摘要
为获取存储介质中的碎片E-mail证据,利用集合论原理对邮件碎片文件雕刻问题进行分析,确定基于集合论划分思想的碎片文件雕刻思路。设计包含预处理、E-mail文件碎片子集确定、E-mail碎片间的连接关系确定等过程的邮件碎片文件雕刻算法模型。利用十六进制编辑器,阐述E-mail文件的内部结构特征,结合碎片邮件头尾和内嵌的html文件特征,论述存储介质上碎片的属性,给出碎片间的集中特性、跟随特性、线性特性以及信息特性的连接规则。实验结果表明,碎片邮件文件雕刻算法能更有效地获取邮件证据。
To acquire fragment E-mail evidence from storage medium, this paper analyzes the E-mail fragment file carving problem on the base of the set partition theory, determines the fragment file carving thought. According to the model, it designs E-mail fragment file carving algorithm model including preprocessing, E-mail file fragment subset determination, connected relation determination between E-mail fragments. By using hexadecimal editor, it oxpounds internal structure features of E-mail file, combined with the characteristics of fragment mail head and tail and embedded html files, discusses the fragment attributes in storage medium, and gives the adjacent rules among concentration characteristics, follow characteristics, linear properties and information characteristics from the fragments. Experimental results show that the algorithm can acquire E-mail evidence more effectively.
出处
《计算机工程》
CAS
CSCD
2014年第5期317-320,F0003,共5页
Computer Engineering
基金
国家自然科学基金资助项目(60903220)
郑州市科技攻关计划基金资助项目"基于内存及存储介质的网络取证调查系统"
