請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/59445
標題: | 在網頁瀏覽器鑑識下從被刪除的紀錄中回復使用者的行為 Recovering User’s Activity from Deleted Log Files in Web Browser Forensics |
作者: | Bo-Ying Lin 林伯穎 |
指導教授: | 雷欽隆(Chin-Laung Lei) |
關鍵字: | 數位鑑識,數位證據,網頁瀏覽器鑑識,網頁瀏覽器分析,網頁瀏覽器紀錄, Digital forensics,Digital evidence,Web browser forensics,Web browser analysis,Web browser records, |
出版年 : | 2017 |
學位: | 碩士 |
摘要: | 在現今網際網路發達的時代,網際網路成為每一個人每天的必備工具。而上網最方便的必備工具便是瀏覽器,因此瀏覽器也變成目前電腦設備中最常用的應用程式。在網路資料傳輸大量運用的同時,網路也變為一種幫助犯罪具。當使用者用瀏覽器時,他瀏覽的各項蹤跡也被記錄在硬碟裡,項目包括:歷史紀錄、搜尋項目、快取、cookies、下載列表、登入帳號和密碼、書籤等…,這些項目被 儲存在特定的資料夾檔案中,犯罪鑑識人員將可以進行取證成為重要的證據源,對於鑑識人員將有莫大的助益,但犯罪者可能刪除這些紀錄,將造成鑑識人員的挑戰。本篇論文將在Windows7 作業系統,Google Chrome 下對有用的瀏覽紀錄進行分析,且探討當非法者刪除瀏覽紀錄時,回復其行為的方法,並提出一個新的模型解決瀏覽紀錄被刪除的問題。提出的模型使用免費簡單的工具,但可以達到好的回復紀錄結果。 In today's era of International Network vigorous development, Internet become an essential tool for every person every day. The most convenient tool for surfing the Internet is the browser, so most used applications by the majority of user of computer are also web browsers. In the large number of network data transmission at the same time, the network has also become a way to help crime. When users use browser, the traces of their browsing are also recorded in the hard drive including history, searching key, cache, cookies, download list, login information, bookmarks etc. These items are stored specified log files of folders, and forensic investigators will be able to obtain evidence as an important source of evidence. This will have a great help for forensic investigators. However, that suspects may delete theses records will cause a large challenge for forensic investigators. In the paper, we analyze useful browsing records for Google Chrome on Windows7, and explore how to recover illegal activity when an illegal person deletes a browsing history. We propose a novel methodology to solve the problem that the browsing history is deleted. The methodology uses simple and free forensics tool, but can achieve good result to recover browsing records. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/59445 |
DOI: | 10.6342/NTU201701012 |
全文授權: | 有償授權 |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-106-1.pdf 目前未授權公開取用 | 4.58 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。