| 浏览器取证技术 |
| |
| 引用本文: | 陶姿邑,毕善为. 浏览器取证技术[J]. 计算机系统应用, 2014, 23(5): 8-15 |
| |
| 作者姓名: | 陶姿邑 毕善为 |
| |
| 作者单位: | 陕西中医学院, 西安 712046;日立电梯(中国)陕西分公司, 西安 712046 |
| |
| 摘 要: | 随着信息时代的来临,一些不法分子在实施犯罪之前往往会上网查询信息,他们所用的浏览器便成了司法机关取证的关键. 能否提取有效的犯罪线索或证据,取决于浏览器取证方法的好坏,本文介绍了目前主流的火狐浏览器、IE浏览器的取证技术,概述了IE缓存文件和基于SQLite数据库的火狐浏览器历史系统的日志文件结构,提出了信息恢复方法. 通过对已删除日志文件或缓存文件信息提取,来达到获取证据的目的,分析用户的行为.
|
| 关 键 词: | 浏览器取证 SQLite数据库 日志文件 信息提取 |
| 收稿时间: | 2013-05-27 |
| 修稿时间: | 2013-06-20 |
Overview of Browser Forensics Technology |
| |
| TAO Zi-Yi and BI Shan-Wei. Overview of Browser Forensics Technology[J]. Computer Systems& Applications, 2014, 23(5): 8-15 |
| |
| Authors: | TAO Zi-Yi and BI Shan-Wei |
| |
| Affiliation: | Shanxi University of Chinese Medicine, Xi'an 712046, China;Hitachi Elevator(China), Shanxi Branch, Xi'an 712046, China |
| |
| Abstract: | With the advent of the information age, some criminals always tend to query information from the Internet before they engaged in criminal activity. So the browser they used has become the key to the forensics of judicial authorities. Whether we can extract the effective evidence of crime depends on the forensics method of browser. This article introduces the forensics technology of Firefox and IE browser which are the current mainstream browsers, outlined the browser temporary file structure, such as the IE cache file and the SQLite database log files of the Firefox, proposed information recovery method. It can collect evidence and analyze the user's behavior by extract the information of the deleted log files or cache files. |
| |
| Keywords: | browser forensic SQLite database log file information extraction |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
