Windows使用记录软件的设计与实现
Windows사용기록연건적설계여실현
Windows Uses the Logging Software Design and Implementation
  • 万方数据
    软件 연건
    SOFT WARE
    2014年 1期 4-7 ,共4页

    张佑乐%王宏韬%李康%康晓凤

    장우악%왕굉도%리강%강효봉

    信息安全%计算机取证%痕迹分析 信息安全%計算機取證%痕跡分析
    신식안전%계산궤취증%흔적분석
    Information Security%Computer Forensics%Trace Analysis
    由于计算机证据具有易修改性、实时性、设备依赖性,又具有可以精确重复性等高科技特性,在技术上本系统采用的取证原则和步骤都是基于一种静态的视点,即事件发生后,对目标系统的静态分析,提取有用信息,其中包括注册表最后一次打开位置、控制台历史记录、画图程序历史记录、公用对话框运行模块、最近使用项目、最近打开程序、搜索记录、运行记录等。能够保证计算机证据的客观性、合法性和关联性达到真正实用的目的。
    유우계산궤증거구유역수개성、실시성、설비의뢰성,우구유가이정학중복성등고과기특성,재기술상본계통채용적취증원칙화보취도시기우일충정태적시점,즉사건발생후,대목표계통적정태분석,제취유용신식,기중포괄주책표최후일차타개위치、공제태역사기록、화도정서역사기록、공용대화광운행모괴、최근사용항목、최근타개정서、수색기록、운행기록등。능구보증계산궤증거적객관성、합법성화관련성체도진정실용적목적。
    Since computer evidence has properties of modiifability, instantaneity, device dependence as well as high-tech features such as accurate repeatability, technically the forensics principle and procedure that this system adopted are both based on a static viewpoint, namely a static analysis of target system and extraction of useful information, including the last open location of registry, console history record, drawing program history record, run module of common dialog, recently used items, recently opened programs, searching record and operational record etc, which is able to ensure the objectivity, legality and relevancy of computer evidence so as to make itSreal practical.
    원문보기 원문다운로드 사이트로이동
저자의 최근 논문