基于Windows系统的入侵证据收集研究

The Invasion of Evidence Collection Study Based on Windows System

目前,世界各国对计算机取证技术进行了大量的研究与实践,但是大多数都是基于Linux(Unix)系统的计算机取证技术研究,而Windows系统作为目前最常用的操作系统,尤其在我们国家大多数人都在使用,因此,研究windows系统上的入侵证据收集方法具有非常重要的现实意义。通过对Windows系统特性分析,给出"显形"证据与"隐形"证据的收集方法,以获取重要的入侵线索和结论。为解决计算机取证遇到的问题,打击计算机犯罪、保障国家信息安全做出贡献。

At present,the world of computer forensics technology,a lot of research and practice,but most are based on Linux (Unix) system,computer forensics technology research,while the Windows system as the most popular operating system,especially in our country most of the people are using,and therefore the study of the invasion of windows on the system of evidence collection method has very important practical significance. Through the Windows system characteristics by analyzing "Visualization" evidence and "stealth" of evidence collection methods to obtain important clues and conclusions of the invasion. To address the problems encountered by computer forensics to combat computer crime,contribute to the protection of national information security.