Open Access  Subscription Access

智慧型行動裝置已廣泛應用於各個層面，也成為大眾日常生活中不可或缺的數位裝置之一，而運行在這些行動裝置上的行動作業系統(mobile operating system)目前以Android 市占率最高。Android 行動作業系統除了可安裝於實體行動裝置外，市面上亦可����現為數不少的Android 仿真器(emulator)存在，使用者可將各種應用程式(APP)安裝於此類仿真器中，即可便捷使用，有心犯罪者如以Android 仿真器安裝無線檔案傳送(Wifi file transfer)之應用程式竊取機密檔案或使用具有資訊隱藏術(Steganography)之應用程式以傳遞犯罪訊息規避犯罪調查時，如何分析與解譯在仿真器中所存在的犯罪訊息紀錄，將成為數位犯罪調查作業之必要鑑識作為。數位鑑識人員於數位證據鑑識分析作業中，如何確認犯罪者安裝在實體機器上Android 仿真器及解譯應用程式之內部資訊，實為數位鑑識作業之一大挑戰。本篇研究旨在探討如何應用數位鑑識實務作業中之數位鑑識工具及鑑識程序，對市面上數種常見之Android 仿真器安裝無線檔案傳送及資訊隱藏應用程式進行鑑識分析，整理及歸納出可用於數位鑑識作業之鑑識項目與應用程式特徵值，以協助數位鑑識人員於實務上可參用之鑑識方法。Mobile devices have been become a very popular and indispensable tool in daily life and work. Android is currently the number one mobile phone platform with highest market share. Android OS can be installed in the mobile devices and Android emulator. Users can download any kind of application to install on Android emulator. Several criminals use WiFi file transfer program on Android emulator or Steganographic techniques as tools to deliver criminal data. Traces and evidence left by these programs can be held on mobile phones and retrieving those potential evidences with right forensic technique is strongly required. In this paper, we focus on conducting forensic data analysis of 2 widely used applications on Android emulator: WiFi file transfer program and Steganographic technique.

虛擬行動裝置; Android仿真器鑑識; 反鑑識; 無線檔案傳輸程式鑑識; 資訊隱藏程式鑑識; Virtual mobile device; Android emulator; Anti-forensics; WiFi file transfer program; Steganographic technique