Online input/output (I/O) electronic evidence obtaining system and method based on virtualization technology
A virtualization technology and electronic forensics technology, applied in the field of electronic forensics, can solve problems such as difficulty in guaranteeing security, and achieve the effect of ensuring accuracy and effectiveness
Active Publication Date: 2013-12-04
SHANGHAI JIAO TONG UNIV
View PDF5 Cites 7 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, the shortcoming of online forensics tools based on App is that forensics tools only exist in the form of ordinary user programs. Although they are easy to install and use by forensic workers, their security is difficult to guarantee.
[0007] Through searching, it is found that the Chinese Patent Document No. CN101645048 records "the realization method of computer virtualization forensics". Although the invention uses virtualization technology, it is essentially a static electronic forensics technology.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0021] This embodiment is implemented on the premise of the technical solution of the present invention, and the specific implementation and operation process will be described in detail below. The protection scope of the present invention includes but is not limited to these examples.
[0022] An online I / O electronic forensics system based on virtualization technology, including:
[0023] Silent virtualization module: used to dynamically create a virtual machine monitor layer, and quietly upload and package the original computer operating system as a virtual machine;
[0024] Memory hiding module: for the physical memory occupied by the system installation and operation of the present invention, hide it by establishing a private page table, thereby preventing the user operating system from accessing and modifying;
[0025] Online I / O electronic forensics module: monitor and intercept the I / O activities of hardware devices to obtain the required electronic evidence.
[0026...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
An online input / output (I / O) electronic evidence obtaining system based on a virtualization technology comprises a silent virtualization module, a memory hiding module and an online I / O electronic evidence obtaining module. The silent virtualization module is used for building a virtual machine monitor layer dynamically and popping up and packaging an original computer operation system as a virtual machine. The memory hiding module is used for hiding physical memory occupied by system installing and operation through a method of building a private page table. The online I / O electronic evidence obtaining module is used for monitoring and intercepting I / O events of a hardware device to obtain required electronic evidences. An online I / O electronic evidence obtaining method is further provided. Under the condition that normal operation of a computer for obtaining evidences is not affected, various I / O events aiming at a specific hardware device are monitored and recorded safely and correctly, restarting or reinstalling of the original system is not required, after the virtual machine monitor layer is built, the operation system is replaced, a control right of the hardware device is obtained, the system is operated in a higher privileged mode independently, and accuracy and effectiveness of evidence obtaining are guaranteed.
Description
technical field [0001] The invention relates to the technical field of electronic evidence collection, in particular to an online I / O electronic evidence collection system and a method for obtaining evidence based on virtualization technology. Background technique [0002] Electronic forensics technology can be mainly divided into static electronic forensics technology and online electronic forensics technology. The difference between the two lies in whether it is necessary to stop the operation of the computer system to be forensic. Static electronic forensics technology is aimed at permanent storage media, such as computer hard drives, and is generally analyzed and obtained through offline copying. Online electronic forensics technology expands the scope of evidence collection of electronic forensics, including system runtime information that static electronic forensics technology does not involve. [0003] According to the operating environment of the online electronic f...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/30G06F9/455
Inventor 钟贤明项程程王润泽戚正伟管海兵
Owner SHANGHAI JIAO TONG UNIV