부산대학교 도서관

Data recovery from captured intelligent mobile devices such as smartphones plays a significant role in digital forensic analysis. In this paper, we study the main characteristics of NAND flash and YAFFS2 file systems and explore the method for recovering YAFFS2 files for forensic analysis based on Tnode tree that can save a lot of time compared to other data recovery methods. For any broken file that has missing or broken data pages, we propose to reuse pages from previous versions of the current file based on the chunk IDs of the missing pages to replace and thus recover such pages. We will describe the replacement method with detailed steps and also perform some analysis to show that the proposed replacement approach can be feasible and effective in reconstructing YAFFS2 files.