摘要
Office系列文件是数字取证中遇到频率最多的文件之一,由于其采取复合文档的结构,其内部包含着与案件调查相关的诸多信息。目前针对基于OLE格式的office文件调查技术已相当成熟,但对目前微软广泛采用的OXML格式的office文档调查研究较少。首先对基于OXML结构的office文档进行结构介绍,然后通过比较分析、测试,提出了一种基于文档关键字搜索及结合文档头、尾特征的取证调查方法。
Office series of documents is one of the most frequently encountered in digital forensics file contains a lot of information related to the investigation of a case to take the composite structure of the document,its internal.File investigative techniques based on the the OLE format of office has been very mature,but the the OXML format of Microsoft’s widely used office documents less research.First,based on the the OXML structure office documents carried structure is introduced,and then through a comparative analysis,testing,presented a document keyword search and binding document head,tail forensic investigation methods.
出处
《计算机安全》
2013年第8期44-46,共3页
Network & Computer Security
基金
北京市教委优秀青年骨干教师资助项目(KM201010009006)资助
