摘要
随着计算机技术的发展和信息化的普及,计算机犯罪事件频繁发生,如何最大限度地获取计算机犯罪相关的电子证据,其中涉及的技术就是计算机取证技术。计算机取证包括对计算机犯罪现场数据的确认、保护、提取、分析。文中对W indows系统被动取证的相关技术进行深入的研究和探讨,在犯罪事件发生后对犯罪行为进行事后的取证,存在着证据的真实性、有效性和及时性问题。计算机取证收集的证据往往是海量的,而且来源复杂,格式不一,文中重点分析了取证过程中如何生成鉴定复件、证据的来源、如何收集分析证据、如何保全证据。
With the development of computer technology and the popularity of information, the events of computer forensics of windows system, if the computer forensic is adopted after the crime have occurred, it will have the problems of the true and the efficacy on the evidence. Usually, the amount of original evidence data, which is collected from so many sources and in different file formats, is massive. This paper focuses on making identify copy, the sources of evidences, collecting and analyzing evidences, save the evidences from damage.
出处
《电子工程师》
2007年第10期49-51,共3页
Electronic Engineer
基金
中国工程物理研究院基金资助项目(20060650)
关键词
WINDOWS系统
静态取证
复件
收集证据
分析证据
Windows system
static computer forensics
copy
collecting evidences
analyzing evidences
