摘要
鉴于实际取证工作中存在的不允许拆卸计算机硬盘的情况,基于移动介质的免拆机取证技术应运而生。然而目前使用的免拆机取证技术存在着种种缺陷,本文就如何提高硬盘复制速度、提高取证效率、保证证据的司法有效性、增强无痕取证等问题,提出相应的解决方案,让取证工作更快速、更准确。
Because of difficulties of taking out hard drives from desktop or notebook computers of the suspect during forensic practice, disassemble-free forensic technology based on removable media came into being, but current solution still had lots of deficiencies. This paper describes solutions on how to improve the duplication speed of hard drive to make digital evidence processing more efficient and forensically sound, and how to enhance the capability of live forensics without trace. These solutions will make evidence processing faster and more accurate during the process of digital investigations.
出处
《信息网络安全》
2010年第11期27-30,共4页
Netinfo Security
关键词
移动介质
免拆机
WINPE
Computer Forensic
Disassemble-free
Windows PE
