English  |  正體中文  |  简体中文  |  Items with full text/Total items : 51258/86283 (59%)
Visitors : 8021014      Online Users : 86
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/34197

    Title: 採用LiveCD改善電腦蒐證品質與效率之研究
    Other Titles: The study of using livecd to improve the quality and efficiency on collecting computer evidence.
    Authors: 林育地;Lin, Yu-ti
    Contributors: 淡江大學資訊管理學系碩士班
    梁德昭;Liang, Te-chao
    Keywords: 電腦鑑識;數位證據;蒐證程序;Computer Forensics;Digital Evidence;Investigation Procedure
    Date: 2008
    Issue Date: 2010-01-11 05:01:18 (UTC+8)
    Abstract: 在犯罪的第一現場進行電腦蒐証,常受限於蒐查人員的知識不足、蒐證時間有限、蒐證的設備不足等,在蒐證中也無法有效地控管蒐證的品質,無法有效地掌握物證。
    The quality of computer evidence collection in a crime scene is very restricted to the professional knowledge of agents, investigation time limit, proper equipment usage, etc. This cause the effectiveness and efficiency of computer evidence collection are hardly controlled.
    This thesis, following the procedure of crime scene evidence, provides a computer evidence collection method to improve the effectiveness and efficiency of evidence collection.. As a result of contrasting with two of traditional methods, using a LiveCD to acquisition of evidence from the marked computer is proposed and the effectiveness (quality) and efficiency of computer evidence collection is then be improved. Boot module, System Kernel module, Interface module and Extra Tool module are the 4 main modules in the Live CD development. It is only a prototype demonstration and rooms are leaved to those who want to do needed modification to adequate their situation.
    Applicable tools are also provided to cooperate with investigation procedure. They are categorized as Operation System Tools, Identification Tools, Extraction Tools and Configuration Tools. Operation System Tools is used to mount various file system types of the target platform being evidenced. Identification Tools can browse various file formats for helping investigator to identify the target machine. Extraction Tools is used to make the copy of digital evidence and proceeds "Digital Seal". The whole course and result of collecting evidence shall also be put down in written. After investigator and the whatever persons related have their signature on the written document, the whole evidence collection phase is the completed.
    Appears in Collections:[資訊管理學系暨研究所] 學位論文

    Files in This Item:

    File SizeFormat

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback