| Windows 8回收站取证分析 |
| |
| 作者姓名: | 宋冰 |
| |
| 作者单位: | 河南警察学院,河南郑州450046 |
| |
| 摘 要: | 在计算机取证过程中,对于删除文件的分析常常提供有价值的信息。知道在哪里找到被删除文件并且能够理解文件被删除过程中产生的元数据,这是一个合格的计算机取证人员必备的素质。本文对Window 8系统的回收站与传统的Windows XP系统的回收站的相似点和不同点进行了对比分析,并详细说明了Windows 8系统回收站的工作细节,以期为计算机取证人员提供帮助。
|
| 关 键 词: | 计算机取证 Windows 8 回收站 SID |
Recycle Bin Forensic for Windows 8 |
| |
| Authors: | Song Bing |
| |
| Affiliation: | Song Bing (Henan Police College HenanZhengzhou 450046) |
| |
| Abstract: | Analysis of deleted files often provides useful information for the forensic computer examiner. Knowing where to find the deleted files, and how to interpret the metadata associated with the file's deletion, make up the cornerstone of a successful forensic computer examination. In this paper, the author compares and contrasts the similarities and differences of the Recycle Bin of the Windows 8 between the Recycle Bin of the Windows XP Operating System. In this investigation, the author points-out the details of each implementation that are of interest for the forensic computer examiner. |
| |
| Keywords: | computer forensics Windows 8 recycle bin SID |
| 本文献已被 CNKI 维普 等数据库收录! |
|
