| CMD命令执行记录调查方法研究 |
| |
| 引用本文: | 罗文华.CMD命令执行记录调查方法研究[J].刑事技术,2013(1):31-34. |
| |
| 作者姓名: | 罗文华 |
| |
| 作者单位: | 中国刑事警察学院计算机犯罪侦查系,沈阳,110854 |
| |
| 基金项目: | 公安部应用创新计划项目 |
| |
| 摘 要: | 作为计算机犯罪侦查中重要的证据与线索来源,CMD命令执行记录在揭示犯罪分子行为细节方面发挥着重要作用。本文在详细分析CMD命令执行记录于内存中的数据存储结构基础上,着重说明基于Win-dows操作系统内存转储文件的历史记录重建方法,并对过程中涉及到的具体技术与注意事项予以阐述。
|
| 关 键 词: | 命令提示符 数据结构 虚拟地址 物理地址 DOSKEY |
Research on the Method of CMD executed record investigation |
| |
| LUO Wen-hua.Research on the Method of CMD executed record investigation[J].Forensic Science and Technology,2013(1):31-34. |
| |
| Authors: | LUO Wen-hua |
| |
| Institution: | LUO Wen-hua(China Criminal Police college,Shenyang 110854,China) |
| |
| Abstract: | In this paper, the data structure of CMD record executed in RAM was analyzed and the reconstruct method of history record based on dump file in Windows was introduced. |
| |
| Keywords: | command prompt data structure virtual address physical address DOSKEY |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
