检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:赵露[1] 康艳荣[1] 刘思棋 龙源[1] 郭丽莉[1] ZHAO Lu;KANG Yanrong;LIU Siqi;LONG Yuan;GUO Lili(Institute of Forensic Science,Ministry of Public Security PRC,Beijing 100038,China;Beiya Anshu Technology Co.,Ltd,Beijing 100094,China)
机构地区:[1]公安部物证鉴定中心,北京100038 [2]北京北亚安数科技有限公司,北京100094
出 处:《西安邮电大学学报》2018年第4期105-110,共6页Journal of Xi’an University of Posts and Telecommunications
基 金:公安部物证鉴定中心基本科研业务费专项资金项目(2018JB005)
摘 要:硬盘固件是控制硬盘存取行为的核心部件,通过硬盘固件指令能够实现对数据的高效访问,是实现电子证据提取和数据恢复的有效手段。硬盘固件直接影响硬盘使用体验,一直是厂家严格保护的商业机密,获取硬盘固件的相关信息异常困难,尤其对于高市场占有率的希捷硬盘,尚无资料说明存在工具和方法能够对其硬盘固件区实现完全控制。通过逆向分析官方硬盘固件升级包文件,给出基于串口模式控制指令测试重构硬盘固件指令集的方法,并通过实验验证其可行性,此方法可服务于硬盘固件结构黑盒分析和电子数据证据获取。Hard disk firmware is the core component to control the access behavior of hard disk. It can access data efficiently through firmware instruction of hard disk. It is an effective means to extract electronic evidence and restore data. The firmware of the hard disk directly affects the user experience, and has always been a strictly protected commercial secret of the manufacturer. It is extremely difficult to obtain relevant information about the firmware of the hard disk, especially for the brand with a high market share, Seagate. There is no data on the existence of and tools and methods to achieve complete control of its hard disk firmware area. By reverse analyzing the official firmware upgrade package files, a method that can test and refactor firmware instruction set based on serial interface mode control instruction has been proposed, and the feasibility of this method is verified by experiments. This method can be used for hard disk firmware structure black box analysis and digital data evidence acquisition.
分 类 号:TP309.1[自动化与计算机技术—计算机系统结构] TP309.5[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49