淡江大學機構典藏:Item 987654321/34197
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 62819/95882 (66%)
造访人次 : 4006643      在线人数 : 562
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/34197


    题名: 採用LiveCD改善電腦蒐證品質與效率之研究
    其它题名: The study of using livecd to improve the quality and efficiency on collecting computer evidence.
    作者: 林育地;Lin, Yu-ti
    贡献者: 淡江大學資訊管理學系碩士班
    梁德昭;Liang, Te-chao
    关键词: 電腦鑑識;數位證據;蒐證程序;Computer Forensics;Digital Evidence;Investigation Procedure
    日期: 2008
    上传时间: 2010-01-11 05:01:18 (UTC+8)
    摘要: 在犯罪的第一現場進行電腦蒐証,常受限於蒐查人員的知識不足、蒐證時間有限、蒐證的設備不足等,在蒐證中也無法有效地控管蒐證的品質,無法有效地掌握物證。
    為了改善電腦蒐證的品質與效率,本研究以蒐證程序之需求作為準則,進行改善電腦蒐證的方法。這些準則分別是:在蒐證前根據案情作充分的準備;在蒐證中維持證據的完整性;而蒐證後有系統地管理證據。經過與傳統的兩種蒐證方式比較過後,本研究提出以LiveCD對目標主機進行採証,以維持電腦蒐證的品質與增加電腦蒐證的效率。本研究將光碟製作的方法模組化,分別修改開機模組、系統核心模組、介面模組以及外加工具模組,做成為專為個人電腦數位證據蒐證用之雛形蒐証工具,提供未來研究者與檢調單位能製作出更符合自身需求的蒐證光碟。
    此蒐證光碟能提供適當的工具以配合蒐證程序使用。其中,使用的工具分類為系統類、鑑別類、萃取類以及設定類;系統類工具可將不同格式的檔案系統掛載至蒐證系統,鑑別類工具可用來瀏覽不同格式的檔案,以識別出與案情相關之電腦主機,萃取類工具可用來製作數位證據副本並進行數位鉛封。全程蒐證的過程與結果也將被書面化予以記錄,經偵辦人員及當事人簽署後完成蒐證程序。
    The quality of computer evidence collection in a crime scene is very restricted to the professional knowledge of agents, investigation time limit, proper equipment usage, etc. This cause the effectiveness and efficiency of computer evidence collection are hardly controlled.
    This thesis, following the procedure of crime scene evidence, provides a computer evidence collection method to improve the effectiveness and efficiency of evidence collection.. As a result of contrasting with two of traditional methods, using a LiveCD to acquisition of evidence from the marked computer is proposed and the effectiveness (quality) and efficiency of computer evidence collection is then be improved. Boot module, System Kernel module, Interface module and Extra Tool module are the 4 main modules in the Live CD development. It is only a prototype demonstration and rooms are leaved to those who want to do needed modification to adequate their situation.
    Applicable tools are also provided to cooperate with investigation procedure. They are categorized as Operation System Tools, Identification Tools, Extraction Tools and Configuration Tools. Operation System Tools is used to mount various file system types of the target platform being evidenced. Identification Tools can browse various file formats for helping investigator to identify the target machine. Extraction Tools is used to make the copy of digital evidence and proceeds "Digital Seal". The whole course and result of collecting evidence shall also be put down in written. After investigator and the whatever persons related have their signature on the written document, the whole evidence collection phase is the completed.
    显示于类别:[資訊管理學系暨研究所] 學位論文

    文件中的档案:

    档案 大小格式浏览次数
    0KbUnknown260检视/开启

    在機構典藏中所有的数据项都受到原著作权保护.

    TAIR相关文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈