program is realized.
【學(xué)位授予單位】：武漢郵電科學(xué)研究院
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TN929.53

【參考文獻(xiàn)】

中國期刊全文數(shù)據(jù)庫 前1條

1 吳葉科;宋如順;陳波;;基于手機(jī)的取證調(diào)查模型研究[J];計算機(jī)時代;2010年12期

，

本文編號：2327431