As the storage capacity of smartphones increases, more user data such as call logs, SMS records, media data, and instant messages are stored in smartphones. Therefore, it is important in digital investigation to acquire smartphones containing the personal information of users. However, even when a prime suspect's smartphone is acquired, it is difficult to extract user data without obtaining root privilege. In this situation, smartphone backup data may be a valuable alternative to the extraction of user data. Using a smartphone backup, an investigator can extract most of the data stored in a smartphone including user data, with straightforward methods, and transfer them to a storage device such as an SD card, a USB, or a PC. Despite its convenience, backup data are hard to use as evidence, because backup data are encrypted using different methods depending on smartphone manufacturers, in order to protect user privacy.

In this paper, we propose methods for decrypting encrypted backup data of Sony smartphones. In our analysis, we reverse-engineered the backup processes of the local backup and the PC backup provided by Sony smartphones, and analyzed the encryption methods applied to each set of backup data. In particular, we developed an algorithm for decrypting encrypted backup data on Sony smartphones, which we experimentally verified. As far as we know, this is the first research that has addressed the decryption of backup data on Sony smartphones.

随着智能手机存储容量的增加，更多的用户数据（如通话记录，SMS记录，媒体数据和即时消息）存储在智能手机中。因此，在数字调查中，获取包含用户个人信息的智能手机很重要。但是，即使获得了主要嫌疑人的智能手机，也很难在没有获得root用户特权的情况下提取用户数据。在这种情况下，智能手机备份数据可能是提取用户数据的有价值的替代方法。使用智能手机备份，调查人员可以通过简单的方法提取存储在智能手机中的大部分数据（包括用户数据），并将其传输到SD卡，USB或PC等存储设备。尽管方便，但备份数据很难用作证据，

在本文中，我们提出了用于解密Sony智能手机的加密备份数据的方法。在分析中，我们对本地备份和Sony智能手机提供的PC备份的备份过程进行了反向工程，并分析了应用于每组备份数据的加密方法。特别是，我们开发了一种算法，用于对Sony智能手机上的加密备份数据进行解密，并通过实验进行了验证。据我们所知，这是第一项针对索尼智能手机上备份数据解密的研究。