Memory fragment file reconstruction method and system based on structure chain reversion

A memory fragmentation and structure chain technology, applied in the file system, file system function, file system type, etc., can solve problems such as low accuracy, generality of fragmented data file carving algorithm has not been well studied, etc. The effect of the application foreground

Active Publication Date: 2021-03-12
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU +2
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although there are many disk-based file carving algorithms, the application experiment results show that almost all of the generated file carving results are false results, and the accuracy is extremely low
In summary, the generality of fragmented data file carving algorithms based on memory images has not been well studied. In order to extract effective cybercrime-related file data and file behaviors from memory, explore new file types in physical memory. The engraving mechanism has very important theoretical significance and practical value

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Memory fragment file reconstruction method and system based on structure chain reversion
  • Memory fragment file reconstruction method and system based on structure chain reversion
  • Memory fragment file reconstruction method and system based on structure chain reversion

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0025] Memory data files are PDF, DOC, XLS, TXT, and JPG files that are opened and accessed by user processes or attack processes in memory. Memory files are composed of two parts, one is the file content information, and the other is the file name (file path) and other metadata information. This information contains important evidence related to cybercrime. The storage characteristics of memory data files are different from the storage state and rules of files in disk. The file constituent units (clusters) in disk are mostly stored continuously, while the memory file constituent units (memory pages) are mostly stored discontinuously, which leads to the formation of memory files. Units are heavily fragmented. The em...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of electronic forensics, and particularly relates to a memory fragment file reconstruction method and system based on structure chain reversion. The methodcomprises the following steps: scanning and analyzing a memory medium image, establishing mapping from a fragment set to a file fragment subset, and obtaining fragment elements in the file fragment subset; and based on reverse analysis of an operating system structure, constructing a connection relationship and a logic position of fragment elements in the file fragment subset, and reconstructingthe memory fragment file. According to the method, the memory fragment file engraving reconstruction based on a reverse structure chain is utilized to meet the electronic (digital) crime evidence obtaining practical application, the method can be suitable for recovering and analyzing a data file of the network intrusion behavior in a running physical memory based on the operating systems of different versions of Windows, and the practicability is high.

Description

technical field [0001] The invention belongs to the technical field of electronic forensics, and in particular relates to a method and system for reconstructing memory fragment files based on structure chain reverse. Background technique [0002] With the rapid development of information technology, cybercrime incidents occur frequently, such as telecom fraud, information extortion, and APT attacks. Digital forensics investigation has become one of the key technical means to stop and deter cybercrime. Disk forensics is an important investigative technique in the field of digital forensics, which is of great significance to the investigation of digital crimes. However, with the development of anti-forensics technology, network threats such as new "fileless attacks" only operate in memory and do not leave any trace information on the disk, which has stronger concealment and complexity. In addition, the ever-increasing capacity of disks leads to limitations in disk forensics....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/16G06F16/17G06F16/18
CPCG06F16/16G06F16/17G06F16/1873
Inventor 李炳龙周振宇王懿张宇李媛芳张和禹孙怡峰胡浩常朝稳
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap