A metadata-based method for recovering files and file traces from YAFFS2

Ming Xu; Xue Yang; Beibei Wu; Jun Yao; Haiping Zhang; Jian Xu; Ning Zheng

首页> 外文期刊>Digital investigation >A metadata-based method for recovering files and file traces from YAFFS2

【24h】

A metadata-based method for recovering files and file traces from YAFFS2

机译：从YAFFS2恢复文件和文件跟踪的基于元数据的方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Nowadays, flash memory has drawn much attention of digital investigators, however most of them try to recover the content from logical aspect and few of them pay attention to how those files were created or modified. The deleted and edited contents of a file on the flash chips are commonly related to user behaviors which can be used as digital evidence. In this paper, a method using YAFFS2 metadata to recover files, reconstruct file system, and recover their previous history versions is proposed. The experimental results under Linux operating system show that the proposed method can correctly reconstruct file system, recover file and file traces from YAFFS2; and experiments conducted on physical images of Android phones show that our method can be applied to real scenarios.

机译：如今，闪存已经引起了数字调查人员的广泛关注，但是大多数调查人员都试图从逻辑方面恢复内容，并且很少有人关注这些文件的创建或修改方式。闪存芯片上文件的已删除和已编辑内容通常与可用作数字证据的用户行为有关。本文提出了一种使用YAFFS2元数据恢复文件，重建文件系统以及恢复其以前的历史版本的方法。在Linux操作系统下的实验结果表明，该方法可以正确地重建文件系统，从YAFFS2恢复文件和文件痕迹。在Android手机的物理图像上进行的实验表明，我们的方法可以应用于真实场景。

著录项

来源
《Digital investigation》 |2013年第1期|62-72|共11页
作者
Ming Xu; Xue Yang; Beibei Wu; Jun Yao; Haiping Zhang; Jian Xu; Ning Zheng;
展开▼
作者单位

College of Computer, Hangzhou Dianzi University, Hangzhou 310018, China;

College of Computer, Hangzhou Dianzi University, Hangzhou 310018, China;

College of Computer, Hangzhou Dianzi University, Hangzhou 310018, China;

College of Computer, Hangzhou Dianzi University, Hangzhou 310018, China;

College of Computer, Hangzhou Dianzi University, Hangzhou 310018, China;

College of Computer, Hangzhou Dianzi University, Hangzhou 310018, China;

College of Computer, Hangzhou Dianzi University, Hangzhou 310018, China;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
NAND flash chips; YAFFS2; File traces; Android; Reconstructing; Recovering;

机译：NAND闪存芯片;YAFFS2;文件痕迹;Android;重建;正在恢复;

相似文献

外文文献
中文文献
专利

1. Recovering multiple versions of YAFFS2 files based on Hash and timestamps [J] . Yameng Li, Jingsha He, Na Huang, International Journal of Embedded Systems . 2018,第4期

机译：基于哈希和时间戳恢复多个版本的YAFFS2文件
2. Adaptive tradeoff in metadata-based small file optimizations for a cluster file system [J] . Li X., Dong B., Xiao L., International journal of numerical analysis and modeling . 2012,第2期

机译：集群文件系统中基于元数据的小文件优化中的自适应权衡
3. Status, Comparison, and Issues of Computer-Aided Design Model Data Exchange Methods Based on Standardized Neutral Files and Web Ontology Language File [J] . Yuchu Qin, Wenlong Lu, Qunfen Qi, Journal of Computing and Information Science in Engineering . 2017,第1期

机译：基于标准化中性文件和Web本体语言文件的计算机辅助设计模型数据交换方法的现状，比较和问题
4. File recovering from YAFFS2 Based on Object Headers and Metadata [C] . Xue Yang, Ming Xu, Haiping Zhang International conference on graphic and image processing . 2013

机译：基于对象标头和元数据从YAFFS2恢复文件
5. PFault: A General Methodology for Analyzing the Reliability of High-Performance Parallel File Systems [D] . Cao, Jinrui. 2020

机译：Pfault：用于分析高性能并行文件系统可靠性的一般方法
6. Recovering YAFFS2 Files for Forensic Analysis Based on Timestamps and Tnode Trees [O] . Na Huang, Jingsha He, Bin Zhao, 2015

机译：恢复基于时间戳和Tnode树的法医分析的Yaffs2文件
7. RIME: The Recoverable Item Management Evaluator. Volume II. Section IV. RIME Job Control Language Files. [R] . Demmy, W. S. 1980

机译：RImE：可恢复项目管理评估员。第二卷。第四节RImE作业控制语言文件。

A metadata-based method for recovering files and file traces from YAFFS2

摘要

著录项

相似文献

相关主题

期刊订阅