| 基于NTFS的计算机反取证研究与实现 |
| |
| 引用本文: | 李步升.基于NTFS的计算机反取证研究与实现[J].计算机工程,2010,36(19):274-276. |
| |
| 作者姓名: | 李步升 |
| |
| 作者单位: | 景德镇陶瓷学院信息工程学院,江西,景德镇,333001 |
| |
| 摘 要: | 为对抗各种取证软件的分析与调查,针对NTFS文件系统提出一种数据隐藏方法。该方法支持用户从系统中选择合适大小的正常文件作为载体,运用对称加密算法和异或运算对待隐藏数据进行预处理,在确保原载体文件正常的前提下,将处理后的结果嵌入到正常文件中。该方法可以解决隐藏文件时,需要人工不断搜索空闲空间以容纳待隐藏文件的难题,其处理速度快且具有较强的计算机取证对抗 能力。
|
| 关 键 词: | 反取证 目录重构 对称加密 隐写术 |
Computer Anti-forensic Research and Implementation Based on NTFS |
| |
| LI Bu-sheng.Computer Anti-forensic Research and Implementation Based on NTFS[J].Computer Engineering,2010,36(19):274-276. |
| |
| Authors: | LI Bu-sheng |
| |
| Affiliation: | (School of Information Engineering, Jingdezhen Ceramic Institute, Jingdezhen 333001, China) |
| |
| Abstract: | This paper proposes a data hiding method to combat a variety of forensic software analysis and investigation. This method allows users to select an appropriate file as a carrier from the target file system, and the hiding data is processed by an algorithm of symmetrical encryption and XOR before embedding in the carrier file. After that, the hiding data is embedded into normal files, as the same time it should make sure that the file can be opened correctly. This method solves the problem of consuming lots of time to search for free space to hide the file. It is fast and has a strong ability to fight against computer forensic. |
| |
| Keywords: | anti-forensic directories reassembly symmetrical encryption steganography |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
