The Research And Implementation Of Computer Forensic System Based On The Windows Platform

During the enquiry, it is difficult to find and identify the evidence. The difficulties existed in the investigation delay the progress of job and weaken the validity of evidence. Therefore, it is important to use computer forensic to combat crime. Proof by computer, as a science of computer and law area, becomes a focus of attention.In order to realize the comprehensive and efficient job for computer forensics, this paper designs and implements a computer forensic system based on the windows platform. The electronic evidence extraction and analysis subsystems are detailed studied and implemented. This job involves comprehensive gathering, accurate analyzing and appropriate presentation. The main contents are as follow.1. System frame and functional model design: To meet the requirements of particular users, this paper describes the design target and ideas, and presents specific programs involved work pattern, functional model and workflow.2. Electronic evidence extraction: Applying information extraction technology to Windows Registry and Event Log, the realization of the data mining for system information and user track is developed. And the further spread for the evidence and supporting for multi-environment are completed. At the same time, this paper proposes different information acquisition method for different E-mail Client by conducting research on file structure and storage format of different E-mail’s client.3. Electronic evidence analysis: By studying content-extracting technic of document and pattern matching algorithms, this paper puts forward a content detection model based on pattern matching. Additionally, to extract file contents from image, this model separates the embedded text from the image background by applying digital image processing technology and OCR engine.This paper researches and realizes the computer forensics system based on the windows platform. It features a rich, handle easily, supports a variety of detection environment and multiple operating systems. Implementation of the system provides an effective and exact method for related organization, which has practical meaning.