Information Collection And File Recovery For Computer Forensics

With the development of information technology, people are exposed to frequent occurrence of crimes committed by or aimed at computers. It's getting more harmful. How to get the evidence of computer criminals and recover key information which is destroyed becomes a new task of the law and computer science area. Computer forensics is a useful tool or method to beat against computer crime. In order to enhance the abilities of attacking computer-related offences, we need to conduct a profound study on the field of computer forensics which is related to the computer forensics technology in question and requires not only the development of effective forensics tools, but also the research on its definition, standards, proceedings and some other basic theories.Based on the research of information collection and file recovery for computer forensics, this paper concludes the next points:1. The emergence, development, status and the prospective research of computer forensics.2. Research about the most popular file system--NTFS. Give an introduction to disk partitions, and expatiate MFT table, construction of file and directory record, and resident/nonresident attributes.3. Promote deleted files recovery theory based on the NTFS file system, design and implement a recovery system for deleted files and formatted information, try to recover as more information as possible and solve the incorrect file name problem found by actually usage.4. Analyze sources of computer operation traces, design and implement a system to acquire these traces. Use forensics methods to fully get system information.5. Integrate recovery information and operation traces base on the search engine named Lucene. Implement a platform to manage and query all the information. This makes forensic works easier and faster by avoiding crossing usage of several data recovery software and information collection software.