| Windows缩略图缓存文件的分析和取证 |
| |
| 引用本文: | 刘浩阳.Windows缩略图缓存文件的分析和取证[J].信息网络安全,2012(1):74-76. |
| |
| 作者姓名: | 刘浩阳 |
| |
| 作者单位: | 大连市公安局,辽宁大连116012 |
| |
| 摘 要: | 尽管缩略图文件在Windows系统中一直存在,但是它的数据结构一直少有人关注。缩略图文件作为保存图形文件的重要数据的数据库,在计算机取证中具有重要作用。文章通过对不同Windows系统下的缩略图文件的结构进行解析,阐述如何利用缩略图文件来恢复数据和获取关键证据。
|
| 关 键 词: | Thumbs.db Thumbcache 计算机取证 复合文件 |
The Analysis and Forensic of Thumbs.db |
| |
| LIU Hao-yang.The Analysis and Forensic of Thumbs.db[J].Netinfo Security,2012(1):74-76. |
| |
| Authors: | LIU Hao-yang |
| |
| Affiliation: | LIU Hao-yang(Dalian Municipal Public Security Bureau,Dalian Liaoning 116012,China) |
| |
| Abstract: | Windows operating system have a character.It is Thumbs.db(Windows7 change it to Thumbcache).Thumbs.db is a database.It have many information like timestamp,picture,etc.The structure of Thumbs.db is unkown.I decoded the Thumbs.db to show how to analyse it in computer forensic area. |
| |
| Keywords: | Thumbs db Thumbcache computer forensic compound file |
| 本文献已被 CNKI 维普 等数据库收录! |
