CN106788999B - WeChat evidence obtaining method and system based on data collision - Google Patents

WeChat evidence obtaining method and system based on data collision Download PDF

Info

Publication number
CN106788999B
CN106788999B CN201611131930.6A CN201611131930A CN106788999B CN 106788999 B CN106788999 B CN 106788999B CN 201611131930 A CN201611131930 A CN 201611131930A CN 106788999 B CN106788999 B CN 106788999B
Authority
CN
China
Prior art keywords
character string
collision
wechat
user
evidence obtaining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611131930.6A
Other languages
Chinese (zh)
Other versions
CN106788999A (en
Inventor
操家庆
桂坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lanzhou Zhonghe Technology Co.,Ltd.
Original Assignee
Wuhan Zrtz Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Zrtz Information Technology Co ltd filed Critical Wuhan Zrtz Information Technology Co ltd
Priority to CN201611131930.6A priority Critical patent/CN106788999B/en
Publication of CN106788999A publication Critical patent/CN106788999A/en
Application granted granted Critical
Publication of CN106788999B publication Critical patent/CN106788999B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a WeChat evidence obtaining method and a WeChat evidence obtaining system based on data collision, wherein the method comprises the steps of establishing a collision database, encrypting a user WeChat code UID, and storing a first encrypted character string obtained after encryption in the collision database as a local file directory name; inquiring a local file directory name to be forensics in a collision database, and acquiring a user micro-signal code UID to be corresponding; and generating an AES decryption secret key according to the acquired user micro-signal code UID, and decrypting the encrypted file of the micro-signal through the AES decryption secret key to finish the micro-signal evidence obtaining. The invention completely establishes the mapping relation between the local data of the WeChat and the user UID through the collision database by utilizing the correlation between the local data of the WeChat and the user UID, can conveniently decrypt the encrypted file of the WeChat, realizes the evidence obtaining of the WeChat, can accurately obtain each user micro-signal code UID when a plurality of WeChat account numbers log in simultaneously, and performs targeted decryption, and has extremely high safety.

Description

WeChat evidence obtaining method and system based on data collision
Technical Field
The invention relates to the technical field of data encryption and decryption, in particular to a WeChat evidence obtaining method and system based on data collision.
Background
According to a traditional mobile phone evidence obtaining analysis system, an extracted WeChat local file is decrypted, a UID of a WeChat user is obtained by analyzing a field of a cache file, and then a decryption key is obtained by transformation according to the UID and the like, so that decryption is achieved. However, when the user UID is unknown or a plurality of micro signals are logged in by the same mobile phone, the user UID cannot be acquired and analyzed, or the user UID corresponding to the local file cannot be identified, and further the micro-credit data cannot be analyzed and evidence obtained. In order to overcome the technical defects, a mapping relation between the local user data and the user data information in the server database needs to be established, so that decryption operation is conveniently completed to achieve wechat evidence obtaining.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method and a system for obtaining evidence of WeChat based on data collision, aiming at the defects of the prior art.
The technical scheme for solving the technical problems is as follows:
according to one aspect of the invention, a WeChat evidence obtaining method based on data collision is provided, and comprises the following steps:
step 1: creating a collision database, encrypting a user micro-signal code UID, and storing a first encrypted character string obtained after encryption in the collision database as a local file directory name;
step 2: inquiring the directory name of the local file to be subjected to evidence obtaining in the collision database, and obtaining a user micro-signal code UID corresponding to the directory name of the local file to be subjected to evidence obtaining;
and step 3: and generating an AES decryption secret key according to the acquired user micro-signal code UID, and decrypting the encrypted file of the micro-signal through the AES decryption secret key to finish the obtaining of the evidence of the micro-signal.
According to the WeChat evidence obtaining method based on data collision, the mapping relation between the local data of the WeChat and the user UID is completely established through the collision database by utilizing the correlation between the local data of the WeChat and the user UID, the encrypted file of the WeChat can be conveniently decrypted, the WeChat evidence obtaining is realized, meanwhile, when a plurality of WeChat account numbers log in simultaneously, each user WeChat code UID can be accurately obtained, the targeted decryption is carried out, and the safety is extremely high.
According to another aspect of the invention, a WeChat forensics system based on data collision is provided and comprises a creating module, an encryption module, a query module and a decryption module. The creating module is used for creating a collision database; the encryption module is used for encrypting a user micro-signal code UID and storing a first encrypted character string obtained after encryption in the collision database as a local file directory name; the query module is used for querying the local file directory name to be forensics in the collision database and acquiring a user micro-signal number UID corresponding to the local file directory name to be forensics; the decryption module is used for generating an AES decryption secret key according to the acquired user WeChat code UID, decrypting the local file through the AES decryption secret key and completing WeChat evidence obtaining.
According to the WeChat evidence obtaining system based on data collision, the user WeChat code UID can be encrypted through the encryption module and stored in the collision database, the mapping relation between the user local data and the user WeChat code UID is established, the directory name of the local file to be obtained evidence is input in the query module, and the encrypted file of the WeChat can be decrypted through the decryption module, so that the WeChat evidence obtaining is realized.
Drawings
FIG. 1 is a schematic flow chart of a WeChat evidence-obtaining method based on data collision according to the present invention;
fig. 2 is a schematic structural diagram of a WeChat evidence obtaining system based on data collision according to the present invention.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, which are set forth by way of illustration only and are not intended to limit the scope of the invention.
Embodiment one, a WeChat evidence obtaining method based on data collision. A method for obtaining evidence of WeChat based on data collision according to this embodiment will be described in detail with reference to fig. 1.
As shown in fig. 1, a WeChat evidence obtaining method based on data collision includes the following steps:
step 1: creating a collision database, encrypting a user micro-signal code UID, and storing a first encrypted character string obtained after encryption in the collision database as a local file directory name;
step 2: inquiring the directory name of the local file to be subjected to evidence obtaining in the collision database, and obtaining a user micro-signal code UID corresponding to the directory name of the local file to be subjected to evidence obtaining;
and step 3: and generating an AES decryption secret key according to the acquired user micro-signal code UID, and decrypting the encrypted file of the micro-signal through the AES decryption secret key to finish the obtaining of the evidence of the micro-signal.
In this embodiment, in step 1, the encrypting the user micro-signal code UID is specifically implemented as: splicing a preset characteristic character string and a user micro-signal code UID to form a first character string, and carrying out encryption operation on the first character string to obtain a first encrypted character string; and the number of bits of the user micro signal code UID does not exceed the number of bits of the first encryption character string. Through the method, the micro signal code UID can be effectively encrypted, and the encrypted first encrypted character string is stored in the collision database as a local file directory name, so that subsequent searching is facilitated.
In the invention, the characteristic character string is a universal characteristic character string 'mm' in WeChat, so that the identification is convenient, and the first character string is effectively identified.
Preferably, in the step 1, the first character string is encrypted according to a preset database table as follows;
wxmd5(wxno varchar,md5char);
wherein wxno represents the first character string, varchar represents that the first character string is of a fixed-length data type, md5 represents encryption operation, char represents that md5 encryption operation is of a variable-length data type, and wxmd5 represents the first encrypted character string obtained by performing md5 encryption operation on the first character string.
The one-to-one mapping relation between the first encryption character string and the first character string can be established through the database table, namely the mapping relation between the user micro-signal code UID and the local file directory name is established, so that during subsequent searching, the corresponding user micro-signal code UID can be conveniently obtained through the local file directory name to be proved, decryption is rapidly achieved, and meanwhile, the data security is improved.
Preferably, after the collision database is created, the collision database is further divided to obtain a plurality of collision sub-databases, and the first encrypted character string is generated and then stored in one of the collision sub-databases. Since the volume of the collision database is very large, each bit may have a value of 0 to 9, and a "-" character, in terms of the length of 11 digits, the total volume of data is over 200 billion by final enumeration. Therefore, the efficiency is very low during storage and retrieval, the corresponding speed is very low, and the collision database is divided, so that the data can be conveniently stored in different collision sub-databases, and the searching is very convenient.
Preferably, the partitioning of the collision database according to the encryption operation is implemented as: partitioning the collision database into m according to the first n bits of the first character stringnThe collision sub-databases store the first n bits of the first encrypted character string into the corresponding collision sub-databases; wherein m represents a carry of the first string. By the method, the collision database can be divided into the collision sub-databases with the number matched with that of the collision sub-databases according to the data volume of the first character string, and the collision sub-databases are divided through the first n bits of the first character string, so that the corresponding collision sub-databases can be quickly and accurately found during storage or retrieval, and the corresponding speed is extremely high.
Preferably, the first character string is 16-ary, the first 2 bits of the first character string are taken to divide the collision database into 256 collision sub-databases of 00-FF, and the corresponding speed of millisecond level can be achieved in practice.
In this embodiment, in step 2, the specific implementation of obtaining the user micro-signaling number UID corresponding to the directory name of the local file to be forensics is as follows: inquiring the directory name of the local file to be subjected to evidence obtaining in the collision database, and carrying out decryption operation on the directory name of the local file to be subjected to evidence obtaining to obtain a user micro-signal number UID; wherein the decryption operation and the encryption operation are inverse operations. By the method, the user micro-signal code UID can be directly and quickly obtained according to the local file directory name to be subjected to evidence obtaining during searching, decryption of the encrypted file corresponding to the user micro-signal can be conveniently achieved according to the user micro-signal code UID subsequently, the security is good, the decryption operation and the encryption operation are inverse operations, errors cannot occur, and data accuracy is guaranteed.
In this embodiment, the specific implementation of generating the decryption key in step 3 is as follows:
step 31: reading a corresponding user IMEI value in the local cache file according to the user micro-signal code UID;
step 32: calling an AES decryption key function, and generating an AES decryption key according to the user micro-signal code UID and the user IMEI value;
step 33: and calling an AES decryption function, and circularly reading the encrypted file of the WeChat according to the AES decryption secret key to realize the evidence obtaining of the WeChat.
According to the mode, the AES decryption secret key can be generated according to the user WeChat code UID, and the WeChat encryption file corresponding to the user is decrypted according to the AES decryption secret key, so that the method is quick and convenient, the safety performance is high, and the decryption is not easy.
Specifically, in the present invention, the AES decryption key function uses a PKCS5_ PBKDF2_ HMAC _ SHA1 function in the openssl function, and the AES decryption function uses an AES _ cbc _ encrypt decryption function.
Preferably, in the step 32, the specific implementation of generating the decryption key according to the user micro-signal code UID and the user IMEI value is as follows:
step 321: splicing the user micro-signal code UID and the corresponding user IMEI value to form a second character string;
step 322: performing the encryption operation on the second character string to obtain a second encrypted character string;
step 323: and calling an AES decryption key function, and generating a corresponding AES decryption key according to the second encryption character string.
The user micro-signal code UID and the corresponding user IMEI value are spliced, the spliced second character string is subjected to encryption operation to obtain a second encrypted character string, and an AES decryption key function is used for obtaining an AES decryption key, so that the encryption security level is further improved, and the data security is enhanced.
According to the WeChat evidence obtaining method based on data collision, the mapping relation between the local data of the WeChat and the user UID is completely established through the collision database by utilizing the correlation between the local data of the WeChat and the user UID, the encrypted file of the WeChat can be conveniently decrypted, the WeChat evidence obtaining is realized, meanwhile, when a plurality of WeChat account numbers log in simultaneously, each user WeChat code UID can be accurately obtained, the targeted decryption is carried out, and the safety is extremely high.
Embodiment two, a little letter system of collecting evidence based on data collision. A data collision-based wechat forensic system of the present embodiment will be described in detail with reference to fig. 2.
As shown in fig. 2, a WeChat evidence obtaining system based on data collision includes a creating module, an encrypting module, an inquiring module and a decrypting module. The creating module is used for creating a collision database; the encryption module is used for encrypting a user micro-signal code UID and storing a first encrypted character string obtained after encryption in the collision database as a local file directory name; the query module is used for querying the local file directory name to be forensics in the collision database and acquiring a user micro-signal number UID corresponding to the local file directory name to be forensics; the decryption module is used for generating an AES decryption secret key according to the acquired user WeChat code UID, decrypting the local file through the AES decryption secret key and completing WeChat evidence obtaining.
In this embodiment, the encryption module splices a preset characteristic character string and a user micro-signal code UID to form a first character string, and performs encryption operation on the first character string to obtain a first encrypted character string; and the number of bits of the user micro signal code UID does not exceed the number of bits of the first encryption character string. Therefore, the micro signal code UID can be effectively encrypted, and the encrypted first encrypted character string is stored in the collision database as a local file directory name, so that subsequent searching is facilitated.
Preferably, the encryption module encrypts the first character string according to a preset database table as follows;
wxmd5(wxno varchar,md5 char);
wherein wxno represents the first character string, md5 is encryption operation, and wxmd5 is the first encrypted character string obtained by performing md5 encryption operation on the first character string. The one-to-one mapping relation between the first encryption character string and the first character string can be established through the database table, namely the mapping relation between the user micro-signal code UID and the local file directory name is established, so that during subsequent searching, the corresponding user micro-signal code UID can be conveniently obtained through the local file directory name to be proved, decryption is rapidly achieved, and meanwhile, the data security is improved.
Preferably, after the creating module creates the collision database, the creating module further divides the collision database to obtain a plurality of collision sub-databases, and stores the first encrypted character string into one of the collision sub-databases after the first encrypted character string is generated. Since the volume of the collision database is very large, each bit may have a value of 0 to 9, and a "-" character, in terms of the length of 11 digits, the total volume of data is over 200 billion by final enumeration. Therefore, the efficiency is very low during storage and retrieval, the corresponding speed is very low, and the collision database is divided, so that the data can be conveniently stored in different collision sub-databases, and the searching is very convenient.
Preferably, the creating module partitions the collision database according to the encryption operation by specifically implementing: partitioning the collision database into m according to the first n bits of the first character stringnThe collision sub-databases store the first n bits of the first encrypted character string into the corresponding collision sub-databases; wherein m represents a carry of the first string. Therefore, the collision database can be divided into collision sub-databases with the number matched with that of the collision sub-databases according to the data volume of the first character string, and the collision sub-databases are divided through the first n bits of the first character string, so that the corresponding collision sub-databases can be quickly and accurately found during storage or retrieval, and the corresponding speed is extremely high.
In this embodiment, the query module queries the directory name of the local file to be forensics in the collision database, and performs decryption operation on the directory name of the local file to be forensics to obtain a user micro-signal number UID; wherein the decryption operation and the encryption operation are inverse operations.
In this embodiment, the decryption module reads a corresponding user IMEI value in the local cache file according to the user micro-signal code UID; then, an AES decryption key function is called, and an AES decryption key is generated according to the user micro-signal code UID and the user IMEI value; and finally, calling an AES decryption function, and circularly reading the encrypted file of the WeChat according to the AES decryption secret key to realize the evidence obtaining of the WeChat. Therefore, the AES decryption secret key can be generated according to the user WeChat code UID, and the WeChat encryption file corresponding to the user is decrypted according to the AES decryption secret key, so that the method is quick and convenient, and the security performance is extremely high, and the decryption is not easy.
Preferably, the decryption module splices the user micro-signal code UID and the corresponding user IMEI value, and performs encryption operation on the obtained second character string to obtain a second encrypted character string; and calling an AES decryption key function, and generating a corresponding AES decryption key according to the second encryption character string. The user micro-signal code UID and the corresponding user IMEI value are spliced, the spliced second character string is subjected to encryption operation to obtain a second encrypted character string, and an AES decryption key function is used for obtaining an AES decryption key, so that the encryption security level is further improved, and the data security is enhanced.
According to the WeChat evidence obtaining system based on data collision, the user WeChat code UID can be encrypted through the encryption module and stored in the collision database, the mapping relation between the user local data and the user WeChat code UID is established, the directory name of the local file to be obtained evidence is input in the query module, and the encrypted file of the WeChat can be decrypted through the decryption module, so that the WeChat evidence obtaining is realized.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (9)

1. A WeChat evidence obtaining method based on data collision is characterized by comprising the following steps:
step 1: creating a collision database, encrypting a user micro-signal code UID, and storing a first encrypted character string obtained after encryption in the collision database as a local file directory name;
step 2: inquiring the directory name of the local file to be subjected to evidence obtaining in the collision database, and obtaining a user micro-signal code UID corresponding to the directory name of the local file to be subjected to evidence obtaining;
and step 3: generating an AES decryption secret key according to the acquired user micro-signal code UID, and decrypting the encrypted file of the micro-signal through the AES decryption secret key to finish the evidence obtaining of the micro-signal;
in the step 1, the specific implementation of encrypting the user micro-signal code UID is as follows: splicing a preset characteristic character string and a user micro-signal code UID to form a first character string, and carrying out encryption operation on the first character string to obtain a first encrypted character string;
and the number of bits of the user micro signal code UID does not exceed the number of bits of the first encryption character string.
2. The WeChat evidence obtaining method based on data collision as claimed in claim 1, wherein: in the step 1, encrypting the first character string according to a preset database table as follows;
wxmd5(wxno varchar,md5 char);
wherein wxno represents the first character string, varchar represents that the first character string is of a fixed-length data type, md5 represents encryption operation, char represents that md5 encryption operation is of a variable-length data type, and wxmd5 represents the first encrypted character string obtained by performing md5 encryption operation on the first character string.
3. The WeChat evidence obtaining method based on data collision as claimed in claim 1, wherein: after the collision database is created, the collision database is further divided to obtain a plurality of collision sub-databases, and the first encryption character string is generated and then stored in one of the collision sub-databases.
4. The WeChat evidence obtaining method based on data collision as claimed in claim 3, wherein: according toThe specific implementation of the encryption operation on the collision database partition is as follows: partitioning the collision database into m according to the first n bits of the first character stringnThe collision sub-databases store the first n bits of the first encrypted character string into the corresponding collision sub-databases;
wherein m represents a carry of the first string.
5. The WeChat evidence obtaining method based on data collision according to claim 1, wherein in the step 2, the obtaining of the user WeChat signal code UID corresponding to the directory name of the local file to be evidence obtained is specifically realized as follows: inquiring the directory name of the local file to be subjected to evidence obtaining in the collision database, and carrying out decryption operation on the directory name of the local file to be subjected to evidence obtaining to obtain a user micro-signal number UID;
wherein the decryption operation and the encryption operation are inverse operations.
6. The WeChat evidence obtaining method based on data collision according to any one of claims 1 to 5, characterized in that the generation of the decryption key in step 3 is implemented as follows:
step 31: reading a corresponding user IMEI value in the local cache file according to the user micro-signal code UID;
step 32: calling an AES decryption key function, and generating an AES decryption key according to the user micro-signal code UID and the user IMEI value;
step 33: and calling an AES decryption function, and circularly reading the encrypted file of the WeChat according to the AES decryption secret key to realize the evidence obtaining of the WeChat.
7. The WeChat evidence obtaining method based on data collision according to claim 6, wherein in the step 32, the specific implementation of generating the decryption key according to the user WeChat code UID and the user IMEI value is as follows:
step 321: splicing the user micro-signal code UID and the corresponding user IMEI value to form a second character string;
step 322: performing the encryption operation on the second character string to obtain a second encrypted character string;
step 323: and calling an AES decryption key function, and generating a corresponding AES decryption key according to the second encryption character string.
8. The utility model provides a little letter system of collecting evidence based on data collision which characterized in that: the system comprises a creation module, an encryption module, a query module and a decryption module;
the creating module is used for creating a collision database;
the encryption module is used for encrypting a user micro-signal code UID and storing a first encrypted character string obtained after encryption in the collision database as a local file directory name;
the query module is used for querying the local file directory name to be forensics in the collision database and acquiring a user micro-signal number UID corresponding to the local file directory name to be forensics;
the decryption module is used for generating an AES decryption secret key according to the acquired user WeChat code UID, decrypting the local file through the AES decryption secret key and completing WeChat evidence obtaining;
the encryption module splices a preset characteristic character string and a user micro-signal code UID to form a first character string, and carries out encryption operation on the first character string to obtain a first encrypted character string; and the number of bits of the user micro signal code UID does not exceed the number of bits of the first encryption character string.
9. The WeChat evidence obtaining system based on data collision as claimed in claim 8, wherein: after the creation module creates the collision database, the collision database is divided into m according to the first n bits of the first character stringnAnd the collision sub-databases store the first encrypted character string into the corresponding collision sub-databases according to the first n bits of the first encrypted character string after the encryption module generates the first encrypted character string.
CN201611131930.6A 2016-12-09 2016-12-09 WeChat evidence obtaining method and system based on data collision Active CN106788999B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611131930.6A CN106788999B (en) 2016-12-09 2016-12-09 WeChat evidence obtaining method and system based on data collision

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611131930.6A CN106788999B (en) 2016-12-09 2016-12-09 WeChat evidence obtaining method and system based on data collision

Publications (2)

Publication Number Publication Date
CN106788999A CN106788999A (en) 2017-05-31
CN106788999B true CN106788999B (en) 2020-05-19

Family

ID=58875771

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611131930.6A Active CN106788999B (en) 2016-12-09 2016-12-09 WeChat evidence obtaining method and system based on data collision

Country Status (1)

Country Link
CN (1) CN106788999B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108959578A (en) * 2018-07-06 2018-12-07 山东浪潮商用系统有限公司 A kind of tax data crash analysis method
CN111104693A (en) * 2019-12-26 2020-05-05 陕西美亚秦安信息科技有限公司 Android platform software data cracking method, terminal device and storage medium
CN111934987A (en) * 2020-08-04 2020-11-13 公安部第三研究所 Data extraction method, system and storage medium for mobile phone enterprise WeChat

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183415A (en) * 2007-12-19 2008-05-21 腾讯科技(深圳)有限公司 Method and device for preventing sensitive information from leakage
CN104394530A (en) * 2014-12-09 2015-03-04 天津光电安辰信息技术有限公司 Wechat content encryption system based on smartphone and implementation method of wechat content encryption system
CN105678174A (en) * 2015-12-31 2016-06-15 四川秘无痕信息安全技术有限责任公司 Method for decrypting WeChat encrypted data based on binary system
CN105760518A (en) * 2016-02-29 2016-07-13 四川秘无痕信息安全技术有限责任公司 Method for accurately detecting data of Android WeChat friend circle
CN105959266A (en) * 2016-04-25 2016-09-21 颜陈煜 File opening authority management method
CN106126699A (en) * 2016-06-30 2016-11-16 武汉烽火众智数字技术有限责任公司 A kind of feature clue querying method based on data collision and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183415A (en) * 2007-12-19 2008-05-21 腾讯科技(深圳)有限公司 Method and device for preventing sensitive information from leakage
CN104394530A (en) * 2014-12-09 2015-03-04 天津光电安辰信息技术有限公司 Wechat content encryption system based on smartphone and implementation method of wechat content encryption system
CN105678174A (en) * 2015-12-31 2016-06-15 四川秘无痕信息安全技术有限责任公司 Method for decrypting WeChat encrypted data based on binary system
CN105760518A (en) * 2016-02-29 2016-07-13 四川秘无痕信息安全技术有限责任公司 Method for accurately detecting data of Android WeChat friend circle
CN105959266A (en) * 2016-04-25 2016-09-21 颜陈煜 File opening authority management method
CN106126699A (en) * 2016-06-30 2016-11-16 武汉烽火众智数字技术有限责任公司 A kind of feature clue querying method based on data collision and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种Android系统下的QQ取证模型分析;李强,刘宝旭,姜政伟,严坚;《技术研究》;20160131(第1期);第40-44页 *

Also Published As

Publication number Publication date
CN106788999A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
US10984052B2 (en) System and method for multiple-character wildcard search over encrypted data
KR100737359B1 (en) Method to create Indexes for encrypted column
CN112800088A (en) Database ciphertext retrieval system and method based on bidirectional security index
CN106788999B (en) WeChat evidence obtaining method and system based on data collision
Wang et al. Fast query over encrypted character data in database
JP2012164031A (en) Data processor, data storage device, data processing method, data storage method and program
US20150270958A1 (en) Decryptable index generation method for range search, search method, and decryption method
CN116186108A (en) Method for supporting fuzzy query by encrypting sensitive field
CN108416037B (en) Central keyword ciphertext searching method based on two-stage index in cloud environment
JP2013145420A (en) High-speed similarity retrieval processing system of encrypted data
CN105678174A (en) Method for decrypting WeChat encrypted data based on binary system
CN109213731A (en) Multi-key word cipher text retrieval method in cloud environment based on iterative cryptographic
CN112235101B (en) Coding method and device based on hybrid coding mechanism, decoding method and device
CN112202919B (en) Picture ciphertext storage and retrieval method and system under cloud storage environment
CN113076562A (en) Database encryption field fuzzy retrieval method based on GCM encryption mode
CN104794243A (en) Third-party ciphertext retrieval method based on file name
CN109325369B (en) Method for encrypting, storing and retrieving time field of building structure test data
KR20120108121A (en) Searchable symmetric encryption method and system
CN111988133B (en) System SM4 encryption and decryption verification method, device, equipment and storage medium
CN115795504A (en) Searchable method and system supporting fuzzy search of Chinese word meaning
KR20090108849A (en) File storing/retrieving apparatus and method for file storing/retrieving
JP6493402B2 (en) Addition device, deletion device, addition request device, data search system, data search method, and computer program
CN116701493B (en) Database operation method supporting fuzzy query and user side
US10769144B2 (en) Database search system, database search method, and non-transitory recording medium
KR101095862B1 (en) Data encryption apparatus and method, data decoding apparatus, data searching method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210810

Address after: 730000 floor 5, Keqing Science Park, 281 Yannan Road, Chengguan District, Lanzhou City, Gansu Province

Patentee after: Lanzhou Zhonghe Technology Co.,Ltd.

Address before: No. 27, fozuling Third Road, Donghu New Technology Development Zone, Wuhan City, Hubei Province 430200

Patentee before: WUHAN ZRTZ INFORMATION TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right