摘要
介绍计算机取证的相关知识,分析实现计算机取证系统所涉及的硬盘的数据组织格式、文件系统解读、文件发现技术、删除数据的恢复技术等核心技术,为进一步实现计算机取证系统提供技术支撑。
Forensic computing involves processes of retrieving, preserving, analyzing, and presenting of data that have been stored in computer media. It is a hotspot in security field. The techniques about data forraat, unscrambling of system architecture, file finding, recovery of deleted files in the hard disk are discussed.
出处
《广西科学院学报》
2006年第4期370-374,共5页
Journal of Guangxi Academy of Sciences
关键词
计算机取证
数字证据
系统解读
数据恢复
forensic computing, forensic duplicates, system architecture, recovery of data