共查询到20条相似文献,搜索用时 46 毫秒
1.
本文综述了对于asp类型网站的电子取证知识及应用技术。分别从ASP网站结构、IIS信息及日志文件的获取、网站文件内容的取证、后台数据库信息的获取几个方面展开进行介绍。 相似文献
2.
计算机取证的应用领域是计算机犯罪的调查和举证。计算机犯罪是指利用计算机或以破坏计算机系统为目的的犯罪。它和现实生活中的各种犯罪一样,也会在犯罪现场留下痕迹和线索,不同的是计算机犯罪的“痕迹”是数字化的痕迹,“现场”在计算机系统中。在处理计算机犯罪方面,多数执法人员缺少专门的知识和训练,这给应对信息化的社会生活中的各种高技术犯罪带来了困难。我们的问题是:在发生了计算机犯罪时如何获取、保存和分析这些作为证据的“数字犯罪痕迹”,并在法庭上合法地出示证据,以利于将犯罪嫌疑人绳之以法。下面按四个方面阐述计算机取证的技术和方法。 相似文献
3.
目的随着PDA应用的广泛普及,针对PDA取证扣分析的需求迅速增大。为了能快速全面提取PDA中的数字证据,必须在掌握PDA控制原理的基础上,研究常用的PDA取证模型。方法本文结合国内外相关文献,根据工作中电子证据取证实践,分析了PDA的取证过程,对PDA取证的常用工具进行了分析和比对。结果针对不同的取证需求,使用相应的工具进行取证分析和研究。 相似文献
4.
视频取证技术研究进展 总被引:1,自引:0,他引:1
由于近年来多媒体采集设备和影像处理工具的普及和广泛应用,人们可以轻易对图像和视频进行篡改。利用恶意篡改的图像和视频进行敲诈勒索的案件日益增多,判断监控系统拍摄或者网上下载的图像和视频的原始性和真实性成了迫切需要解决的问题。之前的研究工作多集中在图像取证领域,对视频取证的研究近几年刚刚开始。和图像相比,视频数据量大,数据格式复杂,存储压缩因子高,对取证算法的计算要求高;不过,由于视频在编码方式、时空特性、篡改手段上都有着鲜明的特点,视频取证有更为丰富的研究内容和更为广阔的应用前景。研究人员利用视频采集和压缩编码过程中的特性,以及篡改手段带来的痕迹,对视频篡改检测方法进行了相关探索,取得了一些成果。先前的综述文献大都集中在图像取证领域,只有少数细节涉及到视频取证分析,本文对视频取证技术进行了综述。鉴于某些图像取证技术可用于视频单帧图像取证分析,本文第一部分首先介绍了图像取证相关技术如相机参数、压缩和物理几何不一致取证等。接着对已经提出的视频取证技术,按照采集、压缩和篡改方式进行分类,对它们的原理和优缺点进行了综述,并对反取证技术的相关研究工作进行了介绍。第二部分重点介绍视频采集过程以及辨识视频采集设备的一些方法。第三部分对因编码参数、编码标准以及压缩次数等视频编码过程的不同而遗留的痕迹进行了探讨。第四部分将介绍基于检测视频采集和编码痕迹不一致的取证分析方法,以及揭示篡改遗留痕迹的方法。图像视频压缩检测取证方法的发展始终伴随着相应反取证方法的研究,因此第五部分对视频反取证方法做了介绍。视频取证已经逐渐成为一个研究热点,得到越来越多的研究和关注,仍有许多未知的领域等待更加深入的研究和探索。 相似文献
5.
互联网技术发展使得依托各类网站进行非法活动的案例不断增加,为了对这类犯罪行为进行有效惩治,需要对违法网站结构、Web程序、数据库等进行分析,对犯罪行为的关键信息进行取证.网站的原始数据一般存储于数据库中,而数据加工规则会记录在数据库存储过程、程序代码、或编译后的程序文件中.研究基于逆向工程理论,首先将网站数据库逆向为数... 相似文献
6.
信息收集型木马电子数据取证方法探讨 总被引:2,自引:0,他引:2
信息收集型木马被植入目标系统并运行后,能够记录或收集目标系统中的各类重要信息,如账户名称、账户密码、系统操作与键盘按键信息等,并将所得数据信息通过定时发送邮件或者主动访问特定网页的方式发送给嫌疑人,使其获得非法利益。信息搜索型木马在对网络安全造成破坏的同时,也成了诸多不法分子的犯罪工具,它不仅造成了网络用户巨大的经济损失,而且对社会治安也造成了不良影响。 相似文献
7.
目的对当前我国电子物证检验中提取到的海量数据信息的取证难题进行探讨。方法对数据文件中海量数据信息的特点及其传统取证方法进行分析研究。结果提出开发专用工具软件进行海量数据文件的提取。结论利用专用提取工具软件可以对常见数据文件中有规律性的数据内容进行读取、计算、查重和汇总,使海量涉案数据文件的检验从传统的人工方式转变为计算机的自动处理。 相似文献
8.
计算机网络证据的取证研究 总被引:1,自引:0,他引:1
计算机网络的快速发展巨大地改变着人们的生活,但同时网络犯罪也呈现骤增的趋势,为了有效地打击犯罪,必须研究与网络犯罪相关的侦查技术,而计算机取证是其中最重要的环节之一。计算机取证的主要工具,主要技术和采用方法都有别与传统犯罪的取证,并随着科学技术和犯罪的发展而产生着相应的变化。 相似文献
9.
10.
11.
12.
13.
The big data era has a high impact on forensic data analysis. Work is done in speeding up the processing of large amounts of data and enriching this processing with new techniques. Doing forensics calls for specific design considerations, since the processed data is incredibly sensitive. In this paper we explore the impact of forensic drivers and major design principles like security, privacy and transparency on the design and implementation of a centralized digital forensics service. 相似文献
14.
手机物证检验及其在刑事侦查中的应用 总被引:2,自引:2,他引:2
随着移动通信技术的迅速发展和广泛应用,手机内部包含的信息已经成为犯罪侦查重要的线索和证据来源。采用专门的符合物证鉴定原理要求的技术方法检验手机的SIM卡存储器、主板存储器和闪存卡,可以获得大量的手机使用者个人信息、通信内容信息、通信发生信息、使用者写入存储信息和手机设置信息等大量信息资料。手机检验结果给出的这些信息具有非常高的侦查和证据价值的,手机也因此成为物证鉴定领域内一个新的检验对象。 相似文献
15.
International regulations about the safety of ships at sea require every modern vessel to be equipped with a Voyage Data Recorder to assist investigations in the event of an accident. As such, these devices are the primary means for acquiring reliable data about an accident involving a ship, and so they must be the first targets in an investigation. Although regulations describe the sources and amount of data to be recorded, they say nothing about the format of the recording. Because of this, nowadays investigators are forced to rely solely on the help of the builder of the system, which provides proprietary software to “replay” the voyage recordings. This paper delves into the examination of data found in the VDR from the actual Costa Concordia accident in 2012, and describes the recovery of information useful for the investigation, both by deduction and by reverse engineering of the data, some of which were not even shown by the official replay software. 相似文献
16.
《Digital Investigation》2014,11(3):234-248
Interpretation of traces found on Android devices is an important aspect of mobile forensics. This is especially true for timestamps encountered on the device under investigation. In the presence of both naive and UTC timestamps, some form of timestamp normalisation is required. In addition, the investigator needs to gain some understanding of potential clock skew that may exist, especially when evidence from the device under investigation has to be correlated to real world events or evidence from other devices. A case study is presented where the time zone on the Android device was set incorrectly, while the clock was set to correspond to the time zone where the device was actually located. Initially, the fact that both time zones enforced daylight saving time (DST) at different periods was expected to complicate the timestamps normalisation. However, it was found that the version of the Time Zone Database on the device was outdated and did not correspond to the actual time zone rules for the given period. After the case study, the results of experiments on a broader range of devices are presented. Among other things, these results demonstrate a method to detect clock skew based on the mmssms.db database. However, it was also found that the applicability of this method is highly dependent on specific implementation choices made by different vendors. 相似文献
17.
18.
D.C. Paul J. Taylor Henry Mwiki Ali Dehghantanha Alex Akibini Kim Kwang Raymond Choo Mohammad Hammoudeh Reza Parizi 《Science & justice》2019,59(3):337-348
Minecraft, a Massively Multiplayer Online Game (MMOG), has reportedly millions of players from different age groups worldwide. With Minecraft being so popular, particularly with younger audiences, it is no surprise that the interactive nature of Minecraft has facilitated the commission of criminal activities such as denial of service attacks against gamers, cyberbullying, swatting, sexual communication, and online child grooming. In this research, there is a simulated scenario of a typical Minecraft setting, using a Linux Ubuntu 16.04.3 machine (acting as the MMOG server) and Windows client devices running Minecraft. Server and client devices are then examined to reveal the type and extent of evidential artefacts that can be extracted. 相似文献
19.
We describe the design, implementation, and evaluation of FROST—three new forensic tools for the OpenStack cloud platform. Our implementation for the OpenStack cloud platform supports an Infrastructure-as-a-Service (IaaS) cloud and provides trustworthy forensic acquisition of virtual disks, API logs, and guest firewall logs. Unlike traditional acquisition tools, FROST works at the cloud management plane rather than interacting with the operating system inside the guest virtual machines, thereby requiring no trust in the guest machine. We assume trust in the cloud provider, but FROST overcomes non-trivial challenges of remote evidence integrity by storing log data in hash trees and returning evidence with cryptographic hashes. Our tools are user-driven, allowing customers, forensic examiners, and law enforcement to conduct investigations without necessitating interaction with the cloud provider. We demonstrate how FROST's new features enable forensic investigators to obtain forensically-sound data from OpenStack clouds independent of provider interaction. Our preliminary evaluation indicates the ability of our approach to scale in a dynamic cloud environment. The design supports an extensible set of forensic objectives, including the future addition of other data preservation, discovery, real-time monitoring, metrics, auditing, and acquisition capabilities. 相似文献
20.
A survey of main memory acquisition and analysis techniques for the windows operating system 总被引:1,自引:0,他引:1
Traditional, persistent data-oriented approaches in computer forensics face some limitations regarding a number of technological developments, e.g., rapidly increasing storage capabilities of hard drives, memory-resident malicious software applications, or the growing use of encryption routines, that make an in-time investigation more and more difficult. In order to cope with these issues, security professionals have started to examine alternative data sources and emphasize the value of volatile system information in RAM more recently. In this paper, we give an overview of the prevailing techniques and methods to collect and analyze a computer's memory. We describe the characteristics, benefits, and drawbacks of the individual solutions and outline opportunities for future research in this evolving field of IT security. 相似文献