[go: up one dir, main page]

CN114443568B - Telegram series application data analysis method, terminal device and storage medium - Google Patents

Telegram series application data analysis method, terminal device and storage medium Download PDF

Info

Publication number
CN114443568B
CN114443568B CN202111577850.4A CN202111577850A CN114443568B CN 114443568 B CN114443568 B CN 114443568B CN 202111577850 A CN202111577850 A CN 202111577850A CN 114443568 B CN114443568 B CN 114443568B
Authority
CN
China
Prior art keywords
telegram
application
directory
file
name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111577850.4A
Other languages
Chinese (zh)
Other versions
CN114443568A (en
Inventor
李哲
周开军
张磊
张辉极
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Meiya Pico Information Co Ltd
Original Assignee
Xiamen Meiya Pico Information Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Meiya Pico Information Co Ltd filed Critical Xiamen Meiya Pico Information Co Ltd
Priority to CN202111577850.4A priority Critical patent/CN114443568B/en
Publication of CN114443568A publication Critical patent/CN114443568A/en
Application granted granted Critical
Publication of CN114443568B publication Critical patent/CN114443568B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/80Information retrieval; Database structures therefor; File system structures therefor of semi-structured data, e.g. markup language structured data such as SGML, XML or HTML
    • G06F16/84Mapping; Conversion
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/42Syntactic analysis
    • G06F8/427Parsing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to Telegram series application data analysis method, terminal equipment and storage medium, wherein the method comprises the following steps: s1: judging whether the packet name of the data packet of the application to be analyzed contains a key field for representing Telegram application characteristics, if so, entering S3; otherwise, entering S2; s2: judging whether the subdirectory under the packet name directory contains Telegram applied characteristic files or not, if so, entering S3; otherwise, ending; s3: mapping package names and characteristic files which are contained in the application to be analyzed and do not accord with Telegram standard according to Telegram standard; s4: mapping the accessory catalogue of the application to be analyzed according to Telegram standard; s5: and analyzing the application to be analyzed according to the analysis method of Telegram applications based on the package name, the attachment directory and the feature file after application mapping. The invention can conveniently realize the rapid analysis of the target application and improve the data analysis capability of each platform.

Description

Telegram series application data analysis method, terminal equipment and storage medium
Technical Field
The present invention relates to the field of data analysis, and in particular, to a Telegram series application data analysis method, a terminal device, and a storage medium.
Background
Telegram (TG for short, full name TELEGRAM MESSENGER) is cross-platform instant messaging software, whose client is free and open source software, but server is proprietary software. Users can exchange encrypted and self-destruction messages (similar to burn after reading) with each other, and send all types of files such as photos, films and the like. The authorities provide various platform clients such as mobile Phone version (Android, IOS, windows Phone), desktop version (Windows, macOS, linux) and webpage version; while an open Application Program Interface (API) is official, so that clients with many third parties are available for selection.
The Telegram series of applications are third party client applications developed based on Telegram Application Program Interface (API) or third party client applications implemented based on Telegram application open source code. The function is similar to Telegram, the chat content encryption and the powerful group chat function can be basically realized, the number of the group chat is not limited, the function is free, and the unique burn-after-reading function is more favored by most people.
The Telegram application strong group chat function is pointed out to have strong propagation capability, and the strong security of chat content encryption determines that Telegram application is one of the applications which are used more globally, so that data analysis of Telegram application is an important point of evidence collection analysis. However, with the development of technology and the enhancement of relevant partial striking force, the user gradually shifts the gravity center from Telegram application to Telegram series of other applications, so as to improve the concealment of behaviors, therefore, various Telegram series applications and mountain village version applications in recent years are endless, related cases related to similar applications frequently appear, and difficulties are brought to the work of electronic evidence obtaining and law enforcement personnel. A common Telegram series of applications is shown in figure 1.
Disclosure of Invention
In order to solve the above problems, the present invention provides a Telegram series application data parsing method, a terminal device and a storage medium, so as to quickly parse the above-mentioned mass Telegram series applications.
The specific scheme is as follows:
A Telegram series application data analysis method comprises the following steps:
S1: judging whether the packet name of the data packet of the application to be analyzed contains a key field for representing Telegram application characteristics, if so, entering S3; otherwise, entering S2;
S2: judging whether the subdirectory under the packet name directory contains Telegram applied characteristic files or not, if so, entering S3; otherwise, ending;
s3: mapping package names and characteristic files which are contained in the application to be analyzed and do not accord with Telegram standard according to Telegram standard;
s4: mapping the accessory catalogue of the application to be analyzed according to Telegram standard;
s5: and analyzing the application to be analyzed according to the analysis method of Telegram applications based on the package name, the attachment directory and the feature file after application mapping.
Further, in the Android and IOS systems, key fields characterizing Telegram application features include tg, telegram, tele and gram.
Further, in the Android system, whether the subdirectories of the feature files applied by Telegram are contained in the subdirectories under the package name directory or not is judged, wherein the subdirectories comprise shared_ prefs and file directories, and the corresponding feature files under the shared_ prefs directory comprise: userconfing. Xml and userconfig. Xml, the corresponding profile under the files directory is cached 4.Db.
Further, in the IOS system, it is determined whether the subdirectory of the signature file applied by Telegram is a Documents directory, and the corresponding signature file includes an account data cache directory PACKAGE _name\documents\account-and a database file PACKAGE _name\documents\account-postbox \db\db_sqlite of the account data cache.
Further, in the Android system, when the package name is mapped, the package name is mapped into a standard data package name org.
Furthermore, in the Android system, logininfo x xml files are mapped into logistic 2 xml files when feature files are mapped; userconfig. Xml is mapped into a userconfig1.xml file or a userconfig2.xml file, and the numbers of the suffixes in the file names are sequentially accumulated according to the number of the files.
Further, in the IOS system, when the packet name is mapped, the packet name is mapped to the standard packet name ph.
Further, in step S4, when the Android system is the Android system, backing up the attachment directory to the attachment sub-directory of the packet directory corresponding to Telegram is further included before the directory mapping.
Further, in step S4, when the Android system is used, mapping the attachment directory to the attachment directory of the corresponding type according to the type of the attachment, where the mapped attachment directory includes Telegram Audio, telegram Documents, TELEGRAM IMAGES and Telegram Video.
Further, in step S5, when the Android system is used, account information is parsed from the userconfin. Analyzing friend information and chat information from the cached 4.Db file; the cache4.Db file completes the analysis of each data field according to the read-write interface of the database.
A Telegram series of application data analysis terminal equipment comprises a processor, a memory and a computer program stored in the memory and capable of running on the processor, wherein the steps of the method according to the embodiment of the invention are realized when the processor executes the computer program.
A computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of the method described above for embodiments of the present invention.
According to the technical scheme, through the characteristics that Telegram series of applications and Telegram applications have the same data structure and file structure, supportable analysis degree is determined by comparing the similarity of internal data of the applications, then the data packet format of the target application is mapped and arranged according to the format of Telegram data packets, and the accessory files are backed up to a fixed accessory catalog to carry out accessory association of target application data analysis, so that a complete electronic data evidence obtaining result is finally formed and is used for case detection and data analysis.
Drawings
Fig. 1 shows a schematic diagram of a common Telegram series of applications.
Fig. 2 is a flowchart of a first embodiment of the present invention.
FIG. 3 is a diagram showing the comparison effect of Telegram series of application data directories in this embodiment.
Detailed Description
For further illustration of the various embodiments, the invention is provided with the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments and together with the description, serve to explain the principles of the embodiments. With reference to these matters, one of ordinary skill in the art will understand other possible embodiments and advantages of the present invention.
The invention will now be further described with reference to the drawings and detailed description.
Embodiment one:
The embodiment of the invention provides a Telegram series application data analysis method, as shown in fig. 2, which comprises the following steps:
S1: judging whether the packet name of the data packet of the application to be analyzed contains a key field for representing Telegram application characteristics, if so, entering S3; otherwise, S2 is entered.
S2: judging whether the subdirectory under the packet name directory contains telegram applied characteristic files or not, if so, entering S3; otherwise, ending.
S3: and mapping the package names and the feature files which are contained in the application to be analyzed and do not accord with Telegram standard according to Telegram standard.
S4: and mapping the accessory catalog of the application to be analyzed according to Telegram standard.
S5: and analyzing the application to be analyzed according to the analysis method of Telegram applications based on the package name, the attachment directory and the feature file after application mapping.
In order to ensure the integrity of data, the backup of the data catalog is required before carrying out Telegram series of application data analysis, so that the fact that the iPhone mobile phone breaks the jail and the Android mobile phone has root is required to be ensured to possibly backup the complete data package is required. The backup of the data package is carried out in various ways through third party mobile phone management software, mobile phone self-provided backup function or mobile phone official tools and Android adb commands. The application package that has been backed up is named PACKAGE _NAME in this embodiment. The following describes the common parsing method of Telegram series application data packets on two platforms respectively by using two systems of Android and IOS.
(1) For Telegram series of applications of the Android system, since the applications are realized based on Telegram open source codes or API interfaces of Telegram, the similarity degree can be identified from the feature files according to the similarity of the application realization, then general analysis file mapping is carried out, package names, catalogues and file names of analysis files of different applications are mapped into Telegram analysis files of standard, then attachments cached on an SD card are associated to standard analysis catalogues corresponding to Telegram, finally analysis is carried out according to Telegram standard applications, and general analysis of the applications can be realized.
In this embodiment, the application package NAME is set to PACKAGE _NAME, and the package NAMEs of the data packages of most of the Telegram series applications of Android contain the characteristic fields of Telegram applications, such as tg, telegram, tele and gram, etc., so in this embodiment, these characteristic fields are set to be key fields for characterizing Telegram application characteristics. It should be noted that the case is ignored when matching is performed.
The feature files are stored in two subdirectories of shared_ prefs and files under the package name directory under the Android system, and are respectively: xml and userconfig in PACKAGE _NAME_shared_ prefs directory, and the cached 4.Db file in PACKAGE _NAME_files_directory. If the two sub-directories contain the corresponding feature files, the subsequent steps can be continued to analyze according to Telegram series application general analysis methods, and if the feature files are not contained, the application to be analyzed is judged to be unable to conduct general analysis. As shown in fig. 3, which is a schematic diagram showing the comparison effect of the data catalogs of the Telegram series applications, it can be seen that the catalogs of the Telegram series applications all contain the three kinds of characteristic files.
When the common Telegram parsing method is used, the package NAME and the feature file of the Telegram series application of the Android version, which do not meet the Telegram standard, are required to be mapped, so that the package NAME is Telegram data packages under the standard Android platform, and the unified method can be performed for parsing, so that in the embodiment, the package NAME PACKAGE _NAME is mapped into the standard data package NAME org.
TABLE 1
Application name Original package name Post-mapping package name
Telegreat xxx.sean.telegram.messenger.beta org.telegram.messenger
BiYong org.telegram.btcchat org.telegram.messenger
vidogram org.vidogram.messenger org.telegram.messenger
Plus org.telegram.plus org.telegram.messenger
Aka org.aka.messenger org.telegram.messenger
…… …… ……
In the mapping of the characteristic files of the Android system, logininfo x.xml files are mapped into logistic 2.Xml files; and mapping userconfig x.xml into files such as userconfig1.xml and userconfig2.xml …, wherein the numbers of the suffixes in the file names are sequentially accumulated according to the number of the files, and the files correspond to a plurality of accounts.
Because the attachments of Telegram series of applications in the Android system are stored in the sdcard (sd card) directory, the storage position is sdcard \appname, and only a small number of thumbnail images, head images and voice files can be cached in the local data directory. The attachment files transmitted by a large number of friends are all under sdcard catalogs, so that the sdcard catalogs need to be backed up to the attachment subdirectories org.
Mapping of directory names is performed after backup of the attached directory, and the specific mapping is shown in table 2.
TABLE 2
Original attachment directory Mapped file directory
sdcard\appname\*Audio Telegram Audio
sdcard\appname\*Documents Telegram Documents
sdcard\appname\*Images Telegram Images
sdcard\appname\*Video Telegram Video
After the mapping of the package name, the attachment directory and the feature file of the application is completed, the universal analysis plug-in can be applied to conduct data analysis through Telegram of the Android system. Analyzing account information from shared_ prefs \userconfing.xml file; and analyzing friend information and chat information from the files\cache4.db file. The analysis of the userconfin. Xml file is completed according to standard xml analysis. The cache4.Db file is a standard sqlit database, and the analysis of each data field is completed according to the read-write interface of the database. The data field stores friend information, chat information and group chat information, which are hexadecimal data streams, and the final plaintext data information can be obtained by bit analysis according to the data stream storage rule.
(2) For the Telegram series of applications of the IOS system, the total number is much smaller than the number and scale of the Android platform. But the flow of data parsing is similar to that of the Android platform.
The key fields of the packet name in the IOS are tg, telegram, tele and gram, which are the same as Android.
The feature files in the IOS system are stored in the Documents sub-directory under the packet NAME directory, and the included feature files include account data cache directory PACKAGE _name\documents\account-, and account data cache database file PACKAGE _name\documents\account\ postbox \db_sqlite.
The mapping of the package name and the feature file of the IOS system is similar to that of the Android system, and the package name and the feature file of Telegram series applications under the IOS system, which do not accord with Telegram standard, are required to be mapped to become Telegram data packages under the standard IOS system. In this embodiment, the packet NAME PACKAGE _name and the mapping result of mapping to the standard packet NAME ph.
TABLE 3 Table 3
Application name Original package name Mapping package name
Btok com.biyong.biyongApp ph.telegra.Telegraph
Nicegram com.nicegram.Telegram-iOS ph.telegra.Telegraph
…… …… ……
The accessory catalog of the application in the IOS system is \ PACKAGE _NAME\documents\account\ postbox \media, and because the accessories of Telegram series of applications in the IOS system are cached under the data packet catalog of the application, the backup of the accessory catalog in an Android system is not needed, and only the packet NAME PACKAGE _NAME is mapped into a standard data packet NAME ph.
After the mapping of the package name, the attachment directory and the feature file of the application is completed, the data analysis can be performed by using a common analysis plug-in through Telegram of the IOS system. The data of Telegram series applications under IOS system are basically cached in PACKAGE _name\documents\account\ postbox \db_sqlite database file, which is a standard Sqlit database file. And obtaining Telegram series of application local cache data through analyzing the db_sqlite database.
The method is suitable for mainstream Android platforms and IOS platforms, can analyze data of a reconstruction upgrading application or Telegram non-original mountain village application and different Han edition applications based on Telegram applications, and can finish data output according to data requirements of electronic data evidence obtaining standards for character attribute characterization, key data analysis and related character relation analysis.
The embodiment is simple and efficient in technical realization, can realize a universal analysis plug-in for Telegram series instant messaging application simultaneously supporting the Android and the IOS by means of Telegram series application data analysis interfaces on the Android and the IOS, can conveniently realize rapid analysis of target application, can be integrated into each evidence-taking analysis platform in a plug-in manner, and improves the data analysis capability of each platform.
In addition, the method of the embodiment can be further popularized to Telegram series application data analysis of other system platforms besides Android and IOS, and is not limited herein.
Embodiment two:
the invention also provides Telegram series application data analysis terminal equipment, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the steps in the method embodiment of the first embodiment of the invention are realized when the processor executes the computer program.
Further, as an executable scheme, the Telegram series of application data analysis terminal devices may be computing devices such as a desktop computer, a notebook computer, a palm computer, and a cloud server. The Telegram series of application data parsing terminal devices may include, but are not limited to, a processor, a memory. It will be appreciated by those skilled in the art that the above-described Telegram-series application data analysis terminal device is merely an example of a Telegram-series application data analysis terminal device, and does not limit the Telegram-series application data analysis terminal device, and may include more or fewer components than the above-described components, or may combine some components, or different components, for example, the Telegram-series application data analysis terminal device may further include an input/output device, a network access device, a bus, and the like, which is not limited by the embodiment of the present invention.
Further, as an executable scheme, the Processor may be a central processing unit (Central Processing Unit, CPU), other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), field-Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. The general processor may be a microprocessor or the processor may be any conventional processor, etc., and the processor is a control center of the Telegram series application data analysis terminal device, and connects various parts of the whole Telegram series application data analysis terminal device by using various interfaces and lines.
The memory may be used to store the computer program and/or module, and the processor may implement the various functions of the Telegram-series application data-parsing terminal device by running or executing the computer program and/or module stored in the memory, and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for a function; the storage data area may store data created according to the use of the cellular phone, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card (SMART MEDIA CARD, SMC), secure Digital (SD) card, flash memory card (FLASH CARD), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
The present invention also provides a computer readable storage medium storing a computer program which when executed by a processor implements the steps of the above-described method of an embodiment of the present invention.
The Telegram series of modules/units integrated with the application data-parsing terminal device may be stored in a computer-readable storage medium if implemented in the form of software functional units and sold or used as a separate product. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a software distribution medium, and so forth.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (12)

1.一种Telegram系列应用数据解析方法,其特征在于,包括以下步骤:1. A Telegram series application data parsing method, characterized in that it includes the following steps: S1:判断待解析应用的数据包的包名中是否包含表征Telegram应用特征的关键字段,如果包含,进入S3;否则,进入S2;S1: Determine whether the package name of the data packet of the application to be parsed contains the key field representing the characteristics of the Telegram application. If so, enter S3; otherwise, enter S2; S2:判断包名目录下的子目录中是否包含Telegram应用的特征文件,如果包含,进入S3;否则,结束;S2: Determine whether the subdirectory under the package name directory contains the feature file of the Telegram application. If so, proceed to S3; otherwise, end. S3:将待解析应用包含的不符合Telegram标准的包名和特征文件按照Telegram标准进行映射;S3: Map the package names and feature files that do not conform to the Telegram standard and are contained in the application to be analyzed according to the Telegram standard; S4:将待解析应用的附件目录按照Telegram标准进行映射;S4: Map the attachment directory of the application to be parsed according to the Telegram standard; S5:基于应用映射后的包名、附件目录和特征文件,按照Telegram应用的解析方法对待解析应用进行解析。S5: Based on the package name, attachment directory and feature file after the application is mapped, the application to be analyzed is analyzed according to the analysis method of the Telegram application. 2.根据权利要求1所述的Telegram系列应用数据解析方法,其特征在于:Android和IOS系统中,表征Telegram应用特征的关键字段均包括tg、telegram、tele和gram。2. The Telegram series application data parsing method according to claim 1 is characterized in that: in Android and IOS systems, the key fields characterizing the Telegram application features all include tg, telegram, tele and gram. 3.根据权利要求1所述的Telegram系列应用数据解析方法,其特征在于:Android系统中,判断包名目录下的子目录中是否包含Telegram应用的特征文件的子目录包括shared_prefs和files目录,shared_prefs目录下对应的特征文件包括:userconfing*.xml和userconfig*.xml,files目录下对应的特征文件为cache4.db。3. The Telegram series application data parsing method according to claim 1 is characterized in that: in the Android system, the subdirectory under the package name directory that determines whether the subdirectory contains the feature file of the Telegram application includes the shared_prefs and files directories, and the corresponding feature files under the shared_prefs directory include: userconfing*.xml and userconfig*.xml, and the corresponding feature file under the files directory is cache4.db. 4.根据权利要求1所述的Telegram系列应用数据解析方法,其特征在于:IOS系统中,判断包名目录下的子目录中是否包含Telegram应用的特征文件的子目录为Documents目录,其对应的特征文件包括账户数据缓存目录PACKAGE_NAME\Documents\account-*和账户数据缓存的数据库文件PACKAGE_NAME\Documents\account-*\postbox\db\db_sqlite。4. The Telegram series application data parsing method according to claim 1 is characterized in that: in the IOS system, the subdirectory under the package name directory is judged to contain the feature file of the Telegram application, which is the Documents directory, and its corresponding feature file includes the account data cache directory PACKAGE_NAME\Documents\account-* and the account data cache database file PACKAGE_NAME\Documents\account-*\postbox\db\db_sqlite. 5.根据权利要求1所述的Telegram系列应用数据解析方法,其特征在于:Android系统中,在包名映射时,将包名映射为标准数据包名org.telegram.messenger。5. The Telegram series application data parsing method according to claim 1 is characterized in that: in the Android system, when mapping the package name, the package name is mapped to the standard data packet name org.telegram.messenger. 6.根据权利要求1所述的Telegram系列应用数据解析方法,其特征在于:Android系统中,在特征文件映射时,将logininfo*.xml文件映射为logininfo2.xml文件;将userconfig*.xml映射为userconfig1.xml文件或userconfig2.xml文件,文件名中后缀的数字按照文件个数依次累加。6. The Telegram series application data parsing method according to claim 1 is characterized in that: in the Android system, when mapping the feature file, the logininfo*.xml file is mapped to the logininfo2.xml file; the userconfig*.xml is mapped to the userconfig1.xml file or the userconfig2.xml file, and the suffix numbers in the file names are accumulated in sequence according to the number of files. 7.根据权利要求1所述的Telegram系列应用数据解析方法,其特征在于:IOS系统中,在包名映射时,将包名映射为标准数据包名ph.telegra.Telegraph。7. The Telegram series application data parsing method according to claim 1 is characterized in that: in the IOS system, when mapping the package name, the package name is mapped to the standard data packet name ph.telegra.Telegraph. 8.根据权利要求1所述的Telegram系列应用数据解析方法,其特征在于:步骤S4中,当为Android系统时,在进行目录映射之前还包括将附件目录备份至Telegram对应的数据包目录的附件子目录下。8. The Telegram series application data parsing method according to claim 1 is characterized in that: in step S4, when it is an Android system, before performing directory mapping, it also includes backing up the attachment directory to the attachment subdirectory of the data packet directory corresponding to Telegram. 9.根据权利要求1所述的Telegram系列应用数据解析方法,其特征在于:步骤S4中,当为Android系统时,在进行附件目录的映射时,根据附件的类型映射为对应类型的附件目录,映射后的附件目录包括Telegram Audio、Telegram Documents、Telegram Images和Telegram Video。9. The Telegram series application data parsing method according to claim 1, characterized in that: in step S4, when it is an Android system, when mapping the attachment directory, the attachment directory of the corresponding type is mapped according to the type of the attachment, and the mapped attachment directory includes Telegram Audio, Telegram Documents, Telegram Images and Telegram Video. 10.根据权利要求1所述的Telegram系列应用数据解析方法,其特征在于:步骤S5中,当为Android系统时,从userconfing.xml文件中解析出账户信息;从cache4.db文件中解析出好友信息和聊天信息;其中cache4.db文件按照数据库的读写接口完成各个数据字段的解析。10. The Telegram series application data parsing method according to claim 1 is characterized in that: in step S5, when it is an Android system, account information is parsed from the userconfing.xml file; friend information and chat information are parsed from the cache4.db file; wherein the cache4.db file completes the parsing of each data field according to the read and write interface of the database. 11.一种Telegram系列应用数据解析终端设备,其特征在于:包括处理器、存储器以及存储在所述存储器中并在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如权利要求1~10中任一所述方法的步骤。11. A Telegram series application data parsing terminal device, characterized in that it comprises a processor, a memory, and a computer program stored in the memory and running on the processor, and when the processor executes the computer program, the steps of the method as claimed in any one of claims 1 to 10 are implemented. 12.一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于:所述计算机程序被处理器执行时实现如权利要求1~10中任一所述方法的步骤。12. A computer-readable storage medium storing a computer program, wherein the computer program implements the steps of any one of the methods of claims 1 to 10 when executed by a processor.
CN202111577850.4A 2021-12-22 2021-12-22 Telegram series application data analysis method, terminal device and storage medium Active CN114443568B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111577850.4A CN114443568B (en) 2021-12-22 2021-12-22 Telegram series application data analysis method, terminal device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111577850.4A CN114443568B (en) 2021-12-22 2021-12-22 Telegram series application data analysis method, terminal device and storage medium

Publications (2)

Publication Number Publication Date
CN114443568A CN114443568A (en) 2022-05-06
CN114443568B true CN114443568B (en) 2024-11-19

Family

ID=81364527

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111577850.4A Active CN114443568B (en) 2021-12-22 2021-12-22 Telegram series application data analysis method, terminal device and storage medium

Country Status (1)

Country Link
CN (1) CN114443568B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106549948A (en) * 2016-10-20 2017-03-29 公安部第三研究所 Telegram application of multimedia evidence collecting method under Android platform
CN109670152A (en) * 2018-12-17 2019-04-23 武汉烽火信息集成技术有限公司 A kind of HL7V3 analytic method, storage medium, electronic equipment and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090073682A (en) * 2007-12-31 2009-07-03 노틸러스효성 주식회사 Communication specialized converter and method in data communication process

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106549948A (en) * 2016-10-20 2017-03-29 公安部第三研究所 Telegram application of multimedia evidence collecting method under Android platform
CN109670152A (en) * 2018-12-17 2019-04-23 武汉烽火信息集成技术有限公司 A kind of HL7V3 analytic method, storage medium, electronic equipment and system

Also Published As

Publication number Publication date
CN114443568A (en) 2022-05-06

Similar Documents

Publication Publication Date Title
CN109067541B (en) Data verification method and device based on block chain and electronic equipment
CN110851879A (en) Method, device and equipment for infringement and evidence preservation based on evidence preservation block chain
US20200204688A1 (en) Picture book sharing method and apparatus and system using the same
WO2015081848A1 (en) Socialized extended search method and corresponding device and system
CN101083633B (en) Information search system and search method
CN114610951A (en) Data processing method, apparatus, electronic device and readable storage medium
CN112860642A (en) Court trial data processing method, server and terminal
CN109815112B (en) Data debugging method and device based on functional test and terminal equipment
US20190289088A1 (en) Identifying and managing redundant digital content transfers
CN108616603B (en) Method and system for synchronizing internal and external network data
CN107241446B (en) File transmission method and device of application program, terminal equipment and storage medium
CN110222282A (en) Data processing method, device, server and storage medium
CN114443568B (en) Telegram series application data analysis method, terminal device and storage medium
CN112733510A (en) Financial certificate generation method, device, equipment and computer readable storage medium
CN111045983B (en) Nuclear power station electronic file management method, device, terminal equipment and medium
US9923857B2 (en) Symbolic variables within email addresses
CN111343231A (en) A data extraction method, device, computer system and readable storage medium for instant messaging
CN110443659A (en) Method and system for generating an invoice
CN113032820A (en) File storage method, access method, device, equipment and storage medium
CN112947844A (en) Data storage method and device, electronic equipment and medium
CN117076534A (en) Method, device, equipment and medium for exporting business data file
CN113726838B (en) File transmission method, device, equipment and storage medium
CN116341491A (en) Data processing method and related device
CN114675776B (en) Resource storage method and device, storage medium and electronic device
CN115795544A (en) File security attribute storage method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant