Method for realizing evidence collection and analysis of electronic data in evidence collection software based on custom scripts

Abstract

The invention relates to a method for realizing the evidence collection and the analysis of electronic data in evidence collection software based on custom scripts. The method comprises the following steps: compiling the custom scripts by the evidence collection software, and obtaining an evidence collection and analysis object; normalizing the collected electronic data by the evidence collection software according to the compiled custom scripts, and obtaining a corresponding electronic data tree; performing the correlation analysis between the evidence collection and analysis object and the electronic data tree by the evidence collection software, and obtaining the evidence collection and analysis result. Through the adoption of the method for realizing the evidence collection and the analysis of the electronic data in the evidence collection software based on the custom script, the binding between the evidence collection and analysis logic and the evidence collection and analysis software is relieved through the custom script, the software frame of the evidence collection software is relatively open, the evidence collection software cannot be limited by application software during the operation, different custom scripts can be uploaded aiming to different kinds of software, the evidence collection method is flexible and changeable, the evidence collection efficiency is improved, the analysis process is accelerated, and the application range is wider.

Description

technical field [0001] The invention relates to the field of data analysis, in particular to the field of electronic data forensics and analysis, and specifically refers to a method for realizing electronic data forensics and analysis in forensics software based on a custom script. Background technique [0002] With the increasing number of computer crime cases and the digitalization of crime methods, the work of collecting electronic evidence has become the key to providing important clues and solving cases. Restoring damaged computer data and providing relevant electronic data evidence is electronic forensics. However, with the rapid development of the mobile Internet and the rapid transfer of traditional network applications to the mobile Internet, electronic data forensics will face traces of the use of more types of applications. analyze. Traditional electronic data forensics software mainly proposes forensic analysis techniques and solutions for corresponding applicat...

AI Technical Summary

Problems solved by technology

[0003] 1. The applications supported by the electronic data forensics software are limited. Once the supported application range is exceeded, it will not be able to provide forensics support

[0004] 2. Since each software is developed relatively independently, the software architecture is relatively closed, and it is difficult for users to customize and edit. It is impossible to share the forensics ideas of forensics experts, and it is also impossible to combine multiple forensics ideas.

Images