| HAL-Inria | Publications, software ... of Inria's scientists |
Conference papers
A Recovery Approach for SQLite History Recorders from YAFFS2
Abstract : Nowadays, forensic on flash memories has drawn much attention. In this paper, a recovery method for SQLite database history records (I.e. updated and deleted records) form YAFFS2 is proposed. Based on the out-of-place-write strategies in NAND flash memory required by YAFFS2, the SQLite history recorders can be recovered and ordered into timeline by their timestamps. The experiment results show that the proposed method can recover the updated or deleted records correctly. Our method can help investigators to find the significant information about user actions in Android smart phones by these history recorders, although they seem to have been disappeared or deleted.
Cited literature [6 references]
https://hal.inria.fr/hal-01480183
Contributor : Hal Ifip <>
Submitted on : Wednesday, March 1, 2017 - 11:04:52 AM
Last modification on : Thursday, March 2, 2017 - 1:04:25 AM
Long-term archiving on: : Tuesday, May 30, 2017 - 2:31:24 PM
Contributor : Hal Ifip <>
Submitted on : Wednesday, March 1, 2017 - 11:04:52 AM
Last modification on : Thursday, March 2, 2017 - 1:04:25 AM
Long-term archiving on: : Tuesday, May 30, 2017 - 2:31:24 PM
File
978-3-642-36818-9_30_Chapter.p...
Files produced by the author(s)
Licence
Distributed under a Creative Commons Attribution 4.0 International License