检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:王春兰 Wang Chunlan(School of Evidence Science,Gansu University of Political Science and Law,Lanzhou,Gansu 730070,China)
机构地区:[1]甘肃政法大学证据科学学院,甘肃兰州730070
出 处:《计算机时代》2021年第11期60-62,67,共4页Computer Era
摘 要:文件恢复对电子取证行业非常重要,而文件签名恢复文件是一种常用的文件恢复方法。其过程是,搜索文件签名以确定文件起始扇区号;根据文件签名尾或大小来估算文件的结尾扇区号;把起始和结尾扇区之间的内容复制生成一个新文件即可得到被删文件。如果文件在数据区中是连续存放的,该恢复方法的成功率非常高。文章以FAT32文件系统为例,把一个JPG文件彻底删除,再借助WinHex软件成功地对其进行恢复。File recovery is very important to the electronic forensics industry,and file signature based file recovery is a common file recovery method.Its process is to search the file signature to determine the file starting sector number;Estimate the end sector number of the file according to the signature tail or size of the file;The deleted file can be obtained by copying the contents between the start and end sectors to generate a new file.If the file is stored in the successive sectors,the success rate of this recovery method is very high.In this paper,taking FAT32 file system as an example,a JPG file is completely deleted,and then be successfully restored with the help of WinHex software.
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.3