A Recovery Approach for SQLite History Recorders from YAFFS2

Wu, Beibei; Xu, Ming; Zhang, Haiping; Xu, Jian; Ren, Yi; Zheng, Ning

doi:10.1007/978-3-642-36818-9_30

Cited by 15 publications

(16 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…YAFFS is the first file system designed for flash memory. YAFFS2 is the latest version, which is compatible to YAFFS1 and supports greater storage capacity [5]. The other features are listed as below.…”

Section: Yaffs2mentioning

confidence: 99%

See 1 more Smart Citation

Historical Data Recovery from Android Devices

Yang

Sun

2014

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

Abstract. The popularity of Android devices has brought convenience to the life of people. However, it also has brought new information crime. In order to master the evidence of crime, accurate and highly efficient digital forensics technology is urgently needed. Data recovery is an important part of digital forensics. A large number of Android devices use YAFFS2 file system. The traditional file undeletion technology can hardly meet the data recovery requirements of current smart devices. Based on the characteristics of YAFFS2, this paper proposed a data recovery solution and fulfilled a forensics tool named yaffs2_recovery. It not only realized the file undeletion but also recovered the historical data of the files. The experimental results showed that the recovered historical data can provide valuable clues to digital forensics analysis.

show abstract

Section: Yaffs2mentioning

confidence: 99%

“…Consider the following scenario: the file size of message.db is reduced from 100KB to 80KB by file system because of garbage collection. The schemes proposed in [4] or [5] cannot recovery records belong to the reduced 20KB data because they don't exist in message.db any more. For this situation, a recovery scheme is proposed in this paper.…”

Section: Introductionmentioning

confidence: 99%

Historical Data Recovery from Android Devices

Yang

Sun

2014

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

show abstract

“…Accordingly, the corporate IRT plays a central role in investigating the causes for some information security incidents. Basically, digital trails like logs or temporary cache data, which are the decisive probative evidences in some criminal cases [12][13][14]21]. Unfortunately, they are being ignored most of the time because they need digital forensics experts with sophisticated domain knowledge to systematically and technically disclose them.…”

Section: Literature Reviewsmentioning

confidence: 99%

“…Furthermore, the policy violation of corporate computing resources and the associate information security auditing will be a relentless occurring and stringent challenging issue with a plethora of business organizations in the private sectors. Undoubtedly, in the forthcoming future, the pressing necessity of IRT within the corporate and the related digital evidences expertise will be an urgent demand of voluminous organizations [2,17,21].…”

Section: Literature Reviewsmentioning

confidence: 99%

The disclosure of evaporating digital trails respecting the combinations of Gmail and IE for pervasive multimedia

Chu¹,

Yin

Hsu³

et al. 2014

Multimed Tools Appl

View full text Add to dashboard Cite

Unquestionably, the proliferation of mobile devices has dominated the main streams in contemporary ubiquitous wireless networks. Unfortunately, the misappropriating of those state-of-the-art gadgets has resulted in unprecedented information security issues in next generation cyberspace security arena. This paper illustrates the essence of generic procedures to provide the probative digital evidences for a typical Gmail Chat session in connection with the IE browser under different scenarios. When the computer-related information security issues arise with regard to the company, the corporate information incident response team should be able to disclose and preserve the evaporating digital trails following the right procedures to avoid the volatile characteristics in their natures. Furthermore, the design of the experiments of the paper identifies four cases to demonstrate the feasibility, availability, reliability, and traceability among them, which are essential for the corporate information security staffs to seriously consider when mushrooming cyber crimes are unknowingly and hastily burgeoning in an unparalleled manner. The organizations might have to scrutinize the negligible digital trails with cognitive expertise instead of entirely relying on law enforcement Multimed Tools Appl agencies from the public sectors due to the time constraints as well as publicity concerns or the minor computing resource policy violation unwarily occurred by the employees accordingly.

show abstract

“…Even though this method had a high recovery rate and a timeline of operation could be built, it was only applicable to specific applications. Q. Li [5] and B. Wu [6] recovered historical deleted WAL and database files from file system by using the features of file system. The timeline of operations was built successfully.…”

Section: Introductionmentioning

confidence: 99%

A SQLite Recovery Method for Various Primary Key and B+tree Reorganization

Du¹,

Mingjian²

2017

Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016)

View full text Add to dashboard Cite

Abstract. Free blocks and free pages have tremendous forensic potential. Based on analyzing layouts of cells which have different types of keys, the mechanism of deletion and free blocks coalescing, a new recovering method with byte level accuracy is proposed. First, aiming at multiple keys' types and rewriting cases, improved methods mentioned in this study were used to calculate the values of renewed bytes. Then, coalescent free blocks were split dynamically. In addition, deleted data also was extracted from trunk leaf pages because of tree structure and the free page generating principle. The results indicate that the method is suitable for different deleted data. The recovery rate relative to free blocks is over 90% in the case of the integer key. The rate can also archive 89% even if the key is not the integer.

show abstract

A Recovery Approach for SQLite History Recorders from YAFFS2

Cited by 15 publications

References 4 publications

Historical Data Recovery from Android Devices

Historical Data Recovery from Android Devices

The disclosure of evaporating digital trails respecting the combinations of Gmail and IE for pervasive multimedia

A SQLite Recovery Method for Various Primary Key and B+tree Reorganization

Contact Info

Product

Resources

About