面向MTK山寨手机的电子证据分析与取证

Digital Investigation and Forensics on MTK-based Pirated Phone

  • 摘要: 针对基于MTK平台和NAND Flash的山寨手机进行了手机取证技术研究,通过逆向工程解析了手机中关键数字证据(通话记录与网页浏览记录)的物理层数据格式,进一步研究复杂操作下这两种关键数字证据在山寨手机中的存储管理机制和取证技术.对于被删除的数据记录,可以通过对底层二进制数据的详细分析进行检测,并依据数据存储特征进行恢复.

     

    Abstract: MTK-based pirated phone with NAND flash was analyzed and the related forensics techniques were studied. The physical storage format of two key digital evidences (call record and web history) in pirated phone was analyzed and parsed using reverse engineering. Based on this, the storage mechanism and forensics techniques for the two digital evidences with complicated operations were studied. The results showed that purposely deleting operation could be detected by analyzing low-level binary image. Furthermore, some of the records could be successfully retrieved.

     

/

返回文章
返回