不同取证系统对手机微信聊天记录恢复效果的比较分析
Comparative Study on the Effect of Different Forensics Systems in Recovering Deleted Chat Records of Mobile Phone WeChat
范皓杰 1黄益 2于奎栋3
作者信息
- 1. 上海市公安局徐汇分局,上海 200137
- 2. 上海市公安局奉贤分局刑事科学技术研究所,上海 201499
- 3. 上海市公安局物证鉴定中心,上海 200137
- 折叠
摘要
在对新型涉网犯罪的打击过程中,犯罪嫌疑人手机数据的采集是取证的关键环节,而在实战中,手机中存在至关重要线索和证据的微信聊天记录通常会被删除.如何能够快速、高效地恢复犯罪嫌疑人手机中已删除的微信聊天记录,是相关案件侦查过程中面临的亟待解决的问题.本文采用了目前最普遍使用的四款取证系统的最新版本,分别对当下主流的三十余款型号的华为和苹果手机进行微信数据采集,并在第一次采集完成后,对旧系统版本的实验手机进行系统升级后再次采集数据,以此比对分析不同取证系统恢复华为、苹果手机已删除微信聊天记录的效果.本文能为相关案件侦办中取证工具的选择提供参考.
Abstract
In the process of cracking down on new types of network-related crimes,the collection of data from suspects'mobile phones is a key part in obtaining evidence,while in actual cases,the WeChat records in the mobile phone,which have vital clues and evidence,are usually deleted.How to quickly and efficiently restore the deleted WeChat records in the suspects'mobile phones is an urgent problem to be solved in the investigation of related cases.This paper used the latest version of the four most commonly used forensics systems to collect WeChat data twice from more than thirty models of mainstream Huawei and Apple cell phones.The data was collected directly without any operation on the mobile phone,and then the data was collected again after the old version of the operating system was upgraded.In this way,we could compare and analyze the effect of different forensic systems to restore the deleted chat records of Huawei and Apple mobile phones.This paper can provide a reference for the selection of forensic tools in the investigation of related cases.
关键词
电子物证/新型涉网犯罪/取证系统/微信聊天记录/数据恢复Key words
digital forensic/new type of network-related crime/forensics system/WeChat chat records/data recovery引用本文复制引用
基金项目
公安部公安理论软科学研究计划(2021LL17)
教育部人文社会科学研究青年基金(20YJC820016)
出版年
2024
国家科技期刊平台
NSTL
万方数据