CN106529214A - Electronic evidence collection device and electronic evidence collection method employing same - Google Patents

Electronic evidence collection device and electronic evidence collection method employing same Download PDF

Info

Publication number
CN106529214A
CN106529214A CN201611107543.9A CN201611107543A CN106529214A CN 106529214 A CN106529214 A CN 106529214A CN 201611107543 A CN201611107543 A CN 201611107543A CN 106529214 A CN106529214 A CN 106529214A
Authority
CN
China
Prior art keywords
evidence
data source
obtaining
data
hard
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611107543.9A
Other languages
Chinese (zh)
Inventor
王博
潘登峰
张玮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Grey Information Technology Co Ltd
Original Assignee
Hubei Grey Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei Grey Information Technology Co Ltd filed Critical Hubei Grey Information Technology Co Ltd
Priority to CN201611107543.9A priority Critical patent/CN106529214A/en
Publication of CN106529214A publication Critical patent/CN106529214A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an electronic evidence collection device and an electronic evidence collection method employing the same, and relates to the technical field of network information security. The electronic evidence collection device comprises a high-speed hard disk cloning device, an evidence collection hard disk, a hard-disk cartridge and an evidence collection device. The high-speed hard disk cloning device clones hard disk data in a computer system needing evidence collection to the evidence collection hard disk, and the evidence collection device reads the evidence collection hard disk by means of the hard-disk cartridge for evidence collection. By creating a case, the evidence collection hard disk is taken as a data source to be added to the case; the data source is analyzed to obtain an analysis result; corresponding evidence information is extracted from the data source in dependence on the analysis result; and the evidence information is made to generate an electronic evidence collection report. According to the invention, validity of original data can be guaranteed, and therefore the reliability, fairness and consistency of the evidence collection environment and the evidence collection result can be improved.

Description

Electronic evidence-collecting device and the electronic evidence-collecting method using the device
Technical field
The present invention relates to technical field of network information safety, more particularly, to electronic evidence-collecting device and the electricity using the device Sub- evidence collecting method.
Background technology
Electronic evidence-collecting refers to and utilizes computer hardware technique, to computer intrusion, broken in the way of meeting legal norm The process that the criminal behaviors such as bad, fraud, attack carry out evidence acquisition, preserve, analyze and show.
Existing evidence collecting method is all based on greatly the detection method of pure software.Evidence obtaining software generally passes through scanning computer magnetic Disk, analyzes file and the data of file system therein and storage, provides reference and the content of evidence obtaining for evidence obtaining personnel.It is pure soft Part evidence collecting method advantage is low cost, but reliability, fairness to evidence obtaining environment and result and concordance bring uncertain Sexual factor.
The content of the invention
In view of this, it is an object of the invention to provide electronic evidence-collecting device and the electronic evidence-collecting method using the device, The effectiveness of initial data is can ensure that, so as to improve reliability, fairness and the concordance of evidence obtaining environment and evidence obtaining result.
In a first aspect, electronic evidence-collecting device is embodiments provided, including:High speed hard-disk cloned devices, evidence obtaining are hard Disk, hard-disk cartridge and evidence taking equipment;
The high speed hard-disk cloned devices, are connected with the evidence obtaining hard disk, for by computer system to be collected evidence Hard disc data is cloned on the evidence obtaining hard disk;
The evidence taking equipment, is connected with the evidence obtaining hard disk by the hard-disk cartridge, for being read by the hard-disk cartridge The evidence obtaining hard disk is taken, is collected evidence.
With reference in a first aspect, embodiments provide the first possible embodiment of first aspect, wherein, also Including encryption lock device, the evidence obtaining is inserted by USB (Universal Serial Bus, USB (universal serial bus)) interface and is set It is standby, for being unlocked to the evidence obtaining software in the evidence taking equipment.
With reference in a first aspect, embodiments providing second possible embodiment of first aspect, wherein, institute Evidence taking equipment is stated for notebook computer.
With reference in a first aspect, embodiments providing the third possible embodiment of first aspect, wherein, institute State high speed hard-disk cloned devices, the evidence obtaining hard disk, the hard-disk cartridge and the evidence taking equipment to be incorporated in a safety box.
Second aspect, the embodiment of the present invention also provide the electronic evidence-collecting method of applying electronic apparatus for obtaining evidence, including:
Case is created, and evidence obtaining hard disk is added in the case as data source;
The data source is analyzed, analysis result is obtained;
Corresponding evident information is extracted from the data source according to the analysis result;
The evident information is generated into electronic evidence-collecting report.
With reference to second aspect, the first possible embodiment of second aspect, wherein, institute is embodiments provided State and corresponding evident information is extracted from the data source according to the analysis result include:
Corresponding file or data in the data source are marked according to the analysis result;
The file of labelling or data are extracted, the evident information is obtained.
With reference to the first possible embodiment of second aspect, second of second aspect is embodiments provided Possible embodiment, wherein, in the data source, corresponding file or data include less than at least one information:
Suspicious file or data and file interested or data.
With reference to second aspect, the third possible embodiment of second aspect, wherein, institute is embodiments provided State and the data source is analyzed, obtaining analysis result includes:
Corresponding analysis module is chosen from acquisition module according to the type of the data source;
The data source is analyzed by the analysis module, so as to obtain the analysis result.
With reference to the third possible embodiment of second aspect, the 4th kind of second aspect is embodiments provided Possible embodiment, wherein, the type according to the data source chooses corresponding analysis module bag from acquisition module Include:
The acquisition module includes sharing analysis module and special analysis module, wherein, the shared analysis module and institute State special analysis module and be default option;
When the data source is added, the special analysis module is selected according to the type of the data source is counter.
With reference to the third possible embodiment of second aspect, the 5th kind of second aspect is embodiments provided Possible embodiment, it is wherein, described the data source to be analyzed by the analysis module, so as to obtain the analysis As a result include:
Analysis is scanned to the file in the data source by the analysis module, so as to obtain the analysis module Target data to be parsed, and the target data is stored in background data base.
The invention provides electronic evidence-collecting device and the electronic evidence-collecting method using the device, the device includes high speed hard-disk Cloned devices, evidence obtaining hard disk, hard-disk cartridge and evidence taking equipment, high speed hard-disk cloned devices are by the hard disk in computer system to be collected evidence Data clone is on evidence obtaining hard disk;Evidence taking equipment reads evidence obtaining hard disk by hard-disk cartridge, is collected evidence.By creating case, will Evidence obtaining hard disk is added in case as data source;Data source is analyzed, analysis result is obtained;According to analysis result from number According to extracting corresponding evident information in source;Evident information is generated into electronic evidence-collecting report.Present invention can ensure that initial data Effectiveness, so that improve reliability, fairness and the concordance of evidence obtaining environment and evidence obtaining result.
Other features and advantages of the present invention will be illustrated in the following description, also, partly be become from description Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages are in description, claims And in accompanying drawing specifically noted structure realizing and obtain.
For enabling the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate Appended accompanying drawing, is described in detail below.
Description of the drawings
In order to be illustrated more clearly that the specific embodiment of the invention or technical scheme of the prior art, below will be to concrete Needed for embodiment or description of the prior art, accompanying drawing to be used is briefly described, it should be apparent that, in describing below Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid Put, can be with according to these other accompanying drawings of accompanying drawings acquisition.
Fig. 1 is the structural representation of the electronic evidence-collecting device that the embodiment of the present invention one is provided;
Fig. 2 is the flow chart of the electronic evidence-collecting method of the applying electronic apparatus for obtaining evidence that the embodiment of the present invention two is provided;
The stream of the step of Fig. 3 is the electronic evidence-collecting method of the applying electronic apparatus for obtaining evidence that the embodiment of the present invention two is provided S203 Cheng Tu;
The stream of the step of Fig. 4 is the electronic evidence-collecting method of the applying electronic apparatus for obtaining evidence that the embodiment of the present invention two is provided S202 Cheng Tu;
Fig. 5 is the surface chart of each analysis module of the acquisition module that the embodiment of the present invention two is provided.
Icon:
10- high speed hard-disk cloned devices;20- evidence obtaining hard disks;30- hard-disk cartridges;40- evidence taking equipments.
Specific embodiment
For making purpose, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with accompanying drawing to the present invention Technical scheme be clearly and completely described, it is clear that described embodiment is a part of embodiment of the invention, rather than Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, belongs to the scope of protection of the invention.
Existing evidence collecting method is all based on greatly the detection method of pure software at present.Evidence obtaining software is generally by scanning calculating Machine disk, analyzes file and the data of file system therein and storage, provides reference and the content of evidence obtaining for evidence obtaining personnel, Reliability, fairness and concordance to evidence obtaining environment and result brings uncertain factor, and based on this, the embodiment of the present invention is carried For electronic evidence-collecting device and the electronic evidence-collecting method using the device, it is ensured that the effectiveness of initial data, so as to improve The reliability of evidence obtaining environment and evidence obtaining result, fairness and concordance.
For ease of understanding to the present embodiment, first to the electronic evidence-collecting device disclosed in the embodiment of the present invention and application The electronic evidence-collecting method of the device describes in detail,
Embodiment one:
Fig. 1 is the structural representation of electronic evidence-collecting device provided in an embodiment of the present invention.
With reference to Fig. 1, electronic evidence-collecting device includes high speed hard-disk cloned devices 10, evidence obtaining hard disk 20, hard-disk cartridge 30 and evidence obtaining Equipment 40;
High speed hard-disk cloned devices 10, are connected with evidence obtaining hard disk 20, for by the hard disk in computer system to be collected evidence Data clone is on evidence obtaining hard disk 20;
Specifically, agility and the effectiveness for obtaining data is can ensure that using the hard disc cloning equipment of high speed.
Evidence taking equipment 40, is connected with evidence obtaining hard disk 20 by hard-disk cartridge 30, hard for reading evidence obtaining by hard-disk cartridge 30 Disk 20, is collected evidence.
Specifically, evidence obtaining hard disk is placed in hard-disk cartridge, hard-disk cartridge connects evidence taking equipment by USB line, so that evidence obtaining sets It is standby to read evidence obtaining hard disk.
Exemplary embodiment of the invention, also including encryption lock device, inserts evidence taking equipment 40 by USB interface, For being unlocked to the evidence obtaining software in evidence taking equipment 40.
Specifically, encryption lock is also known as softdog, be it is a kind of be inserted in parallel port of computer or USB port on software and hardware combining Security product, by software arrange many places software locks, so as to by encryption lock as key come open these lock;If not yet There are insertion encryption lock or encryption lock not to correspond to, software normally can not be performed, therefore, only insert add corresponding with evidence taking equipment Close lock, could use the evidence obtaining software in evidence taking equipment, so as to protect to software of collecting evidence, improve the safety of evidence taking equipment Property.
Exemplary embodiment of the invention, evidence taking equipment 40 are notebook computer.
Exemplary embodiment of the invention, high speed hard-disk cloned devices 10, evidence obtaining hard disk 20, hard-disk cartridge 30 and evidence obtaining Equipment 40 is incorporated in a safety box.
Specifically, electronic evidence-collecting device is incorporated in a safety box, the safety of evidence obtaining environment can be improved, prevented Forensic data is tampered, it is ensured that the reliability and concordance of evidence obtaining result.
Embodiment two:
Fig. 2 is the flow chart of the electronic evidence-collecting method of the applying electronic apparatus for obtaining evidence that the embodiment of the present invention two is provided.
With reference to Fig. 2, step S201, case is created, and evidence obtaining hard disk is added in case as data source;
Specifically, case is the set of one or more data sources.Before being analyzed to data source, first have to Case is created, one or more data sources can be added in a case.Data source includes disk mirroring and local file, Wherein, disk mirroring is a kind of file (or file set) of hard disk or storage card byte to the copy of byte.
Step S202, is analyzed to data source, obtains analysis result;
Step S203, extracts corresponding evident information from data source according to analysis result;
Evident information is generated electronic evidence-collecting report by step S204.
Specifically, as shown in figure 3, in the electronic evidence-collecting method of two applying electronic apparatus for obtaining evidence of above-described embodiment, step S203 can take following steps to realize, including:
Corresponding file or data in data source are marked by step S301 according to analysis result;
Step S302, the file of labelling or data are extracted, evident information is obtained.
Here, in data source, corresponding file or data include less than at least one information:
Suspicious file or data and file interested or data.
Further, as shown in figure 4, in the electronic evidence-collecting method of two applying electronic apparatus for obtaining evidence of above-described embodiment, step S202 can take following steps to realize, including:
Step S401, chooses corresponding analysis module from acquisition module according to the type of data source;
Specifically, the analysis module in acquisition module is used for the data in analytical data source, their Study documents and solves Content therein is analysed, for example, is calculated comprising hash and is searched, keyword search and networking products are extracted.Data source addition is appeared in court After in example, need to configure acquisition module, once configuration is completed, acquisition module in running background, and can find related letter When breath, there is provided real-time result.Here, acquisition module is integrated in evidence obtaining software in the way of plug-in unit.
Step S402, is analyzed to data source by analysis module, so as to obtain analysis result.
Exemplary embodiment of the invention, chooses corresponding analysis mould from acquisition module according to the type of data source Block includes:
Acquisition module includes sharing analysis module and special analysis module, wherein, shares analysis module and special analysis mould Block is default option;
When interpolation data source, special analysis module is selected according to the type of data source is counter.
Specifically, as shown in figure 5, acquisition module includes analysis below module:Nearest activity, hash inquiry, files classes Type identification, the extractor of embedded file, Exif (EXchangeable Image file Format, tradable image file Form) resolver, keyword search, email parser, Extended-type name mismatch detector, E01 validators, ARIXTRA point Parser, concern file identification device, PhotoRec dispensers and virtual machine extractor.
Here, above-mentioned analysis module at interpolation data source, all choose by acquiescence, wherein, E01 validators, ARIXTRA analysis Device and virtual machine extractor these three analysis modules are special analysis module, need to be selected according to the type of data source is counter, example Such as when image file of the data source for virtual machine, just need virtual machine extractor to be analyzed data source, otherwise need anti- Select virtual machine extractor because acquiescence choose, to it is counter selected, that is, do not need virtual machine extractor to data Source is analyzed, if likewise, data source is not the image file of the image file of E01 or ARIXTRA, needing counter to select E01 Validator or ARIXTRA analyzer.In addition to these three special analysis modules for share analysis module.
Exemplary embodiment of the invention, is analyzed to data source by analysis module, so as to obtain analysis knot Fruit includes:
Analysis is scanned by analysis module to the file in data source, it is to be parsed so as to obtain analysis module Target data, and target data is stored in background data base.
Specifically, analysis module supports NTFS (New Technology File System, the text of WindowsNT environment Part system), FAT12 (File Allocation Table File System12,12 file allocation table), FAT16 (File 16,16 file allocation table of Allocation Table File System), FAT32 (File Allocation Table 32,32 file allocation table of File System), ExFAT (Extended File Allocation Table File System, extend file allocation table), HFS+ (Hierarchical File System+, hierarchical file system), CD-ROM ISO9660 file system, Ext2 (second in (Compact Disc Read-Only Memory, read-only optical disc) Extended filesystem, the second filial generation extension file system), Ext3 (Third extended filesystem, the third generation Extension file system), Ext4 (Fourth extended filesystem, forth generation extension file system), Yaffs2 (second Yet Another Flash File System) file system, and UFS (UNIX File System, UNIX are literary Part system) etc. various file system analysis and scanning.
The invention provides electronic evidence-collecting device and the electronic evidence-collecting method using the device, the device includes high speed hard-disk Cloned devices, evidence obtaining hard disk, hard-disk cartridge and evidence taking equipment, high speed hard-disk cloned devices are by the hard disk in computer system to be collected evidence Data clone is on evidence obtaining hard disk;Evidence taking equipment reads evidence obtaining hard disk by hard-disk cartridge, is collected evidence.By creating case, will Evidence obtaining hard disk is added in case as data source;Data source is analyzed, analysis result is obtained;According to analysis result from number According to extracting corresponding evident information in source;Evident information is generated into electronic evidence-collecting report.Present invention can ensure that initial data Effectiveness, so that improve reliability, fairness and the concordance of evidence obtaining environment and evidence obtaining result.
Electronic evidence-collecting device and the computer journey of the electronic evidence-collecting method using the device that the embodiment of the present invention is provided Sequence product, including the computer-readable recording medium for storing program code, the instruction that described program code includes can be used to hold Method described in row previous methods embodiment, implements and can be found in embodiment of the method, will not be described here.
Those skilled in the art can be understood that, for convenience and simplicity of description, the system of foregoing description With the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, be will not be described here.
In addition, in the description of the embodiment of the present invention, unless otherwise clearly defined and limited, term " installation ", " phase Even ", " connection " should be interpreted broadly, for example, it may be being fixedly connected, or being detachably connected, or be integrally connected;Can Being to be mechanically connected, or electrically connect;Can be joined directly together, it is also possible to be indirectly connected to by intermediary, Ke Yishi The connection of two element internals.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.
If the function is realized using in the form of SFU software functional unit and as independent production marketing or when using, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, is used including some instructions so that a computer equipment (can be individual People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the invention. And aforesaid storage medium includes:USB flash disk, portable hard drive, read only memory (ROM, Read-Only Memory), random access memory are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
In describing the invention, it should be noted that term " " center ", " on ", D score, "left", "right", " vertical ", The orientation of the instruction such as " level ", " interior ", " outward " or position relationship be based on orientation shown in the drawings or position relationship, merely to Be easy to description the present invention and simplify description, rather than indicate or imply indication device or element must have specific orientation, With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.Additionally, term " first ", " second ", " the 3rd " is only used for describing purpose, and it is not intended that indicating or implying relative importance.
Finally it should be noted that:Embodiment described above, specific embodiment only of the invention, to illustrate the present invention Technical scheme, rather than a limitation, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this It is bright to be described in detail, it will be understood by those within the art that:Any those familiar with the art The invention discloses technical scope in, which still can be modified to the technical scheme described in previous embodiment or can be light Change is readily conceivable that, or equivalent is carried out to which part technical characteristic;And these modifications, change or replacement, do not make The essence of appropriate technical solution departs from the spirit and scope of embodiment of the present invention technical scheme, should all cover the protection in the present invention Within the scope of.Therefore, protection scope of the present invention should be defined by the scope of the claims.

Claims (10)

1. a kind of electronic evidence-collecting device, it is characterised in that include:High speed hard-disk cloned devices, evidence obtaining hard disk, hard-disk cartridge and evidence obtaining Equipment;
The high speed hard-disk cloned devices, are connected with the evidence obtaining hard disk, for by the hard disk in computer system to be collected evidence Data clone is on the evidence obtaining hard disk;
The evidence taking equipment, is connected with the evidence obtaining hard disk by the hard-disk cartridge, for reading institute by the hard-disk cartridge Evidence obtaining hard disk is stated, is collected evidence.
2. electronic evidence-collecting device according to claim 1, it is characterised in that also including encryption lock device, by USB interface The evidence taking equipment is inserted, for being unlocked to the evidence obtaining software in the evidence taking equipment.
3. electronic evidence-collecting device according to claim 1, it is characterised in that the evidence taking equipment is notebook computer.
4. electronic evidence-collecting device according to claim 1, it is characterised in that the high speed hard-disk cloned devices, described take Card hard disk, the hard-disk cartridge and the evidence taking equipment are incorporated in a safety box.
5. a kind of electronic evidence-collecting method of applying electronic apparatus for obtaining evidence, it is characterised in that methods described includes:
Case is created, and evidence obtaining hard disk is added in the case as data source;
The data source is analyzed, analysis result is obtained;
Corresponding evident information is extracted from the data source according to the analysis result;
The evident information is generated into electronic evidence-collecting report.
6. the electronic evidence-collecting method of applying electronic apparatus for obtaining evidence according to claim 5, it is characterised in that described according to institute Stating analysis result and extracting corresponding evident information from the data source includes:
Corresponding file or data in the data source are marked according to the analysis result;
The file of labelling or data are extracted, the evident information is obtained.
7. the electronic evidence-collecting method of applying electronic apparatus for obtaining evidence according to claim 6, it is characterised in that the data source In corresponding file or data include less than at least one information:
Suspicious file or data and file interested or data.
8. the electronic evidence-collecting method of applying electronic apparatus for obtaining evidence according to claim 5, it is characterised in that described to described Data source is analyzed, and obtaining analysis result includes:
Corresponding analysis module is chosen from acquisition module according to the type of the data source;
The data source is analyzed by the analysis module, so as to obtain the analysis result.
9. the electronic evidence-collecting method of applying electronic apparatus for obtaining evidence according to claim 8, it is characterised in that described according to institute The type for stating data source is chosen corresponding analysis module from acquisition module and is included:
The acquisition module includes sharing analysis module and special analysis module, wherein, the shared analysis module and the spy Different analysis module is default option;
When the data source is added, the special analysis module is selected according to the type of the data source is counter.
10. the electronic evidence-collecting method of applying electronic apparatus for obtaining evidence according to claim 8, it is characterised in that described to pass through The analysis module is analyzed to the data source, is included so as to obtain the analysis result:
Analysis is scanned to the file in the data source by the analysis module, it is wanted so as to obtain the analysis module The target data for parsing, and the target data is stored in background data base.
CN201611107543.9A 2016-12-05 2016-12-05 Electronic evidence collection device and electronic evidence collection method employing same Pending CN106529214A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611107543.9A CN106529214A (en) 2016-12-05 2016-12-05 Electronic evidence collection device and electronic evidence collection method employing same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611107543.9A CN106529214A (en) 2016-12-05 2016-12-05 Electronic evidence collection device and electronic evidence collection method employing same

Publications (1)

Publication Number Publication Date
CN106529214A true CN106529214A (en) 2017-03-22

Family

ID=58341418

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611107543.9A Pending CN106529214A (en) 2016-12-05 2016-12-05 Electronic evidence collection device and electronic evidence collection method employing same

Country Status (1)

Country Link
CN (1) CN106529214A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107562707A (en) * 2017-08-31 2018-01-09 湖北灰科信息技术有限公司 Electronic evidence-collecting method and device
CN111061593A (en) * 2018-10-17 2020-04-24 上海越钰信息技术有限公司 Electronic evidence obtaining system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1445665A (en) * 2003-05-08 2003-10-01 上海交通大学 Method for researching and validating default data and buffered data of common application software
CN2681237Y (en) * 2003-09-18 2005-02-23 滕达 A special machine for computer crime investigation and evidence obtaining
CN203720831U (en) * 2014-02-18 2014-07-16 重庆爱思网安信息技术有限公司 Evidence-taking integrated machine

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1445665A (en) * 2003-05-08 2003-10-01 上海交通大学 Method for researching and validating default data and buffered data of common application software
CN2681237Y (en) * 2003-09-18 2005-02-23 滕达 A special machine for computer crime investigation and evidence obtaining
CN203720831U (en) * 2014-02-18 2014-07-16 重庆爱思网安信息技术有限公司 Evidence-taking integrated machine

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107562707A (en) * 2017-08-31 2018-01-09 湖北灰科信息技术有限公司 Electronic evidence-collecting method and device
CN111061593A (en) * 2018-10-17 2020-04-24 上海越钰信息技术有限公司 Electronic evidence obtaining system and method
CN111061593B (en) * 2018-10-17 2023-05-30 上海越钰信息技术有限公司 Electronic evidence obtaining system and method

Similar Documents

Publication Publication Date Title
Beebe Digital forensic research: The good, the bad and the unaddressed
CN110909073B (en) Method and system for sharing private data based on intelligent contract
AU2014237406B2 (en) Method and apparatus for substitution scheme for anonymizing personally identifiable information
Hu et al. Biometric security
JP4824750B2 (en) Confidential information management program, method and apparatus
KR102321608B1 (en) First copyright holder authentication system using blockchain and its method
CN114297448B (en) License applying method, system and medium based on intelligent epidemic prevention big data identification
US20130024698A1 (en) Digital content management system, device, program and method
Colombini et al. Digital profiling: A computer forensics approach
CN113132311A (en) Abnormal access detection method, device and equipment
Mezaris et al. Video verification in the fake news era
Accorsi Automated privacy audits to complement the notion of control for identity management
CN106529214A (en) Electronic evidence collection device and electronic evidence collection method employing same
CN111639355A (en) Data security management method and system
US20210144451A1 (en) Control method, content management system, recording medium, and data structure
CN116090024B (en) Reliable data storage device, system and method
Kwon et al. A tool for the detection of hidden data in microsoft compound document file format
Knights et al. Detecting topic drift with compound topic models
Ge et al. A novel file carving algorithm for docker container logs recorded by json-file logging driver
CN115563656A (en) Electronic accounting archive security management system
JP2009277183A (en) Information identification device and information identification system
CN108491712B (en) Method and device for safely reading and writing hospital confidential documents
Wan et al. Survey of digital forensics technologies and tools for Android based intelligent devices
CN110688645A (en) Big data analysis system based on computer verification code technology
CN112733187B (en) Digital evidence obtaining, analyzing and identifying method based on time attribute

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170322

RJ01 Rejection of invention patent application after publication