Design And Implementation Of Electornoic Forensics Sytem In Prosecution

With the rapid development of electronic storage, disks have become a primary information storage medium. But Judicial practice in China, involving intellectual property, electronic contract dispute, the network invasion of privacy, corruption and bribery cases.Prosecution's evidence is particularly difficult. How to get the evidence of computer criminals and recover key information which is destroyed becomes a new task of the law and computer science area.Computer forensics is a useful tool or method to beat against crime.In order to enhance the abilities of attacking offences,we need to conduct a profound study on the field of computer forensics which is related to the computer forensics technology in question and requires not only the development of effective forensics tools, but also the research on its definition, standards, proceedings and some other basic theories.In reading a lot of literature and through the system design and development, this article mainly to do the following work:This article introduce the overall objective of the system, operating environment,. Fist this article functional requirements, user traces the various related technologies. Registry contains the most important and rich user information. The article has made a in-depth research on the binary registry file structure, and analysis out of the registry key, key value and data structure information; This paper studies the Windows event log files, web history file, parsing out the relevant record information to achieve a user trace information mining. This article study of the QQ, MSN and other chat log and provides a theoretical basis for chat,In the case of communication data received on the communications object relations, expanding the variety of Relation.This then gives a formatted hard drive data recovery significance and study the hard disk data storage structures, include Windows under FAT32, NTFS structure, then given the deletion of data recovery design principles and development to achieve file recovery, as much as possible to restore the computer to deleted data.In this article, the prosecution system of electronic evidence, evidence feature-rich and functional compared to other similar domestic and international integration and automation system more suitable for the use of personnel at all levels. The system can not only provide a platform for deep analysis of electronic information and computer forensics work to bring great convenience and reliability.