-
公开(公告)号:KR1020110020051A
公开(公告)日:2011-03-02
申请号:KR1020090077732
申请日:2009-08-21
Applicant: 한국전자통신연구원
CPC classification number: G06Q10/10
Abstract: PURPOSE: A collection evidence method and an apparatus thereof, capable of collecting a used file and an access file are provided to maximize the validity of the evidence collection by collecting the used file through the analysis of a link file. CONSTITUTION: An access module(200) accesses a storage medium of a target computer. A file system analysis module(300) analyzes a file system of the storage medium. A link analysis module(500) analyzes a link file through the file system analysis module. A raw file extracting module(600) extracts the original file by using path of the original file. A UI(User Interface) module(800) displays the content of the original file and link information.
Abstract translation: 目的:提供能够收集使用的文件和访问文件的收集证据方法及其装置,以通过分析链接文件收集使用的文件来最大化证据收集的有效性。 构成:访问模块(200)访问目标计算机的存储介质。 文件系统分析模块(300)分析存储介质的文件系统。 链接分析模块(500)通过文件系统分析模块分析链接文件。 原始文件提取模块(600)通过使用原始文件的路径提取原始文件。 UI(用户界面)模块(800)显示原始文件和链接信息的内容。
-
公开(公告)号:KR101078288B1
公开(公告)日:2011-10-31
申请号:KR1020090077732
申请日:2009-08-21
Applicant: 한국전자통신연구원
CPC classification number: G06Q10/10
Abstract: 본발명은디지털포렌식에서대상컴퓨터의저장매체에내장된링크정보를분석하여해당원본파일까지증거로수집함으로써증거의정확성과효율성을높이는기술에관한것이다. 이를위하여, 운영체제및 어플리케이션소프트웨어에의하여생성되는링크정보를식별및 분석하여원본파일의존재여부를파악한다. 이를통하여조사대상컴퓨터뿐만아니라원격컴퓨터에존재하는원본파일을수집함으로써증거자료의유효성을높일수 있다.
-
Search Results
2
records
(took 0.017 seconds)
