摘要
本文介绍"信息熵(entropy)"的重要价值及其在电子数据取证领域的应用。"信息熵"可用于未知加密类型文件、应用信息隐藏技术的文件、未知恶意代码及网络中加密或可疑通信数据的发现与分析、磁盘阵列(RAID)重组分析等。"信息熵"已成为电子数据取证领域对抗反取证技术的有力武器,它在未来的电子数据取证领域将发挥日益重要的作用,得到更为广泛的应用。
This paper describes the important value of entropy and its application in the field of digital forensics.Entropy is applicable to detect known and unknown encrypted file,files with hidden data,unknown malware,encrypted data or malware variants in the network traffic and analyze information of RAID array intelligently to get the order of disks which make up the array.Entropy becomes one of key weapons to defeat anti-forensic tools and will also play more and more important role in the field of digital forensics.
出处
《电信科学》
北大核心
2010年第S2期124-128,共5页
Telecommunications Science
