• 沒有找到結果。

數位證據鑑識標準作業程序For Windows

N/A
N/A
Info
下載
Protected

Academic year: 2021

Share "數位證據鑑識標準作業程序For Windows"

Copied!
6
0
0

加載中.... (立即查看全文)

立即下載 ( 6 頁 )

全文

(1) .  . For Windows.

(2).         

(3)                            paul@mail.cpul.edu.tw Im933094@mail.cpul.edu.tw Smalldog000@msn.com.

(4) = m e f%   U IJGH d p ¿Àj k l = m no   -.4 5 EF  U Ú Gœ    .= m p q r s ÉV      C t    

(5)       .4 5 EF  U Ú G    Ë 

(6)                 . !   Jö    E  r s  /   E   " # $ % & '( ) * + ,  -./  U Ú G ! ñ‚ È ƒ B„     -. 0 1 2 03   -.4 5 678 65 9 % : ; 4 5 (h i w ( d p " # $ = m  Ö U  < = > ? @ A   -.4 5 B8 C D   -. ø % j k ñî 4 5 ]  h i y & ' (  ) 4 5 EF GHIJK L 5  M N  O P & € j k * _ ]   z ºˆ‰ Ñ Ò ª«»^  ' Q RS T IJU L - V W 4 5 X YU Z [ -.+ ¦   (Á, - ‡ .bc 7  W \  4 5 ]  ^67U _ ` aZ [ 7bcccc  > ? d e fg h ij k l = m no   -.. . 4. 5. . . EF GHU   -.= m p q r s C t u v   -.4 5 IJEF GH w (x IJEF G HRy z Windows { | } ~ 4 5   € j k  _ ‚ ƒ B„% 4 5 B„‚ ƒ  † h i‡ .bc       -.  -.4 5 IJEF GH  . 1 . 1.2 

(7)  . Ð Bˆ‰ / ~ 0V a y o Ì6> Ë  ¢ y  w EF 2 3 EF 2 3 ¤ 4 a z 7 8 \ Á9 (õ k  Ì uu:   | ; Ee f<   Ö > ? d p e f= '= 0  r s Ám Windows EF 2 3 ˆ‰ 4 5 bc Windows EF 2 3 ( . Ð Bˆ‰ aÁx > ? !   ^@ A B C D   y E F Windows EF 2 3. ¾ z 2 3 G H U I  7 5 × z ý þ J K GU O  ˆ‰ K Š‹  U Œ  Ea"  a‘ ’ “ ”  × š › > ¢³ Ë  ž o K L M Ž NŸ ( I^ u > ? e f= ':  Windows EF 2 3 N* ~ 4.  ˜ u™ š › œ  ž Ÿ _   , ¡ ¢£ x  Š‹ a¤ ¤ š › ¥ ¦ § ¨©© 5 4 5  Ö !Ee fI É% ,uv  á Windows EF 2 3 IJEF GHbc ª« ¬­ ® ¯ ž œ ° ±  † ² ³  _ c · ¸ u

(8) ¹ 'bc (. E2 5 6 w {. .. 1. M  BŽ • – — “ ¢  † ´ µ ¶ 2 " c ­ Y ºˆ‰  † ª«»" ¼ ½ ¾ ºˆ  2.1   ‰ 4 5 »¿À= m   -. x  Áˆ‰  † ª«Â à Ä Å  Æ Ç ¼ È ƒ ÉQ Ê Ë _ ` a  ‡ . ¾ ? ÌÍ Î Ï Ã Ð Ñ Ò  Ó Ô / 0 2.1.1 bÕ ¢º  -.»Ö Á× Ø Ù × Ú Û  U ¹   ¿ÀÜ Ý Þ 0 " ˆ‰  † ª«¼ ¦ * _ ˜   -. 1 ß à 0Áuv  áIJEF GHbc L  † c n^BK 1.1   b¬  n4 5 â ã ä } j å ˆ‰ 4 5 æ ç è é ê ë ì ^õ > í î ï ]  ð ñ]  ò ó ô õ Ö ö ÷™ ø  h i ^( B8 ù ú  Ö U  ö GH û ¾ ò o ½ T ü 4 5 )  _ GH‚ ƒ U ý þ p «¼   Ë ü _ -.b c   j k  ˆ‰ 4 5  ^ - c 2.1.2 c  c º4. #. $. %. .  . . . . . . . . B„O ._ P Q R † Ç Ç M é 7 ªç  S T^U . ß à V / Ö ÁÜ W   Ö ) € X 6Y Q 1 ªç < = ( é 7 Z [ B-È ƒ \ ¹ ] ^ " > * M ,_- † ` a Bb c BM d YÝU = m Ý } ¢Y -e † % f g  j ª4 5 n‘  ? ¤ k l ¢" um n j ª4 5 bc.  5. . . . . n»uo.  p. j k q. y ^ro f s.

(9) Evidence and Computer Crime»uÝ " g n ˆ‰  Ó — " Ï ® Þ  -e † t ³ 0«% m ß ˆŒ    Ë _ -.u¤ v à Áp € á â  ã ä å æ ©Ò ç Ö ÁÌ 9  è — ݙ é ; X Eo  ×    à Ýê -©Ýë u | ˆ ‰ -.   ˆì Ä Å   z ˆ‰  Ó — a í î ^ )  ˆ‰  Ó — % Š‹ a ˆì Ä Å   ¢Ì   - † ^ b§ïï©c 2.2      ð ´ Ø j U Û j _ P ( . ñ ò    -.Á    Á   ˆŒ Ä Å ˆì Ä Å Á 2.2.1            ˆŒ p €  T d e f ? 3 | Ë   -..  ½ ó à  aØ j _ P ^  V ano   d e   4 5 ˆDigital Forensics‰¾ z \Š ‹ U ˆŒ  Ž  U  ³  †

(10) ‘ ’ “ ¢ fx    Ë T¾ ˆ‰ % Š‹ ô ö  % ² õ Ì -.y bcc ” ,

(11) • • 4 5 n Q >   Ü ÝU c 2 3 – — K Ry G w © ¢2 0 w   4 5  Ö U ø  ˜   4 5 ² ³ ˜ ™ š Ý 2.3.3         nb  4 5 nˆDigital Forensics Science‰  K ² 3 -.= ö   -.Á N÷ ,Ü ( Ë ) €  _ B„È › ˆ‰ Š‹  † ] «K ݧ逸ø©§ù©§ú©cc † -.^¿- ¢ ( I)  6 _ ` a% ,Á ˆu‰“ Ýc œ Q Ìb  -. > ¢³ Ë _ ž Ÿ ]   -U ˆ‰  M „ \û ü  Ö œ    Ö  -. ‡ .bc ý "  œ ² þ ß à V € z ˆ‰ ø  c  ø Š‹ ø U = m “ ô ö © “ 2.2.2         w  ø ô ö   -. _   œ ² þ bc  ˆ‰ 4 5 ˆComputer Forensics‰÷Ð ro  u ˆx‰7 8 Ýc A A u¡¢ Ü £ j ¤ ˆ‰ ù å ) ‹ ˆInternational   -.   Ç  Á-.   Ç Ì y p € á æ  œ ã ä ©7 ¤   z ˆ‰ – Association of Computer Specialists IACIS‰¥ ¦ % ,§¨© = 0   ˆ‰ Ám   -.^ ª  F  ì Œ ©ô ö U # ë "  " ³ œ 5 9 « ¦ ¬ Å U · ­   ª«M d ˆ‰ _ : ;~  = m ˆ‰ ©ô ö ¢Q : Áx a

(12) -U   -.;®  4  T Gü _ 4 5 X Y 7 ¤   ü  ³ ·7 Ó — » bc Ö ö  à ݧ¯© É6EË _ ° ±  † ] «/ 0 ˆ‰× ² Ýc   -. y ˆì # ë   Ñ Ù  ] ¢Q h i‡ .bc  × ª N  ÷ !ÁBÆ y Ó _ Ÿ  š › c 2 3  y   ( : Á EB„è  % ˆ2 2.3      3 œ Š‹ ¬ ©i  " (   -. ÁÌ6  b Ð × Ö ¦ Ñ Ù ò ó Ò  Ä  ¢ ª NÏ ® 2.3.1           .bc  ˆ‰  Ýc  ² 3 _ P    ³  Á´ µ !" ˆ‰ k y  Á b   \bS T ˆ‰  .¶ 1  ·¸ ¹ º € »œ Á;R B¼ ½ ¾ r; x}     í É u2 ˆ! "  ç M # ¤ $ « ¿ y ˆ‰ Eo À ÁˆŒ p p « y Š‹ 6b } ~ ˆŒ  Ž % × T G" u&  ¾  BÀ Á F Ç  ˆŒ Á « BÃ Ä b c ÷™  Ì'      ² ( b> ?   -.5 o À 6Å Y BBSˆBulletin Board System‰aˆŒ Ö Á÷8   Ýbc p Æ ¢÷™ ˆŒ p «  Ç È Á·¸ ¹ º € » ˆ)‰× * + Ýc ·;«»É S ¢Q Ê  Ë ˆ‰ 2 3 k ˆŒ p ˆ‰ , Å   ² þ    ˆì - .   «k O œ Ì rd Í 6Î b Ï ® BÐ × Ñ Ù b÷  — / 0 1 2 Œ  ‘ ¢~ É BÇ Ç Ö ÁØ ™ • Ò ˆŒ ¬ Å  U ˆŒ Á «7 Ó — F — Š ¤ ‘ Æ 3 « 0 × ² 4 F —  “ (Ì Ä  Ô © _ P a­ ® J  Õ Ž Ö œ -e œ .bc 7 x  g × · ¸ Ø ¤ ˆ‰ U Š‹ ´ µ . % ÷ c ™ Ù • _ P & ' Ú ˜ Û Ž L < Ü š r s bc 2.3.4         c  2.3.2         ¾ z   -.Ö Á× z Ø Ù × z Ú Û ¹   ¿À©Ü Ý Q  k O × z b * + V aˆ‰ ô ö º  -.»uo no cCaseyc ” ºDigital t RK ª4 5 K | ^¾  = % ÉU n»^" † ó c. ºforensic science»uo = ! u  v w ô j ª4 5 x

(13) y z { l º4 5 n»r. } K j ªn´ q x j ªÈ ƒ K j ª4 5. ~ Ô x j ª €  ‚ ¬M º4 5  Ýr|  ¢

(14) 6ƒ ü M „ ô = _ ± ^ ‡ Ë W ‚ _-% -.^n4 5 bc.

(15)  5 õ   

(16) ! / 07 8 Ë no Ž U ˆ‰ 4 §ï:©§ïø©§ï; ©§ï<©c c 1  . . ©> 6 È × ¿À ³ 5 Z   %. ƒ B„O * ] ä C ,^ . à Áuv GH1 × >   9 Û N K ÌQ < ݸ N GH U U R 7  c. 2.4.2 .

(17)       . !. ". #. $. b> Ë um GH1 ü _ \R S T ©$ 6b§<©§V©c. . Ö. ÁP ". .  ÷. Ý . . IJEF GHˆStandard Operating Procedures. SOP‰ um € W x IJEF GH  Ë  ºu  GH% T GÌEË ‡ .o ». IJEF GHg n # EF GH . ¼ > Ym g Ö ÁW 1 Ý Ì b y  EË  E^‡ .¢  X "   aÛ Y  Z G ©ª« ÉÌZ [ EF X , \ D bj l no  IJEF GH· ]­ N ºÁ™ d ü IJEF G Hb ^

(18) Ë # Ü  Ï Ž %  Eß à  ³ Ê M Ý_ ` % ø » b{ u¤ a _ Ë  z ½ Ô Ý% / b ݏ E ^ ­ Ø ¤ ! ê  EEF © Ë í GHu \ x  * ~ T Gc  d e ^ þ ^u¤ Ý p «| ^bc . |.  2.4.3. %. &. !. ". #. $. . '. . . . c. c. ü  aù å no  ˆ‰ 4 5 GH  =  ,4 5 Ú G l > ÁN ?  Jö  E@ A    B ;  ! ƒ 4  U C M X Ybc x ÷?  = Y windows 4 5 Ú Ga ­ Nc ª. Jö Jö  Ec ¿À @ A   B ;c      ! ƒ c 4 5 D E 4  C M X Yc GH^/ 0Ý z  6Î F € ¿-U 4 5  E } ~ Áu ‡ - IJ  ˜   -.4 ÁÌ[ G ) > Ë H M  Ý   S T Z { I o } ~ ê - J ‹ ˜ Y = w X Ybc c. 2.4 ! " # $ . . . 2.4.1. . Ë f g 0h  IJEF GHˆi j k l m k n m c o p q n k j r l s ct n u v q m w n q x  | i o t ‰yIJEF s  z  3 uÝ EF Ú G x z F  ÁEF { t EF | } ô ö  E Ek O K _ `.  á  ~ p € ©    S B„z  E(. Á ‡ - K  ÉQ S T IJ\T G x  E Ú GK ªŽ Ú Gü  \  EF a Y Z € T  % ’  Eœ D U œ 6b> ?   -. 6‚  I JEF GHx Ì ! ñ¿-B„ ¿-(6Á‡ ƒ IJ  ˜ -.x 4 Ö Z [ 7 É% “  -. 67U -.7bc > ? S T IJ\EF Ì ˜ Y „  v à  §:©c ˆu‰˜  C D uv Ò ‚ G  • } B„† ‡ aŸ bcc ˆx‰U  ß 0 EÚ G ˆ V ~ î œ D bcc ˆ‰‚ Gü  \ U ‰ # $ " bcc ˆ‰U Š „ˆ V  U  ß 0‹ Œ  bcc ˆ)‰Ž  L Í è   01 K (C " ‘ è bcc ˆ’‰• BaŸ O × y “ 3 ubcc   -. 6h  IJEF GH  U  z ! ñÈ ƒ B„ò ó z z F ]  H Ž  ” _ ª«(. Ám ¿-  U 4 5 ©GH 6ÁÐ ‡ - I J U EË h i  ˜   -.4 Ö a e 7U Z [ 7 ÉY  à Ýu ÝU Ý01 bc c. 3. .   K ºGH» ˆprocedure‰. L n Ë Y u ^ (   Ë 7  _ P ~ Ë % ªç  E _ Ÿ M ^Ê M ¢î bÏ ® î ï ¸ N C m Ë 0O E ß. Windows  1. &. '. (. ). *. +. ,. -. .. /. 0.  ( . j ªR • _  :  ¨ú ¡Ñ T ² 3 . ÉÈ Á– y ¯: ¡Ñ T  Q À Áx ˆì Ä Å š  z = m GH5 È Á“ ” Ñ Ù   j ª.

(19) • _ = m GHæ  ü M 2 1 ¯: ¡ ú – z — ˆ‰ Š‹ † ù Æ  z   -.y  É  ˜  à Q 5 È ÁÂ Ò – y ˜ z  a;> Û Ž L Ë Ã Ð IJEF GH R, ™ U š s _ U ;1 = m   ­ ?  6   -.4 6› ü  à Ýü _ ÝU < ç Ýb ü a

(20)  U r s  @ ÀØ j  ‚  = m GHœ ù å no U ç Ž › ] B„œ  s ' K ] ^ ê -  ¼ d e f0Ñ à  K = ¼ % ,  Jö U  EÐ   ^  -.IJEF GH & ¼ x   -.IJEF GH Windows EF 2 3 abž­ Ná Ÿc v y R. T. ­ YO y  ˆ‰ Š‹ G R  bc . 3.1.2. ,.  !) ‹ › † ˆ V  ¿À-." ›. -. Bô ¥ ¦ R b“ ” > ¡   -.¦ -a¹ ¥ ¦ ~ É V  e  U. .  = 0;1 Á N?  cc ˆï‰« ì ¿À-. É - È Á¬ Y Ï ® * +.    ( ß à  ˆ‰ %  H  Ó — a   ­ ;X ® ç k O  ˜ Ñ Ù bcc ˆ:‰ß à  -º-.Ê M Ý».  -.b % %  _ ` ( ß à 6Î a e -.ë & ¯ ¡ ¦ ® ç Y _ ` a,M ® ç ^õ Ï ® ² \ !Õ & „  È ÁÏ ® ² \bc ˆ<‰ z   -.Ï ® ° ±  Ä Å %      T G RC D    _ Ä Å K  ª X Y ) ü ² ¾ Z I o } ~ = w   G H   ˜ X YR= w bcc ˆø‰ Ü W i  N ­ Y2  ¦ ;X   -.. 1 ß 2 ¾ Á67  ù å } ~  ¦   E É     Ec  a e U – !· ]bcc ˆù‰R!Ò GÄ Å U ³ ´ ¿À  U 4 5 ©T Gbcc ˆú‰ Ë œ  y  Áµ ¶ -.F  ì Œ œ – (R!š s Ñ Ò É· W ì d  y (Rš s J K ! < bcc ˆV‰ y -.™ é ¸ } ~   ‚ ƒ U 4 5  Ebc c. 3.2 " . ( )   3-1          . c . . 3.1   ( )   ?  * ~ Ø ^_ U Ýü _  Ê Ë _ c. 3.1.1.   Ë _ U ;1  y   E GHU _ ` R  › ü U , ™ ?   ;1  Ì ¡ ˜ ^  -.› ü Z ÝU < ç Ý É% “  -.67K -e ž ± Ÿ ^‡ .bc. *. +.      7. .    -.¦ ˜ 0, - ü _ < ç ;1 ! ªB ˜  Ó _ › š Õ Bˆ‰ 2 3  _ ¡ ¦ -.¢-.¦ ˜ £ ¤ ß à  D _   ¦ ˜   -.GHU é ÌR bcc   -.¿ÀT G" 0š s   -. ¿Àœ = m B¥ ¦ R ^õ " ÷ & '· ¸. um i  N   -.¿Àœ ¦ -= 0  ˆ ‰    2 3 " æ ½  % o    ¿  é 7 i  N ˆŒ  É  M ³ §¢÷¤ (¨ Ç Ç ‹ ¦ © ª œ ¥ ª   ¦ ˜ -. ÷¤ . ?   = 0 E Ê u™ 4 5 . Jö  E É¿À= m  Ë  E  Ø GH* ~  Q EJö  NË  _ ` c žuŸ¿À †  ¹ ˜ d  c O . † 4 Ò ÉÆ y æ º » i    Ì 6E] B„  ] i 2 05 ̼ ½ = m B„ É ¾ 4 5 * ~ N ‚ bcc žxŸ¸  @ 8Ö  ¹ K (õ c !M Ì6^` a ¿ ½ K ] i = m B „ ^ ­ 2 3   B„= m À  U b c B© 0 Ü š Á · ] i ü  ¿À  ¸  ¿8 Bª(Ö_ ¾   ©^bc žŸ Ö Jö c ˆï‰ˆ‰ F – — ~ h iŸ à ó Ã Ø ¤ ˆ‰ F – — ô ö ~  um U Ü W ˆ‰ % Š‹ 2 3 ˜ d  ^

(21) ©  EË @ 8. % M d @ 8( z @ 8IÁÜ š · ¢ Ä ( @ 8 } ¢¸  ¼ M -ø  _ U  Ö Å Æb{ l Ž  >  – Ç  -ø  _  Ö %  E  / 0-_ Ä È É G bc ˆ:‰ †  Ö Gh iŸ à c ó à ( . Ì6EË Š‹ š › %  ž ^ Ö G.

(22)  EË † M d @ 8/ 0I É% -. š › o m ß ^/ 0h ibc ˆ<‰* · ˆ‰    Ö c  z @ 8M d ^ˆ‰ ô ö ô  ÁC % Ê    © O y * ·  Ö G% Š %  G©  ¦ ˜ } š    Æ   -_ -bc žŸB„ù F Ýc  z u™ 4 5  Ö  y 4 5 B„ß à ÁÖ ö ù F Ý 5 )  4 5 B„R  i¦ = m 4 5 -Ë % L Ì 8   z 4 5 T G" É G œ    . ò ó  * + Ì   -.bc ž)Ÿø Í . ^¶ Î c Ï ¦ 0,Ï Ž ( ß à 0 4 5 B„} ~ } u_ a e a e @ 8Ï Ž Ð ( É! ƒ F — U  Ö  Ñ Jö Ò Ò  Ž  u™ s l ®  " bc  K. 3.3 / # ( )  . 3.3.1. 0. 1. .  ˆu‰²  A“ C B= C CŠ‹ ˆx‰×  ARy BEF CÑ Ò D2 3 ˆ‰Ø ] A% í BÛ  Cò  c. Ý   c  ¦ ¬ Ó — † ¦ ¬ Ó  * ~ " GHc Ê 7 K Ry GÊ — Ý   c G¬ Å Ø žª«! 2 3 ¬ Å Ø žª«! ª«¬ Å Ø žª«!  , Å Ø žregdumpŸc 2 3    c Ø ÙÔ  Ø Ú  ¬ Ó — Ø ] Úbit by bit copyc Ü 5 õ ÚdebugfsÝ ú. 3.3.2. 3. 2. K —. Ö. c. Õ. Ÿc Ÿc.  . Õ Õ. . . ). . c. 4. 2. 3. . . Þ. c ß. . (. Õ. Ÿc.  uØ ] c AØ ]   c žaŸâm 㠀 @ A c žbŸâV  K ä . Ø F — c žcŸâÅ ,¥ å Ø ] U c (1)â@ A ¥ å Streamc (2)â@ A 7 Ó — Ø ] c æØ ] 2 3 c žaŸâÛ  5 õ c žbŸâò  Ü 5 õ c cžcŸâ% í Ø c x¬ Å Ø ˆlog‰c Windows , Å Ø ˆregistry‰c Ÿ 9 ç s G c ) Õ è ^ · é = C K port ¨c c. 3.3.3. Ô .  uD E ý þ c 4 5  ³ ¼  , † ` & ¼ :  0x  Á-.U 4 5 X Y _ ` a!C ê -. ¬ é ED E (ß à , ™ N ;1 c ˆï‰4 5 Ï uÐ GH  RJg ë  ì í U M  Ö¬ î ɬ î z 4 5 D E "  z 4 5 T G  y Y  _  Ö F — – —. u 0Ád ç ¬ Å z 4 5 D E " ¬D E ß à 0 à U ¬ Å bc ˆ:‰4 5 D E 0Á4 5 ]  ^r| œ 4 5 B„ U ± ƒ B„^¼ ½ ¾ rbc ˆ<‰Ï z 4 5 D E  RÁï u^5 9  ¨bc ˆø‰4 5 D E "  Rw Á4 5 B„ ] «d Í =  Ÿ ð bc ˆù‰4 5 D E & „  ñ ~  C M  Z € 4 5 D E  Y D bc x_ ` h i-_c 4 5 D E  ß à 0 _ ž b E U È › B„© = m B„ò ­  ¬k O  Ç ó Ü ô Q õ ß à C M < ç k O b;1 aÌ -._¸ ö REË C ê -  Ö Á-.67U -e 7^-_ 0C M U D E z _ ` a ¾ z -. ÷

(23)  0uu ø , Ì6 D ñ ö B : 0“ ¬  D ( Ì  à  ,á ñ a e ¿-.ñ M  ß à › ü _ P  ÉE„ _ ` % ù ú& Jö  E  & ù F U & < ç C M  _ ž û Ÿ bc . . à. á F. —. c. d e f" à  ˆ‰ 4 5 n ù å  z ˆ ‰ 4 5   Á · ˆ‰ 4 5  ^  U s  b ¢‚ ƒ † ª« ¶ 1 ‚ ƒ GHU _ ` > ? ˆ ‰ 4 5  a ù å :  ˆ‰ 4 5 * ~ GH% ,Ø ü   L Ë ˆ‰ 4 5   ­ ® * ~ * ~ T G2 š s ý ™ ªÐ bd e f ü u™ ù å K no s '. É% ,ˆ‰ 4 5 IJEF GH ÷Ð IJEF GHv w   -. ‹ ¿À  -.    -.U X " 4 5 X YD E w (# $ Windows EF 2 3 = m ˆ‰ 4 5  Ö bÆ y } ~  ž % š › _ P a æ p z þ _ ~ Ë ¿ Û j _  z ˆ‰ †  É ª N   -.y z Ì V  y 3 p ~ 0 Ë Á9 b   Ám ˆ‰ † = m 3 p 5     ? ÷5 * + !. Û j _ P 3 p ß à > R( E– Gˆ à  > Rò  Ñ Ò † ª«bc d U p    Windows EF { | ˆ‰ 4 5 e f > ? à РT G  ÷Ð EF { | Ë = ÉQ % ,uv  à   -.4 5 IJEF GHb{ l Æ y u™ = m  Ö } ~ 4 5 Ï uÐ  Ö Á Ü  (  > ?  Ü U p "  % ,ˆ‰ 4 5 I JEF GH } ~ Ï uÐ  Ö <  ¢Q ‡ Ë <  X Y0 ú 9 4 = Y Ï Ð =  RGH_ ` bc.

(24) § ¨ © Albert J. Marcella, Ph.D. Robert S. Greenfield editors , 2002, Cyber forendics-A field manual for collecting, examining, and preserving evidence of §ï©  } ˆŒ -.L  2001 ¡b computer crimes. Chapter 8. §:© ~ î ° ‰  ² „‹  F z F ß

(25) § ¯ © Albert J. Marcella, Robert S. Greenfield, 2002 Cyber Forensics: a field manunal for collecting, Š :; ; ø ¡. examining, and preserving evidence of computer http://www.b-training.org.tw/btraining/etn_faq_Aq crimes, Auerbach Publications. .aspbc §<© p  ºU Û j ^GH˜ d R U    ³ ^ § ï ; © Deniz Sinangin, Computer Forensics Investigation in a Corporate Enviroment, IEEE GH  — 2 » j °   n° _ P e f  Computer Fraud & Secutity, 2002. bc § ï ï © Eoghan Casey, “Digital Evidence and §ø© z  !  C m ˆŒ -. ÀK ×  :; ; ø Computer Crime: Forensic Science, Computer and ¡ http://www.law-lib.comb The Internet”, Academic Press, 2000 §ù©    ˆŒ-._P 

(26) _P  § ï : © New Technologies Inc., Computer Evidence I 56789 íbc Processing Steps, Retrieved May 7 1999, http:/www.forensics-intl.com/evidguid.html § ú ©    U ˆŒ-. j ª R • " O y  § ï < © Timothy Wright, The Field guide for   B ô _° : ; ; ø ¡bc investigation Computer Crime:search and seizure. ~ î G H _˜ !  U | " ) # á Ý § V ©  ² basic part three, security focus, 2000. , $ Z  ï ¯ ¯ < ¡bc § ï ø © Tohmas Rude,Evidence Seizure Methodology for c computer forensics, crazytrain, 2002. c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c. 4 5 . ". #. .

(27)

參考文獻

立即下載 ( PDF - 6 頁 - 740.16 KB )

相關文件

Reading for Breadth and Depth

● develop teachers’ ability to identify opportunities for students to connect their learning in English lessons (e.g. reading strategies and knowledge of topics) to their experiences

A Message from Secretary for Education and Manpower

3.16 Career-oriented studies provide courses alongside other school subjects and learning experiences in the senior secondary curriculum. They have been included in the

Teacher Performance Management

Based on “The Performance Indicators for Hong Kong Schools – Evidence of Performance” published in 2002, a suggested list of expected evidence of performance is drawn up for

REFERENCE LIST OF FURNITURE AND EQUIPMENT FOR

220V 50 Hz single phase A.C., variable stroke control, electrical components and cabling conformed to the latest B.S.S., earthing through 3 core supply cable.. and 2,300 r.p.m.,

K3 Compactifications and a Moonshine for M

The Hilbert space of an orbifold field theory [6] is decomposed into twisted sectors H g , that are labelled by the conjugacy classes [g] of the orbifold group, in our case

量子物理

for a uniform field, a point charge, and an electric

A Novel Algorithm for Volume-Preserving Parameterizations of 3-Manifolds

In this paper, we develop a novel volumetric stretch energy minimization algorithm for volume-preserving parameterizations of simply connected 3-manifolds with a single boundary

漢月法藏之禪法研究

On the other hand, his outstanding viewpoint of preserving the pureness of the ch'an style of ancient masters, and promoting the examination of the state of realization by means