| Summary: | 碩士 === 華梵大學 === 資訊管理學系碩士班 === 98 === When the information technology and network is getting popular more and more, it makes everyone in the world to have convenience. When something is getting popular, it will be crime tools. Every action always have some method to trace, so do the crimes. What about the computer crimes? In computer crime, it will be computer forensics to understand crime and find criminal. About computer forensics, it's a technique to find the proof, do some analyze and make up the digital evidences, let it can be use in the court. All of the computer forensics need consider different part of information, such as hardware, software, file name, file size, file time, hidden file...etc.
All the things happened in criminal locale have relationship. Each thing needs time to combine, so as the computer crime. Different operating systems have its own file system, and different file system have her own structure and rules. In this paper, the purpose is to found the rules of file time. Simulate two file systems NTFS and ExtX in different scenarios, observe and record how the file time getting change. Forensics member use the record of how the file time getting change to avoid digital evidence lose the proof.
|
|---|
