컴퓨터과학과
컴퓨터과학과 입학생, 재학생, 교수, 조교, 예비입학생분들을 위한 게시판입니다.
자료실 😀
2017.07.27 08:06
포렌식 자료
조회 수 420 추천 수 1 댓글 4
Atachment
첨부 '1'

단축키

Prev이전 문서

Next다음 문서

a r t i c l e i n f o
Article history:
Received 31 December 2009
Received in revised form
9 February 2010
Accepted 10 February 2010
Keywords:
Windows mobile
NAND flash
TFAT file system
Live forensics
Heap
CEDB/EDB database
Logical/physical acquisition
a b s t r a c t
Windows CE (at this moment sold as Windows Mobile) is on the market for more than 10
years now. In the third quarter of 2009, Microsoft reached a market share of 8.8% of the
more than 41 million mobile phones shipped worldwide in that quarter. This makes it
a relevant subject for the forensic community. Most commercially available forensic tools
supporting Windows CE deliver logical acquisition, yielding active data only. The possibilities
for physical acquisition are increasing as some tool vendors are starting to implement
forms of physical acquisition. This paper introduces the forensic application of freely
available tools and describes how known methods of Physical Acquisition can be applied to
Windows CE devices. Furthermore it introduces a method to investigate isolated Windows
CE database volume files for both active and deleted data.
ª 2010 Elsevier Ltd. All rights reserved.

  • ?
    namu 2017.08.09 02:14
    CE장비 포렌식이라니 흥미로운 주제네요
  • ?
    Atar 2017.11.25 17:01
    멋지네요
  • ?
    나찰 2020.07.25 03:12
    흥미롭네요
  • ?
    여름여름 2023.12.06 00:30

    비회원은 댓글을 읽을 수 없습니다.

    로그인 후에 바로 열람 가능합니다