期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于日志的U盘取证模型研究 被引量:1

Research on a Log Based U-Disk Forensics System Model
下载PDF
导出
摘要 为解决windows环境下U盘在计算机中的读写操作难以记录和保存的问题,对U盘与计算机的整个交互流程和U盘的惟一性标识开展研究,在该基础上设计了基于日志的U盘取证系统模型。该模型采用特殊的日志文件结构,通过基于WDM框架的过滤驱动程序来获取U盘在系统中留下的痕迹,并采用特殊的方式进行存储。分析结果表明,该模型切实可行,能够记录U盘从系统中获得的数据及行为,构建有效的证据链供司法取证调查使用。 In order to solve the problem of recording and saving the read - write operation of U disk in windows, the whole interaction process between U disk and computer and unique identifier of U disk are studied. Firstly, a digital forensics system model of U disk based on log is designed. A special structure of log file and a filter driver based on WDM framework are adopted in order to obtain the trace of U disk leaving in system. Hash function is also considered to ensure the integrity of log events. The analysis results show the model is feasible. Using this technology can record data which U disk copy from system and its behavior and build an effective chain of evidence for investigation
作者 张若箐 牛飞斐
机构地区 西安电子科技大学通信工程学院 北京电子科技学院 河南理工大学计算机科学与技术学院
出处 《北京电子科技学院学报》 2013年第2期71-75,90,共6页 Journal of Beijing Electronic Science And Technology Institute
基金 国家自然科学基金项目(NO.61070219) 中央高校基本科研业务费专项资金资助课题 北京电子科技学院信息安全重点实验室资助课题
关键词 计算机取证 日志 过滤驱动 U盘 Computer Forensics Log Filter Drivers U disk
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献11

  • 1Waleed Halboob , Muhammad Abulaish , Khaled S. Alghathbar. Quaternary Privacy- levels Pres- ervation in Computer Forensics Investigation Process [ C ].//Proc of the 6th International Con- ference on Internet Technology and Secured Trans- actions. 2011 : 777 - 782.
  • 2P. Stephenson. The Forensics Investigation Steps [J]. Computer Fraud & Security,2002(10) : 17 -19.
  • 3Rong sheng Xu , K. P. Chow. Development of Do- mestic and International Computer Forensics [ C ]//Proc of the Seventh International Confer- ence on Intelligent Information Hiding and Muhi- media Signal Processing . 2011 : 388 - 394.
  • 4Rafael Accorsi. Log Data as Digital Evidence: What Secure Logging Protocols Have to Offer? [ C]. //Proc of the 33rd Annual IEEE Interna- tional Computer Software and Applications Con- ference. 2009:398 - 403.
  • 5Peter Frfihwirt, Peter Kieseberg, et al. InnoDB Database Forensics: Reconstructing Data Manipu- lation Queries from Redo Logs. [ C ].// Proc of the Seventh International Conference on Availabil- ity, Reliability and Security. 2012:625 - 633.
  • 6张功萱,沈创业,王平立,王玲.移动存储信息的信任链动态跟踪技术研究[J].计算机研究与发展,2011,48(S1):37-42. 被引量:3
  • 7P. W. D.C. Jayathilake A Novel Mind Map Based Approach for Log Data Extration [ C ].//Proe of the 6th International Conference on Industrial and Information Systems, 2011 : 130 - 135.
  • 8JingLy Zhou, Hongyu Zhang. Study of IRP for Windows Driver Model. [ C ].// Proc of the In- ternational Conference on Communications, Cir- cuits and Systems, 2007:521 - 524.
  • 9Cant C. Writing Windows WDM Device Drivers [J]. R&D Book. 1999,35(6). 3 -8.
  • 10Guo Li, Mingli Li, et al. Research on USB driver for Data Acquisition[ C].//Proc of the 2nd In- ternational Conference on Future Computer and Communication ,2010 : v2 - 74 - v2 - 78.

二级参考文献4

共引文献2

同被引文献3

引证文献1

北京电子科技学院学报
2013年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部