Method for realizing computer virtualized evidence obtaining

Method for realizing computer virtualized evidence obtaining

  • CN 101,645,048 B
  • Filed: 08/27/2009
  • Issued: 09/11/2013
  • Est. Priority Date: 08/27/2009
  • Status: Active Grant
First Claim
Patent Images

1. the implementation method of a computer virtualized evidence obtaining is characterized in that, it comprises the steps:

  • (1) will be unloaded by the memory device in the evidence obtaining computer system, and memory device is copied into a plurality of memory devices, the data in the memory device after copying are with corresponding and data content is identical one by one by the position of data in the memory device in the evidence obtaining computer system;

    (2) memory device in the step (1) is articulated in the evidence obtaining dedicated computer system by the form of interface switching device with additional memory devices in the evidence obtaining dedicated computer system;

    (3) operating system in the startup evidence obtaining dedicated computer system, extract by the software and hardware information in the memory device in the evidence obtaining computer system and generate the configuration file of virtualized environment, the operating system in the memory device that dummy machine system will be collected evidence according to configuration file starts in virtualized mode in dummy machine system;

    (4) utilize the evidence obtaining instrument to carry out evidence obtaining work in dummy machine system, the write operation in all evidence obtaining work only can be recorded in the evidence obtaining dedicated computer system, is kept virgin state forever by data on the memory device of collecting evidence.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×