Research On Information Acquisition Technology Based On Data Recovery

With the rapid development of computer and network, hi-tech crime is becoming more serious. Criminals would delete digital evidence which can testify crime. So it is the important subject for computer forensic to research how to acquire and analyze sensitive information from memorizer.This paper elaborates on the information acquisition technology which is based on the research and realization of two modules: one is hard disk data scan recovery module and another is network trace acquisition module. According to the research and analyze the FAT file system principle and the existence mode of the trace data, I mentioned to develop a set of tool which can acquire information form memorizer such as hard disk. And at last the successful realization of fast scan and deep scan to memorizer, finding deleted data most and detecting remnant data after formatting, restoring deleted data most and displaying the file content, and the acquisition of history data such as Index.dat.The successful research of the hard disk scan recovery module and network trace acquisition module is good at static computer forensic and can improve the traceability of system files.