English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 51772/86996 (60%)
造訪人次 : 8372547      線上人數 : 164
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/34197


    題名: 採用LiveCD改善電腦蒐證品質與效率之研究
    其他題名: The study of using livecd to improve the quality and efficiency on collecting computer evidence.
    作者: 林育地;Lin, Yu-ti
    貢獻者: 淡江大學資訊管理學系碩士班
    梁德昭;Liang, Te-chao
    關鍵詞: 電腦鑑識;數位證據;蒐證程序;Computer Forensics;Digital Evidence;Investigation Procedure
    日期: 2008
    上傳時間: 2010-01-11 05:01:18 (UTC+8)
    摘要: 在犯罪的第一現場進行電腦蒐証,常受限於蒐查人員的知識不足、蒐證時間有限、蒐證的設備不足等,在蒐證中也無法有效地控管蒐證的品質,無法有效地掌握物證。
    為了改善電腦蒐證的品質與效率,本研究以蒐證程序之需求作為準則,進行改善電腦蒐證的方法。這些準則分別是:在蒐證前根據案情作充分的準備;在蒐證中維持證據的完整性;而蒐證後有系統地管理證據。經過與傳統的兩種蒐證方式比較過後,本研究提出以LiveCD對目標主機進行採証,以維持電腦蒐證的品質與增加電腦蒐證的效率。本研究將光碟製作的方法模組化,分別修改開機模組、系統核心模組、介面模組以及外加工具模組,做成為專為個人電腦數位證據蒐證用之雛形蒐証工具,提供未來研究者與檢調單位能製作出更符合自身需求的蒐證光碟。
    此蒐證光碟能提供適當的工具以配合蒐證程序使用。其中,使用的工具分類為系統類、鑑別類、萃取類以及設定類;系統類工具可將不同格式的檔案系統掛載至蒐證系統,鑑別類工具可用來瀏覽不同格式的檔案,以識別出與案情相關之電腦主機,萃取類工具可用來製作數位證據副本並進行數位鉛封。全程蒐證的過程與結果也將被書面化予以記錄,經偵辦人員及當事人簽署後完成蒐證程序。
    The quality of computer evidence collection in a crime scene is very restricted to the professional knowledge of agents, investigation time limit, proper equipment usage, etc. This cause the effectiveness and efficiency of computer evidence collection are hardly controlled.
    This thesis, following the procedure of crime scene evidence, provides a computer evidence collection method to improve the effectiveness and efficiency of evidence collection.. As a result of contrasting with two of traditional methods, using a LiveCD to acquisition of evidence from the marked computer is proposed and the effectiveness (quality) and efficiency of computer evidence collection is then be improved. Boot module, System Kernel module, Interface module and Extra Tool module are the 4 main modules in the Live CD development. It is only a prototype demonstration and rooms are leaved to those who want to do needed modification to adequate their situation.
    Applicable tools are also provided to cooperate with investigation procedure. They are categorized as Operation System Tools, Identification Tools, Extraction Tools and Configuration Tools. Operation System Tools is used to mount various file system types of the target platform being evidenced. Identification Tools can browse various file formats for helping investigator to identify the target machine. Extraction Tools is used to make the copy of digital evidence and proceeds "Digital Seal". The whole course and result of collecting evidence shall also be put down in written. After investigator and the whatever persons related have their signature on the written document, the whole evidence collection phase is the completed.
    顯示於類別:[資訊管理學系暨研究所] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    0KbUnknown194檢視/開啟

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋