克服手机取证的障碍

Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008) Pub Date : 2008-01-07 DOI:10.1109/HICSS.2008.341

W. Jansen, A. Delaitre, Ludovic Moenner

{"title":"克服手机取证的障碍","authors":"W. Jansen, A. Delaitre, Ludovic Moenner","doi":"10.1109/HICSS.2008.341","DOIUrl":null,"url":null,"abstract":"Cell phones are an emerging but rapidly growing area of computer forensics. While cell phones are becoming more like desktop computers functionally, their organization and operation are quite different in certain areas. For example, most cell phones do not contain a hard drive and rely instead on flash memory for persistent storage. Cell phones are also designed more as special-purpose appliances that perform a set of predefined tasks using proprietary embedded software, rather than general-purpose extensible systems that run common operating system software. Such differences make the application of classical computer forensic techniques difficult. Also complicating the situation is the state of the art of present day cell phone forensic tools themselves and the way in which tools are applied. This paper identifies factors that impede cell phone forensics and describes techniques to address two resulting problems in particular: the limited coverage of available phone models by forensic tools, and the inadequate means for validating the correct functioning of forensic tools.","PeriodicalId":328874,"journal":{"name":"Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"52","resultStr":"{\"title\":\"Overcoming Impediments to Cell Phone Forensics\",\"authors\":\"W. Jansen, A. Delaitre, Ludovic Moenner\",\"doi\":\"10.1109/HICSS.2008.341\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cell phones are an emerging but rapidly growing area of computer forensics. While cell phones are becoming more like desktop computers functionally, their organization and operation are quite different in certain areas. For example, most cell phones do not contain a hard drive and rely instead on flash memory for persistent storage. Cell phones are also designed more as special-purpose appliances that perform a set of predefined tasks using proprietary embedded software, rather than general-purpose extensible systems that run common operating system software. Such differences make the application of classical computer forensic techniques difficult. Also complicating the situation is the state of the art of present day cell phone forensic tools themselves and the way in which tools are applied. This paper identifies factors that impede cell phone forensics and describes techniques to address two resulting problems in particular: the limited coverage of available phone models by forensic tools, and the inadequate means for validating the correct functioning of forensic tools.\",\"PeriodicalId\":328874,\"journal\":{\"name\":\"Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008)\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-01-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"52\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HICSS.2008.341\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HICSS.2008.341","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 52

摘要

手机是计算机取证的一个新兴但发展迅速的领域。虽然手机在功能上越来越像台式电脑，但它们的组织和操作在某些方面却有很大的不同。例如，大多数手机不包含硬盘驱动器，而是依赖闪存进行持久存储。手机也更多地被设计成使用专有嵌入式软件执行一组预定义任务的专用设备，而不是运行通用操作系统软件的通用可扩展系统。这些差异使得传统的计算机取证技术难以应用。同样使情况复杂化的是目前手机取证工具本身的技术状况以及工具的应用方式。本文确定了阻碍手机取证的因素，并描述了解决两个特别问题的技术:取证工具对可用手机型号的覆盖范围有限，以及验证取证工具正确功能的手段不足。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Overcoming Impediments to Cell Phone Forensics

Cell phones are an emerging but rapidly growing area of computer forensics. While cell phones are becoming more like desktop computers functionally, their organization and operation are quite different in certain areas. For example, most cell phones do not contain a hard drive and rely instead on flash memory for persistent storage. Cell phones are also designed more as special-purpose appliances that perform a set of predefined tasks using proprietary embedded software, rather than general-purpose extensible systems that run common operating system software. Such differences make the application of classical computer forensic techniques difficult. Also complicating the situation is the state of the art of present day cell phone forensic tools themselves and the way in which tools are applied. This paper identifies factors that impede cell phone forensics and describes techniques to address two resulting problems in particular: the limited coverage of available phone models by forensic tools, and the inadequate means for validating the correct functioning of forensic tools.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008)

自引率

0.00%

发文量