Research On Key Technology Of Computer Forensics

In recent years, the problems that brought by computer-related crime became mor.e and more serious Since the breaking out of"Xiongmao Shaoxiang"virus, the society was paying increasing attention to computer-related crime. Meanwhile, the computer forensic technology , which is a key method of crime-fighting, also gradually becomes a research focus in this industry. In China, the China Computer Forensics Conference(CCFC), organized by China Computer Forensics Research Center, has held large-scale activities for three times, which contributed a lot to the academic exchanges of technicians in this industry.In this paper, we embarks from the needs of actual computer forensic cases, and studies some key technology in computer forensics as following.First, data recovery technology. This technology is one of the most frequently used technologies in computer forensics. This article starts from the structure of FAT32 and the NTFS file system, and analyzes the principle of recovering a deleted file and rebuilding formatted file system. Then a normal method is stated to deal with file recovery and file system rebuilding after formatted.Second, disk full-text searching technology. While the existing tools cannot satisfy the needs of concrete forensic cases, we propose a common forensic method that uses full-text searching technology to get digital evidences. Meanwhile, in this paper we improved the pattern matching algorithms by comparing the searching speeds under various conditions, and found out a best algorithm to apply to our forensic platform. This method, combining with data recovery technology, can achieve the goal of getting digital evidences by file types, file name or even file keywords , what improves the efficiency of computer forensics a lot.Third, analysis of typical file type. For example, email(EML, DBX. PST, BOX file, and so on), print spool file (SPL and SHD), and so on. In this paper we discuss the structure of such file types, and show how to extract digital evidence from them. Moreover, this paper refers to a method to trace the records of USB Mass Storage devices in the computer.Last, we also study the models of ciomputer forensics, and give the proof of credibility of computer forensic. In this paper, we reviewed some classic forensic models, and then proposed a new forensic model based on the waterfall model in software engineering. Also, we studied the abstract forensic network, proposed the concept of forensic credibility, and proved it to be sound. using probability theory methods.