The Design Of General Framework And System For Android Applications Forensics

Smartphones are gradually becoming an indispensable part of people's lives.Meanwhile,the digital evidence in devices has been important for case detection.However,the number of Android applications is extremely large,while current forensic systems require a large amount of work for update and maintenance.Therefore,this thesis summarizes the general model of forensic methods and designs a new forensic framework.On this basis,this thesis implements the automatic writing of the forensic method,and finally constitutes a new Android application forensics system.It not only simplifies the development process of forensic methods,but also improves the versatility and scalability of the system.The main research work of the thesis is as follows:1.The general forensics framework is designed based on a large number of forensics work.This thesis splits the forensic method into six sub-processes,namely file capture,file processing,data extraction,data analysis,information association and result mark.Therefore,the forensic code can be transformed into formatted and standardized data text,which realizes the data-driven forensic logic.2.According to the data-driven feature,the automatic writing of forensics methods is realized.This thesis analyzes the general process of the forensic design and implements automated tools for each step.The capabilities of these tools include automatic generation of application data,automatic search and filtering of files,assisted generation of regular expressions,and automatic writing of forensic methods.Using these tools will greatly increase the efficiency of the development of forensic methods.3.A complete forensic system software is designed.The software satisfies the basic forensics function,and also realizes the advanced analysis with the result tagging method.These features include time analysis and keyword analysis of all records.The implementation of this system can better explain the functional scalability of the forensic framework.4.Performance tests are conducted on the forensic system software.The data analysis shows that the forensic efficiency of the system is acceptable.It only takes 2 minutes to generate a basic rule,which proves that editing speed of the forensic method is better than traditional methods.