Your Phone is a Microsoft system that comprises two applications: a smartphone app for Android 7 + smartphones and a desktop application for Windows 10/18.03+. It allows users to access their most recent smartphone-stored photos/screenshots and send/receive short message service (SMS) and multimedia messaging service (MMS) within their Your Phone-linked Windows 10 personal computers. In this paper, we analyze the digital forensic artifacts created at Windows 10 personal computers whose users have the Your Phone system installed and activated. Our results show that besides the most recent 25 photos/screenshots and the content of the last 30-day of sent/received SMS/MMS, the contact database of the linked smartphone(s) is available in a accessible SQLite3 database kept at the Windows 10 system. This way, when the linked smartphone cannot be forensically analyzed, data gathered through the Your Phone artifacts may constitute a valuable digital forensic asset. Furthermore, to explore and export the main data of the Your Phone database as well as recoverable deleted data, a set of python scripts – Your Phone Analyzer (YPA) – is presented. YPA is available wrapped within an Autopsy module to assist digital practitioners to extract the main artifacts from the Your Phone system.

您的手机是一个Microsoft系统，包含两个应用程序：适用于Android 7 +智能手机的智能手机应用程序和适用于Windows 10 / 18.03 +的桌面应用程序。它允许用户访问其最新的智能手机存储的照片/屏幕快照，并在与您的Phone链接的Windows 10个人计算机中发送/接收短信服务（SMS）和多媒体消息服务（MMS）。在本文中，我们将分析在Windows 10个人计算机上创建的数字取证工件，这些计算机的用户安装并激活了Your Phone系统。我们的结果表明，除了最新的25张照片/屏幕截图以及最近30天发送/接收的SMS / MMS的内容外，链接的智能手机的联系人数据库还位于Windows上可访问的SQLite3数据库中。 10系统。这条路，当无法对取证的智能手机进行取证分析时，通过“电话”工件收集的数据可能构成了宝贵的数字取证资产。此外，为了探索和导出Your Phone数据库的主要数据以及可恢复的已删除数据，提供了一组python脚本– Your Phone Analyzer（YPA）。YPA可包装在尸检模块中，以帮助数字从业人员从您的电话系统中提取主要工件。