Table of Content

    15 April 2016, Volume 2 Issue 4
    “Internet Plus” Mobile Power: Analysis the Network Security of ZTE
    2016, 2(4):  288-298. 
    Asbtract ( )   PDF (1637KB) ( )  
    Related Articles | Metrics
    Overview of Electronic Data Forensics Technology
    2016, 2(4):  299-306. 
    Asbtract ( )   PDF (5966KB) ( )  
    References | Related Articles | Metrics
    Electronic data forensics is a comprehensive subject, involving the related knowledge of computer science, law, criminal investigation, and other fields. Based on the practice of electronic data forensics, the paper briefly describes the general process of electronic data forensics, and proposes the technical system model. Emphatically, this paper sorts out the common techniques and technical standards of electronic data forensics, then describes the development tendency of electronic data forensics.
    Time Machine Forensic
    2016, 2(4):  307-316. 
    Asbtract ( )   PDF (5953KB) ( )  
    References | Related Articles | Metrics
    Time Machine is an automatic data backup tool in Mac OS. Mac users can backup their important programs and data continuously with different kinds of removable disk, such as USB removable hard disk, Firewire hard disk, Thunderbolt hard disk, Time Capsule. Especially in investigations and cases, it is important for investigators to find out if there are any backup storages in a WiFi network. A single Time Machine storage can save multiple users backup data, or even several Mac computers backup data. The normal deleted data in a Mac can even be foundrecovered from Time Machine backup. The important breakthrough may be from a Time Capsule, and the analytical result of Time Machine backup. This article will discuss Time Machine, backup storage, folder structure, and how to make forensics analysis manually and automatically.
    Research on Data Reading Technology of Android Smart Phone Based on eMMC
    2016, 2(4):  317-323. 
    Asbtract ( )   PDF (5047KB) ( )  
    References | Related Articles | Metrics
    Over the systemlevel devices, obtaining a complete image of the phone memory by reading the chip directly, can remedy problems of preventing access to the basic sectors caused by android system permissions particularity. This paper introduces the working principle of the data area of eMMC chip and the definition of operations such as reading, writing and wiping related to data recovery. Moreover, this paper also analyzes the manufacturer's division of eMMC chip data area, the meanings and functions of the districts. Through the chip direct reading method, images can be carried out and then analysis and data recovery can be made.
    Identification of Word Document Replication Based on RI Code Calculation
    2016, 2(4):  324-327. 
    Asbtract ( )   PDF (2957KB) ( )  
    References | Related Articles | Metrics
    By analyzing RI codes generation principle and characteristics from OOXML file, this paper concludes the method of identifing word document replication effectively, and by using the RI code value that generated from word document, this paper develops an effective application program to calculate, analysis, and automatically identify evidence of replication in word document, so as to achieve the goal of forensic identification.
    Smartphone Image Recovery and Forensics Based on WinHex
    2016, 2(4):  328-332. 
    Asbtract ( )   PDF (4459KB) ( )  
    References | Related Articles | Metrics
    Smartphone has gradually become one of important sources of information in the current electronic forensics investigation. Aiming at the difficult problem of information acquisition when the picture of the Android smartphone was deleted or damaged, a file recovery method based on WinHex tools is provided. In experiments, by creating a cell phone store image and the header and tail sign of file, the phone's image files were extracted.
    Evidence Extraction of USB Storage Device Accessing Traces under the Windows 7 System
    2016, 2(4):  333-338. 
    Asbtract ( )   PDF (5162KB) ( )  
    References | Related Articles | Metrics
    With the rapid development and popularization of computer technology, cyber crimes come one after another,there are a lot of computer evidences existing in the USB storage device. When USB storage device has access to computers, registry keys and computer log will record the accessing traces. Therefore, computer forensic investigators can accordingly confirm which USB device has connected to the computer at what time. This paper introduces the position of accessing traces and extraction methods, providing great support and help for certain evidence factors in judicial activities.
    An Analytical Method of Mobile Phone Packet Capture Based on Android System
    2016, 2(4):  339-342. 
    Asbtract ( )   PDF (2945KB) ( )  
    References | Related Articles | Metrics
    Aiming at the difficult problems about the forensic and the packet capture analysis of the terminals, an analytical method of mobile phone packet capture based on Android system is presented. By applying the cloud architecture, user behavior analysis concept, terminal baseband signal analysis technology, and IP communication packet analysis technology, the method can locate, forensic and analyze the terminals.
    A Survey of Fingerprint Recognition Technology
    2016, 2(4):  343-355. 
    Asbtract ( )   PDF (10838KB) ( )  
    References | Related Articles | Metrics
    Human society shows great interest in fingerprint at early times, but modern fingerprint recognition technology originated at the time of Galtons research, and used in criminal investigation at first. Since 1990s, fingerprint recognition begun to find its application in other commercial areas. In recent years, fingerprint recognition appears on mobile phone, and acts as an important method for screen unlocking and online payment. In the future, biometrics method, including fingerprint recognition, may replace current password system. For fingerprint recognition algorithm, classification is studied at first to improve the speed for fingerprint archives searching. Most algorithms today focus on matching the minutiae, including ridge ending and bifurcation. As the popularization of fingerprint recognition on mobile devices, the area of fingerprint sensor becomes smaller and smaller, matching technology based on third level features such as sweat pore and ridge shape gains more attentions. For fingerprint sensing, the first appeared method is pressing by ink. Fingerprint cards with inkpressed fingerprint is then digitized by scanner for computer storage and processing. From 1970s, the appearance and popularization of optical fingerprint sensing boost the quick and onsite image capturing and verification. Applications on mobile devices s the rapid progress of small size fingerprint sensor.
    Management and Directed Study of Internet Public Opinion in the Age of Big Data
    2016, 2(4):  356-360. 
    Asbtract ( )   PDF (4303KB) ( )  
    References | Related Articles | Metrics
    As we step into the age of big data,Internet Public Opinion has undergone great changes in terms of data volume,complexity and production speed. In big data Era, its internal features and potential rules during the changing process should be controlled correctly. This paper has important theoretical significance and practical value in guiding internet public opinion and protecting cyber security under the new circumstances. In the Internet era of big data, with the help of computer technology, timely, comprehensive monitoring network public opinion is imminent. We would first discuss the new changes of network public opinion brought by big data, public opinion then elaborated coping strategies, At last, the paper introduces the design idea of the network public opinion monitoring system based on Crawler Web and Lucene.
    Man in the Middle Attack in Wireless Network
    2016, 2(4):  361-366. 
    Asbtract ( )   PDF (4503KB) ( )  
    References | Related Articles | Metrics
    With the popularity of wireless network, wifi Internet connection has become necessary for the public in everyday life. In a wireless network, due to the invisible network nodes and transmission channels, attacks are more subtle. Among them, the middle attacks (MITM), due to the ease of implementation, high success rate, difficulty to detect, become an attack with the most wide harm in wireless network. In this paper, we will analyze the implementation of the middle attack method in a wireless network, the 80211 protocol analysis, attacks against sslside strategy, and finally give prevention recommendations.
    Research on Malware Detection Technology Based on System Call
    2016, 2(4):  367-371. 
    Asbtract ( )   PDF (3859KB) ( )  
    References | Related Articles | Metrics
    According to the characteristics of the different malicious software use, the specific system calls to achieve the same functions. A feature extraction method based on malicious software behavior sequence is given and uses machine learning technique to detect malware. System call sequence can take advantages of understandable function information and actual execution condition for malware analysis. The malicious behavior information and characteristics can be easily found from the function information, and malware detection or classification can be realized by analyzing the whole or local information of system call sequence. This paper proposes a approach based on cbow system call sequence to malware behavioral signature extraction and detection. A new concept of system API calling characteristics set of malicious codes is given, using cbow as the feature extraction method as well as considering the feature frequency and information gain. Further, a prototype system is evaluated by multiple malware samples. Experimental results show that the proposed method can effectively improve the detection rate and accuracy of malicious software.
    The General Theory of Security
    2016, 2(4):  372-376. 
    Asbtract ( )   PDF (1171KB) ( )  
    Related Articles | Metrics
    Establishing New Network Defense System for Responding to Advanced Network Threat
    2016, 2(4):  377-382. 
    Asbtract ( )   PDF (1019KB) ( )  
    Related Articles | Metrics