CN106446214B - A method of extracting Saipan system message registration data - Google Patents
A method of extracting Saipan system message registration data Download PDFInfo
- Publication number
- CN106446214B CN106446214B CN201610874402.3A CN201610874402A CN106446214B CN 106446214 B CN106446214 B CN 106446214B CN 201610874402 A CN201610874402 A CN 201610874402A CN 106446214 B CN106446214 B CN 106446214B
- Authority
- CN
- China
- Prior art keywords
- contact person
- data
- byte
- name
- data volume
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/33—Querying
- G06F16/3331—Query processing
- G06F16/334—Query execution
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of methods for extracting Saipan system message registration data: extracting cell phone address book storage file;Record name of contact person data volume, communication state data volume, record call time data body, telephone number data body are found in parsing;By all logs of extraction.Beneficial effects of the present invention are as follows: quickly identification Saipan system communication records feature, accurately obtains contact person, telephone number, communication state, call time data, and extraction data accuracy is high, has filled up the vacancy restored for Saipan system communication record data.
Description
Technical field
The present invention relates to field of information security technology, in particular to a kind of side for extracting Saipan system message registration data
Method.
Background technique
With the continuous improvement and expansion of mobile communication technology service provided level and type service, mobile phone increasingly at
For connection tool indispensable in people's Working Life, however at the same time, is swindled, calumniated and forged using mobile phone
Criminal activity is also commonplace.Mobile Phone Forensics are exactly an effective means for hitting this kind of crime.Mobile Phone Forensics in concept
It is exactly set in storage card and Mobile Network Operator database from SIM cards of mobile phones, mobile phone inside/outside and collects, saves from damage and analyze phase
The electronic evidence of pass, and it is final therefrom obtain there is legal effect, can be by the process for the evidence that court is received.It involves at present
There are three types of the criminal offences substantially of mobile phone: first is that serving as liaison work using mobile phone in the implementation process of criminal offence
Tool;Second is that mobile phone is used as a kind of storage media of evidence of crime;A kind of last mode is that mobile phone is taken as short message fraud, short message
The implementation tool of the novel mobile phones criminal activity such as harassing and wrecking and bogusware propagation.These, which are all fully showed that, carries out Mobile Phone Forensics skill
The correlative study of art is for maintaining social stability, guarantee people's equity and behavior of fighting crime with sufficient necessity and greatly
Urgency.
It is very mature for data recovery technique of the intelligence in Mobile Phone Forensics at present, but the Saipan that Nokia company releases
System data has special data structure, and the domestic data reconstruction method for being directed to the structure not yet encounters such mobile phone
Case will be made to have reached an impasse.
Summary of the invention
The present invention in view of the drawbacks of the prior art, provides a kind of method for extracting Saipan system message registration data, energy
Effective solution the above-mentioned problems of the prior art.
A method of extracting Saipan system message registration data, comprising the following steps:
S1: cell phone address book storage file is extracted from the mobile phone EMS memory of Saipan system;
S2: traversal cell phone address book storage file, if finding the log of " 0xE10001F0 " or " 0xE10001E0 "
Feature then executes S3;
S3: 0x08 byte, the latter byte records contact person of the bits of offset are deviated since the log feature
Name byte length;
S4: this number of segment of name of contact person byte length is deviated backward from the byte of record name of contact person byte length
Name of contact person is recorded according to body, records name of contact person data volume;
S5: latter two byte of name of contact person data volume is communication state data volume, records communication state data volume;
S6: latter two byte of communication state data volume is the data volume for recording the air time, records call time data body;
S7: call time data body deviates 0x08 backward and starts until " 0x01 " or " 0x02 " terminates, for phone number yardage
According to body, telephone number data body is recorded;
S8: judging whether it is address list storage file tail portion, if not S2 is then executed since " 0x01 " or " 0x02 ", if
It is to execute S9;
S9: all logs of extraction are sorted according to contact person, telephone number, communication state, air time.
It is accurate to obtain compared with prior art the present invention has the advantages that quickly identification Saipan system communication records feature
Contact person, telephone number, communication state, call time data extract data accuracy height, have filled up for Saipan system communication
Record the vacancy that data are restored.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of one log data of the embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention more comprehensible, by the following examples, to the present invention do into
One step is described in detail.
As shown in Figure 1, a kind of method for extracting Saipan system message registration data, comprising the following steps:
S1: cell phone address book storage file is extracted from the mobile phone EMS memory of Saipan system;
S2: traversal cell phone address book storage file, if finding the log of " 0xE10001F0 " or " 0xE10001E0 "
Feature then executes S3;
S3: 0x08 byte, the latter byte records name of contact person of the bits of offset are deviated since log feature
Byte length;
S4: this number of segment of name of contact person byte length is deviated backward from the byte of record name of contact person byte length
Name of contact person is recorded according to body, records name of contact person data volume;
S5: latter two byte of name of contact person data volume is communication state data volume, if " 0x0200 " expression is answered, if
It is that " 0x0500 " indicates to broadcast, records communication state data volume;
S6: latter two byte of communication state data volume is the data volume for recording the air time, records call time data body;
S7: call time data body deviates 0x08 backward and starts until " 0x01 " or " 0x02 " terminates, for phone number yardage
According to body, telephone number data body is recorded;
S8:S2 to S7 is a log, to traverse entire address list storage file and need to repeat S2 to S7, directly
To traversing all address list storage files, so need exist for judging whether it is address list storage file tail portion, if not then from
" 0x01 " or " 0x02 " starts to execute S2, if so then execute S9;
S9: all logs of extraction are sorted according to contact person, telephone number, communication state, air time, convenient
It consults.
Understand that system communication interrecord structure in Saipan of the present invention understands in combination with Fig. 1 and above-mentioned steps in order to clearer.
Those of ordinary skill in the art will understand that the embodiments described herein, which is to help reader, understands this hair
Bright implementation method, it should be understood that protection scope of the present invention is not limited to such specific embodiments and embodiments.Ability
The those of ordinary skill in domain disclosed the technical disclosures can make its various for not departing from essence of the invention according to the present invention
Its various specific variations and combinations, these variations and combinations are still within the scope of the present invention.
Claims (1)
1. a kind of method for extracting Saipan system message registration data, it is characterised in that the following steps are included:
S1: cell phone address book storage file is extracted from the mobile phone EMS memory of Saipan system;
S2: traversal cell phone address book storage file, if finding the log feature of " 0xE10001F0 " or " 0xE10001E0 ",
Then execute S3;
S3: 0x08 byte, the latter byte records name of contact person of the bits of offset are deviated since the log feature
Byte length;
S4: this segment data body of name of contact person byte length is deviated backward from the byte of record name of contact person byte length
Name of contact person is recorded, name of contact person data volume is recorded;
S5: latter two byte of name of contact person data volume is communication state data volume, records communication state data volume;
S6: latter two byte of communication state data volume is the data volume for recording the air time, records call time data body;
S7: call time data body deviates 0x08 backward and starts to terminate up to " 0x01 " or " 0x02 ", is telephone number data body,
Record telephone number data body;
S8: judging whether it is address list storage file tail portion, if not S2 is then executed since " 0x01 " or " 0x02 ", if holding
Row S9;
S9: all logs of extraction are sorted according to contact person, telephone number, communication state, air time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610874402.3A CN106446214B (en) | 2016-10-08 | 2016-10-08 | A method of extracting Saipan system message registration data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610874402.3A CN106446214B (en) | 2016-10-08 | 2016-10-08 | A method of extracting Saipan system message registration data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106446214A CN106446214A (en) | 2017-02-22 |
CN106446214B true CN106446214B (en) | 2019-12-03 |
Family
ID=58171603
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610874402.3A Active CN106446214B (en) | 2016-10-08 | 2016-10-08 | A method of extracting Saipan system message registration data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106446214B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107391305B (en) * | 2017-07-26 | 2020-01-03 | 四川秘无痕科技有限责任公司 | Method for analyzing word stock of spread message CPU mobile phone and recovering deleted information |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103595845A (en) * | 2012-08-16 | 2014-02-19 | 中兴通讯股份有限公司 | Method of storing communication record in subscriber identity module/user identity model (SIM/UIM), apparatus and terminal thereof |
CN105760518A (en) * | 2016-02-29 | 2016-07-13 | 四川秘无痕信息安全技术有限责任公司 | Method for accurately detecting data of Android WeChat friend circle |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010085551A2 (en) * | 2009-01-23 | 2010-07-29 | Aquilonis, Inc. | Systems and methods for managing mobile communications |
-
2016
- 2016-10-08 CN CN201610874402.3A patent/CN106446214B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103595845A (en) * | 2012-08-16 | 2014-02-19 | 中兴通讯股份有限公司 | Method of storing communication record in subscriber identity module/user identity model (SIM/UIM), apparatus and terminal thereof |
CN105760518A (en) * | 2016-02-29 | 2016-07-13 | 四川秘无痕信息安全技术有限责任公司 | Method for accurately detecting data of Android WeChat friend circle |
Non-Patent Citations (1)
Title |
---|
基于Symbian S60平台的手机取证技术研究;周靖哲 等;《警察技术》;20151231;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN106446214A (en) | 2017-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103428164B (en) | User social network relationship division method and system | |
CN103473507B (en) | A kind of Android malicious code detecting method | |
EP3214861A1 (en) | Method, device and system for detecting fraudulent user | |
WO2016082568A1 (en) | Short message safe processing method and apparatus | |
CN103064764A (en) | Evidence obtaining method capable of rapidly recovering messages deleted by Android mobile phone | |
CN103916541A (en) | Automatic record eliminating method and mobile terminal | |
CN104935735A (en) | Information deletion method and information deletion system | |
CN104283918A (en) | Method and system for obtaining wireless local area network (WLAN) terminal types | |
CN104023110A (en) | Voiceprint recognition-based caller management method and mobile terminal | |
CN106331390A (en) | Method and system for identifying fraud number based on call data | |
WO2016029781A1 (en) | Method and device for switching sim cards of communication terminal and computer storage medium | |
CN104410973A (en) | Recognition method and system for tape played phone fraud | |
US20180039767A1 (en) | Voiceprint-recognition-based security protection method and device | |
CN110609908A (en) | Case serial-parallel method and device | |
CN104021217A (en) | System and method for extracting fragment file and deleted file of mobile phone | |
CN106446214B (en) | A method of extracting Saipan system message registration data | |
CN106790950A (en) | The recognition methods of malicious call and device | |
CN106357938A (en) | Caller ID (identification) processing method and caller ID processing device | |
CN101998697B (en) | Method and device for identifying user card | |
CN112055356A (en) | Abnormal telephone number identification method, device, equipment and readable storage medium | |
CN102256255A (en) | Detection method for parallel-used-card proof based on time and geographic location collisions | |
CN106453780B (en) | A method of extracting Saipan interconnection personal data | |
CN106982284A (en) | The recognition methods of harassing call number and device | |
CN106339280B (en) | A method of recombination spreadtrum system data | |
CN106101193B (en) | Information backup method, terminal equipment, operator server and backup system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 641000 Sichuan province Neijiang City Songshan Road No. 253 Applicant after: Sichuan Miwu Traceless Science and Technology Co., Ltd. Address before: 641000 Sichuan province Neijiang City Songshan Road No. 253 Applicant before: SICHUAN MWH INFORMATION SAFETY TECHNOLOGY CO., LTD. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |