The case was about business secret and forensic guy did a physical acquisition from a smart phone. He'd like to find out files relates to sensitive data by examining the image file.

A file named "top-secret.docx" draw forensic guy's attention. Bingo there's lots of classified data inside this document.

Where did this files come from? In which way? Who sent this file?  Take a look at the path and you'll know what's going on. This file was transfered via Bluetooth! All three timestamp including the creation time, accessed time and modified time are "2016/05/11 11:01:20 UTC". That means this file "top-secret.docx" was transfered to this volume on the smart phone at local time "2016/05/11 19:01:20". Also we could know the create date/time and the last person who modified this document. The "path" of a file is usually a useful hint to forensic guys.

Find out files transfered via Bluetooth的更多相关文章

  1. Analyze network packet files very carefully

    As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when t ...

  2. How to Implement Bluetooth Low Energy (BLE) in Ice Cream Sandwich

    ShareThis - By Vikas Verma Bluetooth low energy (BLE) is a feature of Bluetooth 4.0 wireless radio t ...

  3. Bluetooth

    Android provides a default Bluetooth stack, BlueDroid, that is divided into two layers: The Bluetoot ...

  4. Bluetooth(android 4.2.2版本)

    Android provides a default Bluetooth stack, BlueDroid, that is divided into two layers: The Bluetoot ...

  5. 零基础入门学习Python(3)--小插曲之变量和字符串

    前言 小甲鱼说,在对前边的小游戏改善前,先了解下,Python中的变量与字符串. 主要内容 变量 变量名就像我们现实社会的名字,把一个值赋值给一个名字时,Ta会存储在内存中,称之为变量(variabl ...

  6. Maven 梳理-安装配置

    项目构建过程包括[清理项目]→[编译项目]→[测试项目]→[生成测试报告]→[打包项目]→[部署项目]这几个步骤,这六个步骤就是一个项目的完整构建过程. 下载后解压   配置环境变量 F:\jtDev ...

  7. PIC24FJ64GB002 with bluetooth USB dongle

    PIC24FJ64GB002 with bluetooth USB dongle I will explain my project (how to control a bluetooth USB d ...

  8. [daily][device][bluetooth] 蓝牙怎么办!(archlinux下驱动蓝牙鼠标,以及三星手机)

    去年地摊买的破无线鼠标坏掉了.看上微软的Designer Mouse蓝牙鼠,但是买之前我要确认我能不能驱起来. 这款鼠标只支持蓝牙4.0.系统支持windows8以上,不支持xp和windows7. ...

  9. Bluetooth in Android 4.2 and 4.3(一):综述

    从Android 4.2开始,Bluetooth stack发生了重大改变:从Bluez换成了由Google和Broadcom联合开发的Bluedroid(当然,核心的部分还是Broadcom的,Go ...

随机推荐

  1. 将.war文件解压到指定目录

    jar命令无法将.jar解压到指定目录,因为-C参数只在创建或更新包的时候可用 要将.jar文件解压到指定目录可以用unzip命令 unzip命令在windows下自带就有,不用另外下载安装 下面是将 ...

  2. word使用技巧-批量删除图片技巧

    通过查找替换方法:ctrl+h,查找输入^g,替换输入空,然后替换即可. 今天看到一同事写的文档,发现里面很多word基础功能都不会用,比如同一级的标题居然有好几个样式,并且会级别搞错:列表里的数字居 ...

  3. Android学习十:appcompat_v7相关

    error: Error retrieving parent for item: No resource found that matches the given name 'android:Wind ...

  4. js调用页面打印

    ----------------------调用页面打印-------------------------------- <body> <div id="divPrint& ...

  5. REPEATABLE-READ下批量更新数据的问题

    1. 当前mysql的隔离级别 REPEATABLE-READ 2. 用户读取的时候或者更改的时候(通过事务)   会对 更改的数据加行锁 和 gap锁 , 最终更改完毕后 去掉锁. (行锁表示这条数 ...

  6. Python 各进制间的转换(转)

    转载自:http://blog.chinaunix.net/uid-21516619-id-1824975.html python 2.6以后内置函数#10进制转为2进制>>> bi ...

  7. ubuntu12.10 源更新出错(sudo apt-get update)

    Ubuntu12.10 刚安装完发现vi编辑器无法正常使用,后来用sudo apt-get install vim 一直出错,搜索相关资源发现需要更新源 首先,备份一下Ubuntu 12.10 原来的 ...

  8. [转]windows下编译及使用libevent

    http://www.cnblogs.com/luxiaoxun/p/3603399.html Libevent官网:http://libevent.org/ windows 7下编译: 编译环境:  ...

  9. 警告:隐式声明与内建函数'exit'不兼容解决方案

    警告:隐式声明与内建函数'exit'不兼容解决方案 #include <stdio.h> int main() { printf("hello world!/n"); ...

  10. fsn文件解析(C#)

      public class FsnBizNet     {         private static int count;         public static int parseInt( ...