The "Computer Industrial Revolution" is sweeping the world with a violent momentum. In recent years, especially the development of mobile platforms and wireless networks, it can be said that it is changing with each passing day, and a large number of mobile APPs (Applications) have been born. The emergence of mobile APP has greatly facilitated our daily life and enriched our entertainment life. With the continuous improvement of mobile phone APP function requirements, in recent years, with the wave of "O2O" entrepreneurship in China, some mobile phone-based APPs have also emerged. However, with the widespread use of mobile phone applications, the issue of mobile phone security has become the focus of people's attention. Mobile phone security In terms of mobile phone applications, it is more reflected in the security of user behavior data. The research core of this thesis is the forensic analysis of users' chat data in social APP, based on the Android client to realize the function of forensics of users' chat data during the chat process.
This paper investigates the use of most of the mobile APPs with a relatively large number of users in the market, and analyzes the needs of the survey results, and determines the forensics function design scheme based on the Android client-side social application chat APP. Realized that the user's chat data can be extracted and stored on the mobile phone, in case the chat data needs to be collected after the mobile application clears the chat data. The framework of this design is the Android system, the client interface is designed by its related components, the development language is JAVA, the development environment is AndroidStudio, and the database is MySql, a lightweight relational database commonly used in Android. Implementation process. This APP stores all kinds of user information on the service APP side, and updates it in time. The client is a smartphone equipped with an Android system, and users can obtain the required chat data information through various functions of the App.
demand analysis
At the beginning of this design, a survey was carried out on the usage of some online chat apps in the market. The survey objects involved college students, business people and government officials. I understand that there are roughly the following points for the biggest needs of chat APP software at present. One is that you can back up your own chat content data, even after the user clears the chat content, and the other is that you can retrieve the user's chat content data. Evidence can be obtained when it is necessary to provide evidence in the future.
Functional Analysis
The various functions of this design are mainly concentrated in the client, that is, the mobile APP. In order for people to chat online more conveniently, at the same time, users can also extract and save chat records for forensic analysis. We combined the previous research As a result, we have made some innovative designs for the design of the mobile APP, especially in response to the two major needs that people have responded to;
(1) The client of this app is based on the Android system. For users who use this app, it can be obtained more conveniently through mobile phones. The specific functions are roughly as follows:
1) Online chat function: users can chat online on the mobile phone APP. The realization of the chat function in this design relies on the sdk of Huanxin Instant Messaging, so that online chat and calls can be realized without using the client.
2) Forensics of chat records: When chatting on the mobile phone APP, if the user does not click the "Message Backup" button, all the chat records will be deleted after clicking Clear Chat Records in the chat dialog box. If the user clicks the "Message Backup" button, after clearing the chat history in the chat dialog box, go to the "Message Forensics" to "retrieve" the deleted and emptied chat messages. There is a need for forensics, as forensic data.
chapter summary
This chapter is divided into three summaries. First, through a large number of investigations and inductions, and then analyze some desired needs of users for this type of App, and then specifically introduce the needs based on these needs. Finally, it is to solve the problem of users’ feedback on flying needs, and determine this mobile phone. What functions should we develop for the application.
Forensics and analysis of chat logs
The model is aimed at the main analysis stages of forensic analysis under the Android system, including 9 activity stages of awareness, preparation, protection scene, recording scene, data collection, preservation, inspection, analysis, and review. In addition, this model allows forensic analysts to return to the previous stage according to the actual situation of the case investigation, which is convenient for forensic analysts to obtain more evidence information, or to re-determine the subsequent analysis results. The meaning of each analysis stage is as follows:
1) Consciousness
Given that Android forensic analysis has relatively high time requirements, forensic analysis
Personnel need to have a strong awareness of forensics to ensure that evidence can be obtained in a timely manner. Consciousness
The first stage in the analysis model runs through the entire forensics process.
2) prepare
At this stage, forensics analysts need to be authorized by the institution and under relevant laws and regulations. By understanding the extended background of digital forensics cases, case environment, smart phone devices and other relevant information, forensics analysts formulate detailed forensics plans.
3) Protect the site
Android smartphone devices can connect to the outside world through wireless networks. Due to the strong concealment of wireless signals, before implementing data forensics on Android smartphones, it is necessary to implement communication shielding measures for mobile phones to ensure that the data in the mobile phone is not interfered by wireless signals. . Specific methods include communication shielding equipment or special signal shielding rooms.
4) Record the scene
The main work of the forensics personnel at this stage is to extract the original data information from the Android smart phone device. The technical means include direct reading of the mobile phone chip, extraction of the mobile phone image, or direct reading of the data directory information at key locations. Corresponding data extraction methods can be adopted according to the actual situation of the case, and the chat APP data information on the Android system can be obtained by the above three methods.
5) Data Collection
The focus of this stage is to extract the data information related to the chat APP and the case from the Android phone image and file directory. According to the data storage characteristics of the chat APP, the associated data can be divided into volatile data, non-volatile data and Offline/cloud data. In addition, base station information may also be helpful in digital forensics cases.
6) save
The extracted original data information associated with the chat app needs to be backed up and saved on a disk, and the digital evidence should be recorded.
7) check
The focus of traditional PC forensics is on the disk, and the forensics operation is performed by mounting the disk without destroying the original data. The forensics for mobile smart devices is different. Unless the mobile phone chip needs to be disassembled under special circumstances, the digital forensics operation is normally performed when the Android smartphone is turned on. At the same time, in order to completely extract the relevant data of the chat APP, Root permission is also required before the operation. Every Android smartphone restart operation and root permission acquisition operation will change the data on the Android smartphone to varying degrees. Whether these operations have changed the data related to the chat app on the Android smartphone and whether the changed data has an impact on the case is a matter of concern. Inspection and analysis are required to ensure the credibility of the extracted digital evidence.