摘要
在计算机取证中,快速而又准确地查找并提取潜在的证据信息成为计算机取证的关键。主要研究了计算机取证中磁盘深层取证的一些方法,并对其中可能用到的搜索和模式匹配算法(包括BF、KMP、BM和BMH算法)在不同缓存条件下进行了对比实验分析,找出了效率最高的取证算法和环境,为实际的计算机磁盘取证项目提供理论支持。
The key to computer forensics is to find out the potential electronic evidence quickly and accurately. In this paper, some methods for how to extract in-depth electronic evidence from the hard disk are discussed, and the efficiencies of several pattern matching algorithms are compared(including BF, KMP, BM and BMH algorithms) under different buffer sizes. This could serve as a theoretical foundation for practical computer forensic cases.
出处
《信息安全与通信保密》
2010年第4期78-80,共3页
Information Security and Communications Privacy
关键词
计算机取证
快速搜索
模式匹配算法
computer forensics
quick searching
pattern matching algorithm