Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Evidence obtaining method, device and equipment supporting multiple operating systems and storage medium

An operating system and file system technology, applied in the fields of instruments, electrical digital data processing, hardware monitoring, etc., can solve the problem of no user trace analysis and image forensics methods, no support for offline and online forensics methods, and no way to know the computer operating system. What is the problem, to achieve the effect of convenient evidence collection

Active Publication Date: 2020-06-26
BEIJING QIANXIN TECH +1
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, the online forensics methods for computers are all based on specific computer operating system types, and it is impossible to implement a method that supports online and offline online forensics for computers with multiple operating systems.
Therefore, in the face of on-site evidence collection, forensic personnel need to carry various forensic tools, because it is impossible to know in advance what the computer operating system that the on-site evidence collection is facing
[0004] In a nutshell, the existing technology has the following major problems: 1. There is no forensics method that supports offline and online forensics; 2. There is no method that simultaneously supports Windows, macOS system traces, user trace analysis, and image forensics; 3. There is no way to simulate a virtual CD through a U disk as an offline start-up method for offline forensics; 4. It does not support Apple macOS system computer online online forensics

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Evidence obtaining method, device and equipment supporting multiple operating systems and storage medium
  • Evidence obtaining method, device and equipment supporting multiple operating systems and storage medium
  • Evidence obtaining method, device and equipment supporting multiple operating systems and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The present invention is further illustrated below by means of examples, but the present invention is not limited to the scope of the examples.

[0051] First of all, the present invention proposes a forensic method supporting multiple operating systems, which is used to obtain evidence for operating systems through portable storage devices. The types of operating systems mentioned here mainly refer to Windows operating systems, macOS operating systems, and Linux operating systems. .

[0052] In the first embodiment, if figure 1 As shown, the described evidence collection method supporting multiple operating systems includes the following steps:

[0053] Step 01: Run the forensic collection system on the forensics object according to the startup instruction, the startup instruction includes a cold start instruction and a direct operation instruction, and the forensics system includes an offline forensics collection system and an online forensics collection system; if t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an evidence obtaining method supporting multiple operating systems, and belongs to the field of computer evidence obtaining. The method comprises the following steps: running an evidence obtaining system on an evidence obtaining object according to a starting instruction; if the starting instruction is a cold starting instruction, running the offline evidence obtaining system to recognize the operating system type of the evidence obtaining object, and starting a corresponding analysis module in the offline evidence obtaining system according to the operating system type; and if the starting instruction is a direct running instruction, running the on-line evidence obtaining system to identify the operating system type of the evidence obtaining object, and starting acorresponding on-line evidence obtaining module in the on-line evidence obtaining system according to the operating system type. According to the invention, the corresponding evidence obtaining modulecan be started in a targeted manner to obtain evidences according to the type of the operating system contained in the evidence obtaining object, and evidence obtaining of three systems is supportedat the same time.

Description

technical field [0001] The invention relates to the field of computer evidence collection, in particular to a method, device, equipment and storage medium supporting multiple operating systems. Background technique [0002] With the increasing number of computer crime cases and the digitalization of crime methods, the work of collecting electronic evidence has become the key to providing important clues and solving cases. [0003] At present, the online forensics methods for computers are all based on specific computer operating system types, and it is impossible to implement one method to support online and offline online forensics for computers with multiple operating systems. Therefore, in the face of on-site evidence collection, the forensics personnel need to carry various forensic tools, because it is impossible to know in advance what the computer operating system that the on-site evidence collection is facing is. [0004] In a nutshell, the existing technology has t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/30G06F11/34
CPCG06F11/3065G06F11/3438Y02D10/00
Inventor 王圣东汤伟
Owner BEIJING QIANXIN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com