摘要
随着信息时代的来临,一些不法分子在实施犯罪之前往往会上网查询信息,他们所用的浏览器便成了司法机关取证的关键.能否提取有效的犯罪线索或证据,取决于浏览器取证方法的好坏,本文介绍了目前主流的火狐浏览器、IE浏览器的取证技术,概述了IE缓存文件和基于SQLite数据库的火狐浏览器历史系统的日志文件结构,提出了信息恢复方法.通过对已删除日志文件或缓存文件信息提取,来达到获取证据的目的,分析用户的行为.
With the advent of the information age, some criminals always tend to query information from the Internet before they engaged in criminal activity. So the browser they used has become the key to the forensics of judicial authorities. Whether we can extract the effective evidence of crime depends on the forensics method of browser. This article introduces the forensics technology of Firefox and IE browser which are the current mainstream browsers, outlined the browser temporary file structure, such as the IE cache file and the SQLite database log files of the Firefox, proposed information recovery method. It can collect information of the deleted log files or cache files. evidence and analyze the user's behavior by extract the
出处
《计算机系统应用》
2014年第5期8-15,共8页
Computer Systems & Applications
