Portal de Periódicos da CAPES

A Recovery Approach for SQLite History Recorders from YAFFS2

2013; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-36818-9_30

1611-3349

Beibei Wu, Ming Xu, Haiping Zhang, Jian Xu, Yizhi Ren, Ning Zheng,

Advanced Malware Detection Techniques

Nowadays, forensic on flash memories has drawn much attention. In this paper, a recovery method for SQLite database history records (I.e. updated and deleted records) form YAFFS2 is proposed. Based on the out-of-place-write strategies in NAND flash memory required by YAFFS2, the SQLite history recorders can be recovered and ordered into timeline by their timestamps. The experiment results show that the proposed method can recover the updated or deleted records correctly. Our method can help investigators to find the significant information about user actions in Android smart phones by these history recorders, although they seem to have been disappeared or deleted.