| 基于EXT3文件系统数据恢复方法的研究 |
| |
| 引用本文: | 徐国天. 基于EXT3文件系统数据恢复方法的研究[J]. 信息网络安全, 2012, 0(3): 63-65 |
| |
| 作者姓名: | 徐国天 |
| |
| 作者单位: | 中国刑警学院计算机犯罪侦查系,辽宁沈阳,110854 |
| |
| 基金项目: | 公安部应用创新计划项目[2011YYCXXJXY119] |
| |
| 摘 要: | 文章研究了基于日志文件的EXT3文件系统数据恢复方法,采用实例式研究方法,首先分析了EXT3文件系统中文件构成和文件被删除之后inode结点的变化;接下来研究了通过inode编号定位inode结点所在数据块的方法,以及通过日志恢复被删除文件的地址指针和文件名称的方法;最后介绍了通过地址指针和文件名将若干个地址空间中的数据合并成一个文件的方法。最终得出的结论是在日志文件和删除数据未被完全覆盖的情况下,可以通过日志有效恢复EXT3文件系统中被删除的文件。该研究成果可应用于公安机关的电子数据鉴定工作,也可作为公安院校的《电子物证检验》课程。
|
| 关 键 词: | EXT3 日志 恢复 |
The Research of File Recovery Method on EXT3 File System |
| |
| XU Guo-tian. The Research of File Recovery Method on EXT3 File System[J]. Netinfo Security, 2012, 0(3): 63-65 |
| |
| Authors: | XU Guo-tian |
| |
| Affiliation: | XU Guo-tian ( Department of Computer Criminal Investigation, China Criminal Police College, Shenyang Liaoning 110854, China ) |
| |
| Abstract: | The research of file recovery method on EXT3 file system was important for computer forensics. The recovery method on journal had been studied in detail. In this paper, specific examples were used to study. First, the composition of file was analyzed. After the file was deleted, The change of inode was analyzed. According to the inode number, the method to locate the data block was studied. The way to restore the name and address pointer of deleted file had been discussed in detail. The conclusion was investigators could effectively restore deleted files on EXT3 file system by journal. The research results could be applied in computer forensics and "electronic evidence examination" courses. |
| |
| Keywords: | EXT3 journal recovery |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
