| The rapid development of network technology,especially the instant messaging technology(micro-blog,We Chat and MOMO)change rapidly,convenient communication at the same time,also brought many new social problems.In the field of politics,international division of organization,government information systems group of criminal organizations using illegal means invasion of countries,using a variety of electronic communication software.The mailbox spread reactionary remarks,the development of illegal organization.In the economic field,the rapid development of electronic commerce,the disclosure of personal information,online fraud,commercial fraud and other criminal acts have occurred.At present,hackers,viruses and malicious software has become a serious problem of the Internet,especially for e-government,poses a serious threat to electronic business and security of Internet users,the network crime has no fixed place of crime,a computer,a network cable can operate,the cost of crime is more and more low,without paper The characteristics of strong anti reconnaissance capability,which makes the behavior more and more violates the law,the network crime will become the main form of a crime in the foreseeable future.Therefore,how to resist the maximum intensity of this kind of crime,to obtain and curing electronic evidence.[1]Firstly,the research background of electronic evidence summarized,separately from the national security,people's internal security and economic importance of electronic evidence obtaining and curing,and lists the electronic evidence forensics software more commonly used at home and abroad,break down the advantages and disadvantages,the research of low cost,practical restoration electronic data information and curing methods lost strong importance.Secondly,from the legal entity concept,comprehensive summary characteristics of electronic evidence,from the legal procedure and explained the electronic evidence extraction method and program flow.Thirdly,through the elaboration of the location of the INFO2 file and data structure,detailed how the recovery of computer operating system stop the recovery of electron data has been lost,and then lists the Windows operating system log data storage structure of the contents of the log specification,detailed analysis and demonstration of power The process of data solidification.Again,the actual use of the case to demonstrate the evidence collected by the Windows recycle bin and computer forensics log analysis system is used in practice.This paper analyzes user to delete the file by recycling station,is through the research of the INFO2 file,in order to get the full path to the initial file name,size,specific time out after moving to recycle bin and the recycling station in the one and only ID number and other information,these information to help investigators to restore the scene,there are important significance of establishing user behavior time line.The reduction of data at any time two times the risk of destruction,analyze the basic elements needed to log extraction technology,based on the realization of a log extraction and analysis of Windows system is convenient,effective curing of electronic evidence,in order to achieve the quality certificate. |
PDF Full Text Request