| 发明名称 |
Method and apparatus for collecting evidence |
| 摘要 |
Method and apparatus for collecting evidence are provided. An exemplary embodiment enhances accuracy and efficiency of collecting evidence by analyzing link information in the target computer and collecting collection target file. And the exemplary embodiment can collect evidence from a target computer as well as from a remote computer through analyzing the link information in the target computer, identifying the path of collection target file and extracting the target file. |
| 申请公布号 |
US8745100(B2) |
申请公布日期 |
2014.06.03 |
| 申请号 |
US20090626786 |
申请日期 |
2009.11.27 |
| 申请人 |
Electronics and Telecommunications Research Institute |
发明人 |
Kim Ki Bom;Hwang Hyun Uk;Shin Young Chan;Chang Tae Joo;Lee Cheol Won;Baik Sung Jai |
| 分类号 |
G06F7/00;G06F17/30 |
主分类号 |
G06F7/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for collecting evidence, comprising:
blocking a hard disk of a target computer or another computer to prevent contents of the hard disk from being changed; accessing storage media of the target computer or another computer; reading raw data stored in the storage media to ensure that file states are not modified; acquiring path information of a collection target file; collecting the collection target file by connecting to the target computer or another computer using the acquired path information, wherein the acquiring of path information of the collection target file comprises acquiring path information of a link file related to the collection target file, collecting the link file using the path information, analyzing the link file; and removing a duplicate of the link file based on an absolute path.
|
| 地址 |
Daejeon KR |
