Forensic Analysis of YAFFS2
نویسندگان
چکیده
In contrast to traditional file systems designed for hard disks, the file systems used within smartphones and embedded devices have not been fully analyzed from a forensic perspective. Many modern smartphones make use of the NAND flash file system YAFFS2. In this paper we provide an overview of the file system YAFFS2 from the viewpoint of digital forensics. We show how garbage collection and wear leveling techniques affect recoverability of deleted and modified files.
منابع مشابه
Reconstructing Fragmented YAFFS2 Files for Forensic Analysis
Data recovery from captured intelligent mobile devices such as smartphones plays a significant role in digital forensic analysis. In this paper, we study the main characteristics of NAND flash and YAFFS2 file systems and explore the method for recovering YAFFS2 files for forensic analysis based on Tnode tree that can save a lot of time compared to other data recovery methods. For any broken fil...
متن کاملA Recovery Approach for SQLite History Recorders from YAFFS2
Nowadays, forensic on flash memories has drawn much attention. In this paper, a recovery method for SQLite database history records (I.e. updated and deleted records) form YAFFS2 is proposed. Based on the out-of-place-write strategies in NAND flash memory required by YAFFS2, the SQLite history recorders can be recovered and ordered into timeline by their timestamps. The experiment results show ...
متن کاملA Reconstructing Android User Behavior Approach based on YAFFS2 and SQLite
Nowadays, a variety of Android user behavior information is automatically stored in SQLite to indicate when and what user behavior took places. In this paper, an approach to reconstruct Android user behavior from YAFFS2 based on SQLite is proposed. Based on the storage mechanism of YAFFS2 file system and the file structures of SQLite, all of the SQLite records can be recovered from the Android ...
متن کاملForensic analysis of the android file system YAFFS2
The popularity of Android devices has resulted in a requirement for a process to extract and analyse data in a forensically sound manner. There is a wide range of devices which use the Android operating system, and hence a standard process for forensic extraction and analysis for all devices is not possible. Many devices use the Yet Another Flash File System (YAFFS), which introduces an additio...
متن کاملScope of Practice of Forensic Midwifery: An Integrative Review
Background & aim: Forensic midwifery is a new major which has been established in response to the need of endangered women for forensic services and also the lack of service provision in this domain. However, there are ambiguities in the definition of this major and its scope of practice. The present study was conducted to investigate the scope of practice in forensic ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012