期刊名称:International Journal of Hybrid Information Technology
印刷版ISSN:1738-9968
出版年度:2015
卷号:8
期号:3
页码:395-406
DOI:10.14257/ijhit.2015.8.3.36
出版社:SERSC
摘要:As Android-based intelligent devices get more popular, digital technologies for forensic investigation have received increasingly more attention. Among the main technical issues in digital forensics, however, data recovery requires a significant amount of effort. In this paper, we first analyze the characteristics of the NAND flash storage as well as the mechanisms in the YAFFS2 file system. We then propose a file reconstruction method based on timestamps using Tnode trees in the YAFFS2 file system. Based on the last access timestamp information in the object header and the process of creating Tnode tree, the proposed method can be used to locate valid data blocks so as to recover the original files and would thus be able to reconstruct the file system. Experiments conducted under the Linux operating system over image files show that the proposed method could recover the final version of files effectively and would also perform more efficiently compared to similar methods
关键词:Security; Digital Forensics; Data Recovery; YAFFS; Timestamp; Tnode
