| 基于磁盘碎片熵值特征的文件雕刻算法研究 |
| |
| 引用本文: | 李炳龙,暴占彪,王鲁,王清贤.基于磁盘碎片熵值特征的文件雕刻算法研究[J].计算机工程,2012,38(16):40-43. |
| |
| 作者姓名: | 李炳龙 暴占彪 王鲁 王清贤 |
| |
| 作者单位: | 解放军信息工程大学电子技术学院;河南财经政法大学现代教育技术中心 |
| |
| 基金项目: | 国家自然科学基金资助项目(60903220);郑州市科技攻关计划基金资助项目“基于内存及存储介质的网络取证调查系统”;解放军信息工程大学校博士启动基金资助项目(42413621V) |
| |
| 摘 要: | 为获取受损存储介质或者有意隐藏在存储介质中的数字证据,设计一种文档碎片熵值特征提取算法,以区分不同文件类型文档碎片的熵值范围。在该算法的基础上,结合文件在存储介质中的存储位置特性,设计碎片文件雕刻框架,提出基于碎片熵值特征的文件雕刻算法。实验结果表明,与现有雕刻算法相比,该算法能够更有效地雕刻存储介质中的碎片文件。
|
| 关 键 词: | 数字取证调查 数字证据 文档碎片 碎片熵值特征 文件雕刻 |
| 收稿时间: | 2011-12-12 |
| 修稿时间: | 2012-03-02 |
Research on File Carving Algorithm Based on Disk Fragment Entropy Value Feature |
| |
| LI Bing-long,BAO Zhan-biao,WANG Lu,WANG Qing-xian.Research on File Carving Algorithm Based on Disk Fragment Entropy Value Feature[J].Computer Engineering,2012,38(16):40-43. |
| |
| Authors: | LI Bing-long BAO Zhan-biao WANG Lu WANG Qing-xian |
| |
| Affiliation: | 1(1.Institute of Electronic Technology,PLA Information Engineering University,Zhengzhou 450004,China;2.Modern Education Technology Center,Henan University of Economics and Law,Zhengzhou 450002,China) |
| |
| Abstract: | File carving is the important techniques about digital crime forensic investigation.In order to acquire digital evidence from the destroyed disk media,a feature extracting algorithm about document fragment is proposed which can identify various document fragments about its entropy value.Based on this algorithm,fragment file carving algorithm is designed by combining the logic property of disk cluster.Results show that compared with other file carving algorithms,the algorithms can carve out more files. |
| |
| Keywords: | digital forensic investigation digital evidence document fragment fragment entropy value feature file carving |
| 本文献已被 CNKI 维普 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
