| Unix系统计算机取证中数据恢复方法探讨 |
| |
| 引用本文: | 李枫,张涛. Unix系统计算机取证中数据恢复方法探讨[J]. 山西省政法管理干部学院学报, 2011, 24(2): 126-127 |
| |
| 作者姓名: | 李枫 张涛 |
| |
| 作者单位: | 1. 太原理工大学,山西,太原,030024
2. 太原警官职业学院,山西,太原,030032 |
| |
| 摘 要: | 计算机犯罪和网络入侵事件给司法取证提出了新的要求,恢复计算机中被删除的信息成为获取证据和犯罪线索的一种重要手段。文章介绍了Unix系统中文件的存储及删除原理,着重探讨了利用系统命令、Debugfs工具、RAW文件等方式恢复数据取得证据的方法。
|
| 关 键 词: | Unix系统 计算机取证 数据恢复 |
Discussion on the Methods of Data Restoration of Computer Evidence Collecting |
| |
| LI Feng,ZHANG Tao. Discussion on the Methods of Data Restoration of Computer Evidence Collecting[J]. Journal of Shanxi Politics and Law Institute for Administrators, 2011, 24(2): 126-127 |
| |
| Authors: | LI Feng ZHANG Tao |
| |
| Affiliation: | 1.Taiyuan University of Technology,Taiyuan Shanxi 030024;2.Taiyuan Police Professional College,Taiyuan 030032,China) |
| |
| Abstract: | With the increasing of computer crime and netwr attack,new demands of collecting evidences are put forward by the Judicial Branches.Restoration of the deleted information in Computer file system has become an important means of acquiring evidence and crime clues.The article fouces on the legal significance of Computer Evidence Collecting.The principle of data restoration and deletation is introduced in this essay.What’s more,it mainly discuss the methods of data restoration for evidence collecting by the means of system orders,Debugfs,RAW file restoration. |
| |
| Keywords: | Unix/Linux collect evience data delete restore |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
