Abstract
As Android-based intelligent devices get more popular, digital technologies for forensic investigation have received increasingly more attention. Among the main technical issues in digital forensics, however, data recovery requires a significant amount of effort. In this paper, we first analyze the characteristics of the NAND flash storage as well as the mechanisms in the YAFFS2 file system. We then propose a file reconstruction method based on timestamps using Tnode trees in the YAFFS2 file system. Based on the last access timestamp information in the object header and the process of creating Tnode tree, the proposed method can be used to locate valid data blocks so as to recover the original files and would thus be able to reconstruct the file system. Experiments conducted under the Linux operating system over image files show that the proposed method could recover the final version of files effectively and would also perform more efficiently compared to similar methods.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Hybrid Information Technology
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
