Modern smartphones are not only used for communication via phone calls but also for a variety of other purposes such as emailing or storing personal data. To enable these services, most smartphones possess a large memory capacity to save files and application data. As smartphones are not only used for legal purposes but also for criminal actions, this data can contain valuable evidence for forensic investigators. In order to be able to analyze this data, it is very important to understand the way smartphones store and delete data. Therefore, it is necessary to understand the file system that is used to handle the smartphone’s internal flash memory. The major focus within this diploma thesis is the analysis of the flash file system YAFFS2 which is used by the popular Android smartphones. To that purpose, YAFFS2 is theoretically and practically analyzed in a forensic perspective in order to determine possibilities to recover modified or deleted files from a smartphone’s flash memory. Additionally, YAFFS2 is compared to the common file system NTFS within this diploma thesis. This diploma thesis also includes a chapter discussing ways to safely delete files from a YAFFS2 flash memory.
[1]
Trevor N. Mudge,et al.
Improving NAND Flash Based Disk Caches
,
2008,
2008 International Symposium on Computer Architecture.
[2]
Brian D. Carrier,et al.
File System Forensic Analysis
,
2005
.
[3]
Jongmoo Choi,et al.
Secure Deletion of Confidential Data in Consumer Electronics
,
2008,
2008 Digest of Technical Papers - International Conference on Consumer Electronics.
[4]
R. Engelbrecht,et al.
DIGEST of TECHNICAL PAPERS
,
1959
.
[5]
Piero Olivo,et al.
Flash memory cells-an overview
,
1997,
Proc. IEEE.