Abstract: Cell phone forensics to acquire and analyze data in the
cellular phone is nowadays being used in a national investigation
organization and a private company. In order to collect cellular phone
flash memory data, we have two methods. Firstly, it is a logical
method which acquires files and directories from the file system of the
cell phone flash memory. Secondly, we can get all data from bit-by-bit
copy of entire physical memory using a low level access method. In
this paper, we describe a forensic tool to acquire cell phone flash
memory data using a logical level approach. By our tool, we can get
EFS file system and peek memory data with an arbitrary region from
Korea CDMA cell phone.
Abstract: The flash memory has many advantages such as low power consumption, strong shock resistance, fast I/O and non-volatility. And it is increasingly used in the mobile storage device. The YAFFS, one of the NAND flash file system, is widely used in the embedded device. However, the existing YAFFS takes long time to mount the file system because it scans whole spare areas in all pages of NAND flash memory. In order to solve this problem, we propose a new content-based flash file system using a mounting time reduction technique. The proposed method only scans partial spare areas of some special pages by using content-based block management. The experimental results show that the proposed method reduces the average mounting time by 87.2% comparing with JFFS2 and 69.9% comparing with YAFFS.