Research On Data Forensics Technology For Android Mobile Terminal

The technology of data forensics oriented to mobile terminal is the process of extracting,processing and analyzing the data on the target equipment by means of computer science.This paper first introduces the current situation of forensic technology and the difficulties it faces,Through the interpretation of the definition,principles and contents of mobile terminal forensics and the analysis of the various links required for data forensics.Aiming at the shortcomings and problems of the current research,we put forward new technical solutions,mainly from two aspects of Android device storage data recovery forensics and application memory data forensics.The main achievements of the paper are as follows:Aiming at the SQLite database used by Android device,based on the existing recovery technology,a new data recovery technology based on SQLite storage structure is proposed by using the remote update and loss equalization mechanism of NAND,by deleting the valid data unit page content in the deleted area as much as possible to recover deleted data that has not been overwritten.On the basis of this technique,we further study the new log system pre-write log mechanism introduced in SQLite3.7.0 and propose a data recovery technology based on pre-write log,through the reconstruction of log files,and then according to the mosaic of its Frame data block extraction and recovery SQLite data.Aiming at the lack of research on the application of existing forensics data in memory,this paper puts forward a method of forensic technology for application memory data by exploiting the structure of RAM in RAM and its address mapping mode.By exploiting the scalability of Linux kernel,Device memory is extracted by parsing the iomem_resource tree structure and dumped locally to analyze data using the LiME and Volatili-ty version 2.3 tools.For memory data acquired by the application of memory forensics,there may be no signature or start stop sign.The traditional string matching method cannot accurately and completely analyze the data.This paper proposed an analysis method for memory data based on Hidden Markov model,by observing the structural features of the data required for memory data,establish the corresponding HMM model and then use the Viterbi algorithm to extract the valid data matching model,and the algorithm of efficiency evaluation.Finally,based on the above data collection technology,this paper designs a framework for Android mobile terminal data forensics system,and evidence of the correctness,completeness and comprehensiveness is verified by experiments,to provide new solutions and ideas for the Android mobile terminal forensics technology.