摘要
在某些特定场合无法拆机进行电子数据取证的情况下,取证启动盘是重要的取证工具。基于Windows PE系统的WinFE系统启动光盘能够支持运行基于Windows系统环境的取证工具软件,是常用的一种启动盘。但原生制作的WinFE系统不支持图形用户界面,没有关键的写保护程序,光盘在使用上的可靠性、兼容性和可扩展性都不高。针对这些问题,通过分析制作WinFE系统的核心原理,提出对WinFE系统进行优化。根据系统启动的引导机制,采用对U盘进行分区的方法对启动盘进行改良,制作WinFE系统启动U盘。实验测试表明,改进后的WinFE系统启动U盘在保证司法有效性的同时其可靠性、兼容性和可扩展性方面明显提高,具有一定的应用价值。
In some cases,if the electronic data forensics cannot be disassembled,the forensic boot disk is an important forensic tool.The WinFE system boot CD based on Windows PE system can support the forensic tool software running Windows-based system environment.It is a kind of commonly used boot disk.However,the natively produced WinFE system does not support the graphical user interface.There is no critical write-protect program.The reliability,compatibility,and scalability of the disc are not high.In view of these problems,this paper analyzes the core principle of making WinFE system and proposes to optimize the WinFE system.According to the boot mechanism of the system startup,the boot disk is improved by partitioning the U disk,and the WinFE system boot U disk is created.Experimental tests show that the usability,reliability,compatibility and scalability of the improved WinFE system started U disk are obviously improved,while ensuring judicial effectiveness.They have certain application value.
作者
郑清安
黄云峰
Zheng Qingan;Huang Yunfeng(Computer Science and Information Security Management Department,Fujian Police College,Fuzhou 350007,China)
出处
《信息技术与网络安全》
2019年第11期41-46,共6页
Information Technology and Network Security
基金
福建省教育厅中青年科技项目课题(JAT160560)
福建警察学院院级科研课题(YJ1605)
