Android platform based virus forensics system and method

The invention discloses an Android platform based virus forensics system and method, and relates to the field of information security. According to the system, a virus detection module interacts with a virus forensics module to realize the virus detection and forensics functions on the Android platform; and the virus forensics module interacts with a forensics report generation module, malicious act of a virus is positioned and analyzed, field data are recorded in detail, and certain internet events are conveniently reestablished when needed in the future. According to the method, 1), the virus detection module collects various features of an APK (Android package) application and performs virus detection on the APK application by means of a series of security policies; 2), the virus forensics module is combined with static and dynamic analysis methods to perform forensics on the malicious act of the virus; and 3), the forensics report generation module records the malicious act of the virus in detail. The Android platform based virus forensics system and method have the advantages and positive effects as follows: 1) timeliness; 2) extensibility; and 3) traceability: internet cases of crime by utilizing certain viruses in the future are restored conveniently.