請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/53713完整後設資料紀錄
| DC 欄位 | 值 | 語言 |
|---|---|---|
| dc.contributor.advisor | 王勝德(Sheng-De Wang) | |
| dc.contributor.author | Ruei-Bao Wu | en |
| dc.contributor.author | 吳瑞寶 | zh_TW |
| dc.date.accessioned | 2021-06-16T02:28:08Z | - |
| dc.date.issued | 2015 | |
| dc.date.submitted | 2015-08-03 | |
| dc.identifier.citation | [1]Wikipedia-LINE application. [Online]. http://en.wikipedia.org/wiki/Line_%28application%29
[2]App Annie Index–The Top App Trends of 2014. [Online]. http://blog.appannie.com/app-annie-index-retrospective-2014/ [3]Neha S Thakur, 'Forensic Analysis of WhatsApp on Android Smartphones,' Computer Science Information Assurance, University of New Orleans, Master Thesis 2013. [4]Cosimo Anglano, 'Forensic analysis of WhatsApp Messenger on Android smartphones,' Digital Investigation, vol. 11, no. 3, pp. 201–213, September 2014. [5]Aditya Dahiya, Ms Sanghvi, Hp Mahajan, 'Forensic Analysis of Instant Messenger Applications on Android Devices,' International Journal of Computer Applications, vol. 68, no. 8, pp. 38-44, April 2013. [6]Mohammed I Forihat, Yahya A Al-saleh, 'Skype Forensics in Android Devices,' International Journal of Computer Applications, vol. 78, no. 7, pp. 38-44, September 2013. [7]Wikipedia-ChatON. [Online]. http://en.wikipedia.org/wiki/ChatON [8]A., Marrington, A., & Baggili, I. Iqbal, 'Forensic artifacts of ChatON Instant Messaging application,' in Systematic Approaches to Digital Forensic Engineering (SADFE), 2013, pp. 1-6. [9]A. P. Heriyanto, 'Procedures And Tools For Acquisition And Analysis Of Volatile Memory On Android Smartphones,' in 11th Australian Digital Forensics Conference, Perth, 2013. [10]LiME-Linux Memory Extractor. [Online]. https://github.com/504ensicslabs/lime [11]Volatility framework. [Online]. http://www.volatilityfoundation.org/ [12]Macht, H. D., 'Thesis, Live Memory Forensics on Android with Volatility,' Department of Computer Science, Friedrich-Alexander University Erlangen-Nuremberg, Master Thesis Jan. 2013. [13]Dario Schwab Alex Joss, 'Android Memory Forensik – Automatisierte Memory-Analyse von Android Apps (automated memory Analysis of Android Apps),' Bachelor thesis 2013. [14]A., Sícoli, F., Melo, L., Deus, F., & Sousa Júnior, R. Simão, 'Acquisition and Analysis of Digital Evidence in Android Smartphones,' The International Journal of Forensic Computer Science, vol. 6, no. 1, December 2011. [15]Mubarak AlShidhani, Ali Al-Hadadi, 'Smartphone Forensics Analysis: A Case Study,' International Journal of Computer and Electrical Engineering, vol. 5, no. 6, pp. 576-580, December 2013. [16]Rodney McKemmish, 'When is digital evidence forensically sound?,' IFIP International Federation for Information Processing, vol. 285, pp. 3-15, 2008. [17]Wikipedia-DEFLATE algorithm. [Online]. http://en.wikipedia.org/wiki/DEFLATE [18]Android Backup Extractor. [Online]. http://adbextractor.sourceforge.net/ [19]LiME README.md. [Online]. https://github.com/504ensicsLabs/LiME/blob/master/doc/README.md [20]Sqlitebrowser. [Online]. http://sqlitebrowser.org/ [21]Wikipedia-Unix time. [Online]. http://en.wikipedia.org/wiki/Unix_time [22]MD5 online decoder. [Online]. http://www.md5online.org/ [23]LINE decryption tool on github. [Online]. https://github.com/rainbowu/thesis_tool | |
| dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/53713 | - |
| dc.description.abstract | 隨著Android平台手機的使用越來越普及,嫌犯使用Android手機做為犯罪工具的情況也越來越多。Android平台手機鑑識主要在探討手機內對偵查有幫助的資料。在現階段行動通訊軟體普及的情況下,不管是罪犯或是受害者都有很大的機會使用行動通訊軟體。在這個研究中,著重在熱門行動通訊軟體-LINE,並以幫助鑑識人員做為動機,希望透過了解LINE內部資料結構與存放位置,進而從LINE上找尋出對有用的證據。本文探討兩大關鍵資料可能的所在地,分別是儲存裝置(NAND flash)與記憶體(RAM),除此之外,透過記憶體分析的結果呈現了LINE資料庫部分欄位的加密方式,應用記憶體分析的結果我們實作出一個解密工具,其解密對象為LINE資料庫中的加密欄位,透過此工具將可幫助鑑識人員迅速解密出有用的資料,例如:LINE內部鎖密碼與LINE註冊用的手機號碼等。 | zh_TW |
| dc.description.abstract | Android forensics deals with the investigation of evidences found on Android devices. Instant messaging applications are ubiquitous in mobile devices, which allow users to exchange instant messages, files, and images. In this study, we focus on one such instant messenger called 'LINE', a popular social communication application. The aim of this work is to help analysts determine the data and information that can be found in LINE. Our focus is on the extraction and analysis of valuable data in both the external storage and the volatile memory (RAM) on Android devices. We develop an online tool to help analysts decrypt valuable information from the encrypted LINE database. | en |
| dc.description.provenance | Made available in DSpace on 2021-06-16T02:28:08Z (GMT). No. of bitstreams: 1 ntu-104-R02921093-1.pdf: 2470144 bytes, checksum: 8d359004199da46fb6de2b7dddf098a0 (MD5) Previous issue date: 2015 | en |
| dc.description.tableofcontents | 中文摘要 i
ABSTRACT ii CONTENTS iii LIST OF FIGURES vi LIST OF TABLES vii Chapter 1 Introduction 1 1.1 Introduction and motivation 1 1.2 Why LINE forensic? 1 1.3 Contribution 2 Chapter 2 Related Work 4 2.1 Variety of Target messenger 4 2.1.1 WhatsApp messenger 4 2.1.2 Skype messenger 5 2.1.3 ChatON messenger 5 2.2 Forensic analytic method 5 2.2.1 Volatile memory analytic method 5 2.2.2 Non-Volatile memory analytic method 6 Chapter 3 Methodology 7 3.1 Non-volatile memory analysis 7 3.1.1 Prerequisites 7 3.1.2 ADB-backup format and Extraction Tools 8 3.1.3 Acquisition Process 8 3.2 Volatile memory (RAM) analysis 10 3.2.1 Extraction tools - LiME 10 3.2.2 Analysis tools - Volatility 11 3.2.3 Prerequisite 12 3.2.4 Acquisition process 12 Chapter 4 LINE forensic artifact examination and decryption tool 15 4.1 Artifacts Found in Non-volatile memory analysis 15 4.1.1 Analysis of LINE contact 16 4.1.2 Analysis of chat history 17 4.1.3 Analysis of target’s phone number 18 4.1.4 Analysis of LINE internal lock password 18 4.1.5 Analysis of LINE last access time 19 4.2 Artifacts Found in volatile memory analysis methodology 19 4.2.1 Exchanged messages found in volatile memory 20 4.2.2 Analysis of encryption data 21 4.3 Implementation of LINE database decryption tool 22 Chapter 5 Experiments and results 24 5.1 Testing equipment and environment setup 24 5.2 Testing and Results 25 Chapter 6 Conclusions and Future Work 28 Chapter 7 Reference 30 Appendix A. Volatile Memory Analytic Prerequisite 33 A.1 Download Android SDK and NDK 33 A.2 Create an AVD(Android Virtual Devices) 33 A.3 Download and cross compile Android kernel 34 A.4 Download and cross compile LiME 35 A.5 Download and build a Volatility profile 36 | |
| dc.language.iso | en | |
| dc.subject | 軟體安全 | zh_TW |
| dc.subject | 手機鑑識 | zh_TW |
| dc.subject | Android鑑識 | zh_TW |
| dc.subject | 通訊軟體 | zh_TW |
| dc.subject | LINE | zh_TW |
| dc.subject | LINE | en |
| dc.subject | Android Forensic | en |
| dc.subject | Mobile Forensic | en |
| dc.subject | Instant Messenger | en |
| dc.subject | Application Security | en |
| dc.title | 以開源軟體對通訊軟體-LINE之鑑識分析 | zh_TW |
| dc.title | Forensic Analysis of LINE Messenger with Open-Source Tools | en |
| dc.type | Thesis | |
| dc.date.schoolyear | 103-2 | |
| dc.description.degree | 碩士 | |
| dc.contributor.oralexamcommittee | 于天立(Tian-Li Yu),鄧惟中(Wei-Chung Teng) | |
| dc.subject.keyword | 手機鑑識,Android鑑識,通訊軟體,LINE,軟體安全, | zh_TW |
| dc.subject.keyword | Android Forensic,Mobile Forensic,Instant Messenger,LINE,Application Security, | en |
| dc.relation.page | 37 | |
| dc.rights.note | 有償授權 | |
| dc.date.accepted | 2015-08-03 | |
| dc.contributor.author-college | 電機資訊學院 | zh_TW |
| dc.contributor.author-dept | 電機工程學研究所 | zh_TW |
| 顯示於系所單位: | 電機工程學系 | |
文件中的檔案:
| 檔案 | 大小 | 格式 | |
|---|---|---|---|
| ntu-104-1.pdf 未授權公開取用 | 2.41 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。