| 深度文件取证系统的设计与实现 |
| |
| 引用本文: | 陈志勇,陈晓红,杨旭,施少培,徐彻,卞新伟.深度文件取证系统的设计与实现[J].通信技术,2009,42(5):218-220. |
| |
| 作者姓名: | 陈志勇 陈晓红 杨旭 施少培 徐彻 卞新伟 |
| |
| 作者单位: | 1. 上海交通大学,信息安全工程学院,上海,200240
2. 司法部司法鉴定科学技术研究所,上海,200063 |
| |
| 基金项目: | 中央级公益型科研院所社会公益研究专项基金 |
| |
| 摘 要: | 随着计算机犯罪事件的不断增加,计算机取证技术越来越受到人们的重视。文章分析和讨论了计算机取证技术,总结了计算机取证的一般流程和取证原则,在此基础上提出和分析了深入信息提取,并给出了深度文件取证系统的设计和实现。主要包括两个方面的内容:一是研究了办公文件的数据组织结构,设计出了元数据信息的提取方案;二是研究被删除文件的磁盘存储结构,利用磁盘上残留的文件信息恢复出被删除的文件,从而为司法鉴定取得有用信息。
|
| 关 键 词: | 计算机取证 信息提取 元数据 |
Design and Implementation of In-depth File Forensics System |
| |
| CHEN Zhi-yong,CHEN Xiao-hong,YANG Xu,SHI Shao-pei,XU Che,BIAN Xin-wei.Design and Implementation of In-depth File Forensics System[J].Communications Technology,2009,42(5):218-220. |
| |
| Authors: | CHEN Zhi-yong CHEN Xiao-hong YANG Xu SHI Shao-pei XU Che BIAN Xin-wei |
| |
| Affiliation: | CHEN Zhi-yong, CHEN Xiao-hong, YANG Xu, SHI Shao-pei, XU Che, BIAN Xin-wei(①Lab of Cryptography & Information Security, Shanghai Jiaotong University, Shanghai 200240, China; ②Institute of Forensic Science, Ministry of Justice, Shanghai 200063, China) |
| |
| Abstract: | Computer forensics has attracted much attention with the rapid increase in illegal access to computer system. Based on the analysis of this technology, the in-depth information extraction is proposed and such a system is designed and implemented. It mainly contains two aspects that could be used to acquire the useful information: one is the metadata extraction module based on the analysis of office documents; the other is the deleted file recovery module based on the analysis of file storage on the disk. |
| |
| Keywords: | computer forensics information extraction metadata |
| 本文献已被 维普 万方数据 等数据库收录! |
|
