| With the rapid development of computer technology and Internet technology,personal computers and information technology office have become more and morepopular. But at the same time, more and more criminals related to computer arehappening. In recent years, as a new type of forensic technology computer forensicstechnology has made tremendous development. It is a digital forensics discipline, whichis combined with computer technology and the law. It is mainly about study how to getthe computer evidence which can be adopted by the court scientifically and legally fromthe computer and its peripheral equipment.Based on the actual needs of the project and the basis of previous studies, thisthesis studied and designed a windows-oriented computer forensics system. It focuseson three key technologies in the system, and achieved a data analysis forensic prototypesystem. This thesis includes:First of all, from the actual need and development trend of the computer forensics,the results and differences of computer forensics at home and abroad are analyzed.Second, a definition of computer forensics,the principles of computer forensics, basicsteps and the basic framework are introduced. Then, according to the actual need, withreference to the existing research, present a Windows-oriented computer forensicssystem framework, overview of the relevant module, design and implement a dataanalysis forensic prototype system. After that, the three key technologies in the system:fast file search technology, system traces extract technology, traces In-Depth extractiontechnology based on file storage format features matching are described in detail.Finally, test these three key modules in a prototype system, and analyze the test results.The main contribution of this thesis is to:1. Design and implement an efficient text quick search for TXT, PDF, Office03Office07, as well as common picture files.2. Improve the existing registry traces extraction technology to be compatible withWindows64-bit systems. Design and implement a method of internet tracesextraction for common browsers (Chrome, Firefox). Propose and implement a new method of extracting the new system traces of Windows7-Jump List.3. With the reverse and research of the file storage format of the Hive file andIndex.dat, design and implement a quick traces In-Depth extraction methodbased on feature matching. It can improve the speed of the the system tracesIn-Depth extraction.These three key technologies of computer forensics have a good performance. To acertain extent, they improve the known forensic methods, and propose new methods foremerging forensic issues. They have a role in promoting the development ofwindows-oriented computer forensics technology. |
PDF Full Text Request