A Recovery Approach for SQLite History Recorders from YAFFS2

Beibei Wu 1 Ming Xu 1 Haiping Zhang 1 Jian Xu 1 Yizhi Ren 1 Ning Zheng 1
1 HDU - Hangzhou Dianzi University
Abstract : Nowadays, forensic on flash memories has drawn much attention. In this paper, a recovery method for SQLite database history records (I.e. updated and deleted records) form YAFFS2 is proposed. Based on the out-of-place-write strategies in NAND flash memory required by YAFFS2, the SQLite history recorders can be recovered and ordered into timeline by their timestamps. The experiment results show that the proposed method can recover the updated or deleted records correctly. Our method can help investigators to find the significant information about user actions in Android smart phones by these history recorders, although they seem to have been disappeared or deleted.
Keywords : Digital forensics Android YAFFS2 SQLite Recovery
Type de document :
Communication dans un congrès
David Hutchison; Takeo Kanade; Madhu Sudan; Demetri Terzopoulos; Doug Tygar; Moshe Y. Vardi; Gerhard Weikum; Khabib Mustofa; Erich J. Neuhold; A Min Tjoa; Edgar Weippl; Ilsun You; Josef Kittler; Jon M. Kleinberg; Friedemann Mattern; John C. Mitchell; Moni Naor; Oscar Nierstrasz; C. Pandu Rangan; Bernhard Steffen. 1st International Conference on Information and Communication Technology (ICT-EurAsia), Mar 2013, Yogyakarta, Indonesia. Springer, Lecture Notes in Computer Science, LNCS-7804, pp.295-299, 2013, Information and Communicatiaon Technology. 〈10.1007/978-3-642-36818-9_30〉
Liste complète des métadonnées

Littérature citée [6 références]  Voir  Masquer  Télécharger
https://hal.inria.fr/hal-01480183
Contributeur : Hal Ifip <>
Soumis le : mercredi 1 mars 2017 - 11:04:52
Dernière modification le : jeudi 2 mars 2017 - 01:04:25
Document(s) archivé(s) le : mardi 30 mai 2017 - 14:31:24

Fichier

978-3-642-36818-9_30_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence

Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Collections

IFIP | IFIP-LNCS | IFIP-LNCS-7804 | IFIP-ICT-EURASIA | IFIP-TC5 | IFIP-TC | IFIP-TC8

Citation

Beibei Wu, Ming Xu, Haiping Zhang, Jian Xu, Yizhi Ren, et al.. A Recovery Approach for SQLite History Recorders from YAFFS2. David Hutchison; Takeo Kanade; Madhu Sudan; Demetri Terzopoulos; Doug Tygar; Moshe Y. Vardi; Gerhard Weikum; Khabib Mustofa; Erich J. Neuhold; A Min Tjoa; Edgar Weippl; Ilsun You; Josef Kittler; Jon M. Kleinberg; Friedemann Mattern; John C. Mitchell; Moni Naor; Oscar Nierstrasz; C. Pandu Rangan; Bernhard Steffen. 1st International Conference on Information and Communication Technology (ICT-EurAsia), Mar 2013, Yogyakarta, Indonesia. Springer, Lecture Notes in Computer Science, LNCS-7804, pp.295-299, 2013, Information and Communicatiaon Technology. 〈10.1007/978-3-642-36818-9_30〉. 〈hal-01480183〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

51

Téléchargements de fichiers

130

Contact


archive-ouverte@inria.fr