论文信息 - Digital forensics and analysis for Android devices

Digital forensics and analysis for Android devices

With the widely use of smart phones, Android devices have become an important data source in forensic investigation, and many tools which collecting data from Android devices have also been introduced. However, most current studies consider only flashing the NAND card, nearly paying attention to eMMC card. Therefore, based on Android Recovery Mode, our paper designed a general forensic tool giving consideration to both NAND and eMMC card. And after exploring the possibility of data recovery when application is uninstalled from Android device which is formatted as Ext4 file system, finally a method for data recovery based on hash value matching of journal file is put forward.

[1] Jaecheol Ryou,et al. Forensic Data Acquisition from Cell Phones using JTAG Interface , 2008, Security and Management.

[2] Pratap P. Nayadkar. Automatic and secured backup and restore technique in Android , 2015, 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS).

[3] Taejoo Chang,et al. New acquisition method based on firmware update protocols for Android smartphones , 2015, Digit. Investig..

[4] Nicolas Christin,et al. Toward a general collection methodology for Android devices , 2011, Digit. Investig..

[5] Sangjin Lee,et al. A study of user data integrity during acquisition of Android devices , 2013, Digit. Investig..

[6] Andrew Hoog. Android forensics : investigation, analysis, and mobile security for Google Android / Andrew Hoog ; John McCash, technical editor. , 2011 .

[7] Justin Grover. Android forensics: Automated data collection and reporting from a mobile device , 2013 .

[8] Xu Guo-tian. The Research of File Recovery Method on EXT4 File System , 2011 .

[9] Kevin D. Fairbanks. An analysis of Ext4 for digital forensics , 2012 .