Computer Forensics Research Based On Windows System

With the rapid development of computer technology, computer crime types and means become complicated more and more, and computer systems security issues become more serious than before. How to obtain the relevant electronic evidence of computer crime furthest and combat computer-related crime effectively has become a new research focus in the field of information security. An effective way to solve this problem is the computer forensics technology.In this paper, after analyzing some problems on computer forensics such as lack of scientific and standard computer forensics architecture and targeted computer forensics method, the existing computer forensics architecture and key technologies of windows system computer forensics(Windows forensics software toolkits, evidence collection and analysis under windows) are discussed in detail. On this basis, windows-based computer forensics system architecture is designed which is easy to operation, and the Windows system response method is proposed to obtain evidence and accordingly carry out forensic analysis. Furthermore, the method of analyzing the file system, log files and registry in windows system to obtain the evidence in a computer is discussed.The architecture and method given in the paper have the advantages of standardized the windows system computer forensics workflow and facilitated the windows system site evidence collection, and establish a foundation for researching the windows system computer forensics methods and building a practical computer forensics system, which provided effective tools for fighting against computer crime and protecting computer systems information security and promoted the practical application of computer forensics technology.The Windows computer forensics system includes extensive range of knowledge, and this article only discussed the computer forensics system architecture based on Windows and the initial response method of Windows system in detail. In the future, the development of Windows-based computer forensics software tools which only need a small quantity of operation to the evidence data will be researched to solving the problems of computer forensics, combating with computer crime and contributing to the protection of national information security.