CAJ | 학술논문

为获取存储介质中的碎片E-mail证据，利用集合论原理对邮件碎片文件雕刻问题进行分析，确定基于集合论划分思想的碎片文件雕刻思路。设计包含预处理、E-mail 文件碎片子集确定、E-mail 碎片间的连接关系确定等过程的邮件碎片文件雕刻算法模型。利用十六进制编辑器，阐述E-mail文件的内部结构特征，结合碎片邮件头尾和内嵌的html文件特征，论述存储介质上碎片的属性，给出碎片间的集中特性、跟随特性、线性特性以及信息特性的连接规则。实验结果表明，碎片邮件文件雕刻算法能更有效地获取邮件证据。
위획취존저개질중적쇄편E-mail증거，이용집합론원리대유건쇄편문건조각문제진행분석，학정기우집합론화분사상적쇄편문건조각사로。설계포함예처리、E-mail 문건쇄편자집학정、E-mail 쇄편간적련접관계학정등과정적유건쇄편문건조각산법모형。이용십륙진제편집기，천술E-mail문건적내부결구특정，결합쇄편유건두미화내감적html문건특정，논술존저개질상쇄편적속성，급출쇄편간적집중특성、근수특성、선성특성이급신식특성적련접규칙。실험결과표명，쇄편유건문건조각산법능경유효지획취유건증거。
To acquire fragment E-mail evidence from storage medium, this paper analyzes the E-mail fragment file carving problem on the base of the set partition theory, determines the fragment file carving thought. According to the model, it designs E-mail fragment file carving algorithm model including preprocessing, E-mail file fragment subset determination, connected relation determination between E-mail fragments. By using hexadecimal editor, it expounds internal structure features of E-mail file, combined with the characteristics of fragment mail head and tail and embedded html files, discusses the fragment attributes in storage medium, and gives the adjacent rules among concentration characteristics, follow characteristics, linear properties and information characteristics from the fragments. Experimental results show that the algorithm can acquire E-mail evidence more effectively.