Abstract SailfishOS is a Linux kernel-based embedded device operation system, mostly deployed on cell phones. Currently, there is no sufficient research in this space, and at the same time, this operating system is gaining popularity, so it is likely for investigators to encounter it in the field. This paper focuses on mapping the digital artifacts pertinent to an investigation, which can be found on the filesystem of a phone running SailfishOS 3.2. Currently, there is no other known publicly available research and no commercially available solutions for the acquisition and analysis of this platform. This is a major gap, as the adoption of this OS is accelerating in emerging markets on low-cost devices. This paper presents many of the major forensics points of interest, such as call and text, log, phonebook, web browser artifacts as well as hardware-specific features.

中文翻译：

---

初看 SailfishOS 的取证分析

摘要 SailfishOS 是一个基于 Linux 内核的嵌入式设备操作系统，主要部署在手机上。目前在这方面还没有足够的研究，同时这个操作系统也越来越流行，所以研究人员很可能会在该领域遇到它。本文侧重于映射与调查相关的数字工件，这些工件可以在运行 SailfishOS 3.2 的手机的文件系统上找到。目前，没有其他已知的公开研究和商业可用的解决方案来获取和分析该平台。这是一个重大差距，因为该操作系统在新兴市场的低成本设备上正在加速采用。本文介绍了许多主要的取证点，例如电话和短信、日志、电话簿、