检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:张萍
出 处:《计算机时代》2018年第1期30-33,36,共5页Computer Era
摘 要:大多数的计算机取证工作主要还是依靠现成的取证软、硬件,然而过度的依赖取证工具,有可能导致某些重要电子证据的遗漏。因此针对操作系统、文件系统等底层的研究才是进行计算机取证研究的方向。针对Mac OS系统自身的安全机制性能,分析其自带的安全审计机制在电子取证过程中的应用,为取证人员提供取证工具所无法检测到的重要电子证据。其中重点探讨了Mac OS的审计日志、诊断报告、崩溃日志和Plist文件在进行手动电子取证过程中可提供的大量有价值的电子证据和取证线索。Most of the computer forensics mainly relies on the ready-made forensics software and hardware, however, excessive reliance on forensic tools may lead to the omission of some vital electronic evidence. Therefore, the underlying research on operating system, file system and so on is the research direction of computer forensics. Aiming at the security mechanism performance of Mac OS system, this paper discusses the application of its own security audit mechanism in the process of electronic forensics, which can help forensic personnel to dig out some important electronic evidence that cannot be detected by the ready-made forensic tools. This paper mainly focuses on the application of Mac OS audit log, diagnostic report, crash log and Plist file, which can provide a large number of valuable electronic evidences and forensic clues in the process of manual electronic forensics.
关 键 词:MAC OS 电子取证 安全机制 审计日志 崩溃日志
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.68