Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An Android App historical screen recovery and evidence collection system based on memory analysis

A memory analysis and storage subsystem technology, applied in the field of Android App history screen recovery and forensics systems, can solve the problems of less memory extraction information, the lack of generality of the forensics system, and the lack of forensic methods, so as to ensure auditability, Guaranteed safety and broad application prospects

Inactive Publication Date: 2019-05-28
YANTAI POWER SUPPLY COMPANY OF STATE GRID SHANDONG ELECTRIC POWER +1
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to solve the problems of the ROOT authority of the existing Android mobile phone, the lack of universality of the forensics system, the lack of memory extraction information in some forensics systems, and the lack of universality of the forensics method for specific apps, and proposes a method based on memory analysis. Android App history screen recovery and forensics system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Android App historical screen recovery and evidence collection system based on memory analysis
  • An Android App historical screen recovery and evidence collection system based on memory analysis
  • An Android App historical screen recovery and evidence collection system based on memory analysis

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach 1

[0022] Specific implementation mode one: combine figure 1 Describe this embodiment, the Android App historical screen recovery and evidence collection system based on memory analysis in this embodiment includes an Android memory extraction subsystem, a memory evidence storage subsystem, and an Android App historical screen recovery and evidence collection subsystem;

[0023] The Android memory extraction subsystem is used to completely extract the memory space of the target App;

[0024] The memory evidence storage subsystem is used to store the file memory evidence extracted by the Android memory extraction subsystem;

[0025] The Android App history screen recovery and forensics subsystem is used to extract the memory space of the target App based on the Android memory extraction subsystem and the file memory evidence stored in the memory evidence storage subsystem, using the model (Model / View / Controller) in the MVC architecture to Realize App history screen recovery and fo...

specific Embodiment approach 2

[0028] Specific embodiment two: the difference between this embodiment and specific embodiment one is that the Android memory extraction subsystem includes a configuration module, a PROC virtual file module, a remote injection module based on PTRACE, and memory extraction and thread space (Shell Code injection) extract module;

[0029] The configuration module is used to support the complete memory image acquisition strategy and App specific process acquisition strategy;

[0030] The complete memory image acquisition strategy is for the scenario of forensics for all apps in the target mobile phone;

[0031] Scenarios where the App-specific process acquisition strategy is used for forensics against the target App;

[0032] Reduce the size of the image file and reduce the cost of network transmission;

[0033] The PROC virtual file module is a virtual file in the Linux system, which is used to communicate between the Linux kernel space and the user by using PROC;

[0034] Acc...

specific Embodiment approach 3

[0042] Embodiment 3: The difference between this embodiment and Embodiment 1 or 2 is that the memory evidence storage subsystem includes a memory image file module, a memory map file module, and a memory evidence description information module;

[0043] The memory image file module is used to perform segmented access to the memory of the MEM image file;

[0044] The memory-mapped file module is used for segmented access to MAPS-mapped file memory;

[0045]The memory evidence description information module is used to store information on accessing files.

[0046] Other steps and parameters are the same as those in Embodiment 1 or Embodiment 2.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an Android App historical screen recovery and evidence collection system based on memory analysis, and relates to an Android App historical screen recovery and evidence collection system. The objective of the invention is to solve the problems that an existing Android mobile phone ROOT permission and evidence obtaining system does not have universality, some evidence obtaining systems have less memory extraction information, and an evidence obtaining method for a specific App does not have universality. The system comprises an Android memory extraction subsystem, a memory evidence storage subsystem and an Android App historical screen recovery and evidence collection subsystem. The Android memory extraction subsystem is used for completely extracting the memory space of the target App; the memory evidence storage subsystem is used for storing the file memory evidence extracted by the Android memory extraction subsystem; and the Android App historical screen recovery and evidence collection subsystem is used for realizing App historical screen recovery and evidence collection by utilizing a model in the MVC architecture. The system is applied to the field ofandroid App historical screen recovery and evidence obtaining.

Description

technical field [0001] The invention relates to an Android App history screen recovery and evidence collection system. Background technique [0002] With the popularization of mobile Internet technology and Android mobile terminals, computer crimes based on mobile phones have grown rapidly. In related cases, some important evidence is left in mobile phones or mobile applications: According to statistics, 70% of crimes in the United States involve mobile digital forensics, and as high as 90% in the United Kingdom. In this context, how to effectively and reliably conduct mobile terminal forensics has become a research hotspot in the field of application security. [0003] At present, Android system memory extraction has many disadvantages: Problem 1, Android mobile phone ROOT permission, currently there are few ROOT mobile phones; Problem 2, the forensics system is not universal, and cannot be applied to different versions of the Android system; The system has less memory ex...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/14G06F12/0875
Inventor 常英贤刘斌丛连日武侠邓华苏豪鲍娌娜李荣生崔豪驿田书然
Owner YANTAI POWER SUPPLY COMPANY OF STATE GRID SHANDONG ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com