基于RAID重组的涉案网站重构技术应用与实践  

作　　者：宋佳宾 朱玟博 史向东 王海涛 王丹 王程洋 SONG Jiabin;ZHU Wenbo;SHI Xiangdong;WANG Haitao;WANG Dan;WANG Chengyang(Nantong Public Security Bureau,Nantong 226000,Jiangsu,China;Nanjing Tuojie Information Technology Co.,Ltd,Nanjing 210000,China;Nanjing Audit University Jinshen College,Nanjing 210000,China)

机构地区：[1]南通市公安局,江苏南通226000 [2]南京拓界信息技术有限公司,南京210000 [3]南京审计大学金审学院,南京210000

出　　处：《刑事技术》2025年第1期107-110,共4页Forensic Science and Technology

基　　金：国家自然科学基金项目(62071487)。

摘　　要：随着物联网和人工智能的快速发展,人们在工作和生活中对数据的依赖性与日俱增,使得数据的高效安全存储愈发重要。作为一种可以有效组织多个磁盘存储的技术方案,RAID(磁盘阵列)近年来得到了广泛应用,也是公安机关办案过程中进行数据提取时非常关注的一类数据存储方式。但是,办案人员在侦查取证过程中往往需要恢复遭嫌疑人破坏的RAID数据内容及结构,正确重组磁盘阵列也成为涉案网站重构分析取证的重要前提和必要环节之一。本文通过分享一起基于RAID重组的非法交易网站重构案例,详细介绍RAID的重组过程,以及RAID重组成功后恢复原服务器环境的仿真还原方法,并给出虚拟机环境中实现网站和数据库连通的操作流程,为同类型案件中的电子数据取证提供方法参考。With the rapid development of the Internet of Things and artificial intelligence,people’s dependence on data in their work and life is increasing day by day,making efficient and secure storage of data increasingly important.As an effective solution for organizing multiple disk storage,RAID(redundant array of independent disks)has been widely used in recent years and is also a data storage method that public security organs pay great attention to when extracting data during the process of handling cases.However,in the process of investigation and evidence collection,investigators often need to restore the content and structure of RAID data damaged by suspects,and correctly restructuring RAID disk arrays has become an important prerequisite and necessary link for involved website reconstruction analysis and forensics.This article shared a case of illegal transaction website reconstruction based on RAID recombination,detailed the process of RAID restructuring,explained the simulation restoration method for restoring the original server environment after successful RAID restructuring,and provided the operation process for connecting the website and database in a virtual machine environment,and hopes to provide useful reference for electronic data forensics of similar cases.

关 键 词：电子数据取证 RAID 网站重构 虚拟机 

分 类 号：DF793.2[政治法律—诉讼法学]