Analysis On Forensics Of Wechat Program Database Based On Android System

By the end of 2018,the number of active users in Wechat has exceeded 1.082 billion.With the increasing proportion of Weixin group among Chinese n etizens,the small programs with Weixin as the core have formed a huge user group,and the criminal cases related to Weixin small programs have emerged i n an endless stream.Weixin small programs have created a closed application system with Weixin's ecological environment,and the ensuing research on fore nsics in this system is on Mobile phones.The field of forensics is of great si gnificance.At present,there is not much research on the forensic specification and fo rensic technology of the Wechat applet.Therefore,this paper makes theoretical and practical research on the data extraction of local cache and server of We chat applet,designs the forensic process of the client and cloud of Wechat app let,analyses the evidential ability of the evidence of Wechat applet from the le gal point of view,and validates some relevant forensic tests.Chapter 1 the basic framework of Wechat applet is studied,and the encry pting and decrypting methods of Wechat database and the related knowledge of SQLite database are summarized,so as to provide technical support for the fo llowing analysis of Wechat applet.Chapter 2 combines the traditional methods of Wechat forensics and the m obile phone forensics specification,and proposes a forensics specification for W echat applet database,including the extraction and analysis of client evidence a nd the standardization of cloud server data acquisition.Through this regulation,we can guarantee the validity of evidence from the process of evidence collec tion.Chapter 3 discusses the evidence validity of electronic data obtained by th e above forensic norms in the aspect of Wechat petty procedure forensics from the perspective of evidence capability.Starting from the legality,authenticity a nd integrity of evidence,this paper discusses how to ensure the integrity of ev idence and evidence chain in the process of evidence collection.The first part elaborates the validity of the server-side data extraction of the Wechat applet.Because many data of the Wechat applet are stored in the cloud,the user priv acy and business secrets of the cloud-side data will inevitably be involved in o btaining evidence.The second part proves the authenticity of the client data by analyzing the client storage mechanism of the Wechat applet.The third part il lustrates the relevance of Weixin petty procedural evidence and the case throug h case analysis.Chapter 4 develops a set of software tools for the forensics of Wechat ap plet according to the characteristics of the forensics of Wechat applet.The soft ware tool decrypts and extracts useful data from the database cache data.An a ssistant forensics software is designed in the laboratory.The relevant forensics process is realized by automation,and the forensics results are displayed throu gh the software interface to help improve the efficiency of forensics.The fifth chapter summarizes and prospects the full text,and summarizes t he future research direction and prospects of Wechat small procedure forensics.