RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://patents.google.com/patent/CN103617402B/en below:

CN103617402B - A kind of multimedia electronic data forensic report and generation, methods of exhibiting and system

CN103617402B - A kind of multimedia electronic data forensic report and generation, methods of exhibiting and system - Google PatentsA kind of multimedia electronic data forensic report and generation, methods of exhibiting and system Download PDF Info

Publication number: CN103617402B
Authority: CN; China
Prior art keywords: electronic data; report; file; multimedia; multimedia electronic
Prior art date: 2013-11-25
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.): Expired - Fee Related

Application number

CN201310607114.8A

Other languages

Chinese (zh)

Other versions

CN103617402A (en

Inventor

å¼ å»ºæ

é²æåµ

Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)

Beijing Ruian Technology Co Ltd

Original Assignee

Beijing Ruian Technology Co Ltd

Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)

2013-11-25

Filing date

2013-11-25

Publication date

2016-03-30

2013-11-25 Application filed by Beijing Ruian Technology Co Ltd filed Critical Beijing Ruian Technology Co Ltd

2013-11-25 Priority to CN201310607114.8A priority Critical patent/CN103617402B/en

2014-03-05 Publication of CN103617402A publication Critical patent/CN103617402A/en

2016-03-30 Application granted granted Critical

2016-03-30 Publication of CN103617402B publication Critical patent/CN103617402B/en

Status Expired - Fee Related legal-status Critical Current

2033-11-25 Anticipated expiration legal-status Critical

Links

238000000034 method Methods 0.000 title claims abstract description 40
230000001747 exhibiting effect Effects 0.000 title claims 7
101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 3
238000005516 engineering process Methods 0.000 abstract description 7
238000012795 verification Methods 0.000 abstract description 7
230000006835 compression Effects 0.000 abstract description 4
238000007906 compression Methods 0.000 abstract description 4
238000012545 processing Methods 0.000 abstract description 4
230000002427 irreversible effect Effects 0.000 abstract description 3
238000007689 inspection Methods 0.000 abstract description 2
238000000605 extraction Methods 0.000 abstract 1
230000005540 biological transmission Effects 0.000 description 8
238000010586 diagram Methods 0.000 description 6
238000013480 data collection Methods 0.000 description 2
238000011835 investigation Methods 0.000 description 2
238000004458 analytical method Methods 0.000 description 1
230000009286 beneficial effect Effects 0.000 description 1
230000015572 biosynthetic process Effects 0.000 description 1
238000004364 calculation method Methods 0.000 description 1
230000006837 decompression Effects 0.000 description 1
230000006870 function Effects 0.000 description 1
238000010295 mobile communication Methods 0.000 description 1
230000008520 organization Effects 0.000 description 1

Classifications

- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

Engineering & Computer Science (AREA)
Computer Security & Cryptography (AREA)
Theoretical Computer Science (AREA)
Health & Medical Sciences (AREA)
Bioethics (AREA)
General Health & Medical Sciences (AREA)
Computer Hardware Design (AREA)
Software Systems (AREA)
Physics & Mathematics (AREA)
General Engineering & Computer Science (AREA)
General Physics & Mathematics (AREA)
Storage Device Security (AREA)

Abstract Translated from Chinese æ¬åææ¶åä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥ååå¶çæãå±ç¤ºæ¹æ³åç³»ç»ï¼è¯¥ç³»ç»åæ¬ï¼å¤åªä½çµåæ°æ®åè¯æ¥åçééè£ç½®ï¼å¤åªä½çµåæ°æ®åè¯æ¥åçæè£ç½®ï¼è®¤è¯å±ç¤ºè£ç½®ï¼å¨åè¯æ¥åçææ¶å°åç¼©çæ°æ®æä»¶éç¨åç¼©ç®æ³ãæ ¡éªæ¹æ³ãä¸å¯éçå å¯ç®æ³ä»¥åå¯¹åºçå¨åè¯æ¥åå±ç¤ºæ¶è§£å¯æ°æ®ãèªè§£åæ£éªå¤´æä»¶ï¼åå¹¶çæå¤åªä½æ¥åãæ¬åæçæ¹æ³åç³»ç»è½å¤ä»æ´ä½ä¸ç¡®ä¿å¤åªä½çµåæ°æ®çå®æ´æ§ãé²ç¯¡æ¹åå®å¨æ§ãæ è®ºçµåæ°æ®è¯æ®æ¯ææ¬è¿æ¯è§å¬ææï¼é½è½éè¿å°éçé²ç¯¡æ¹è£ç½®è¿è¡å®æ´æ§ææ¯é²ç¯¡æ¹ï¼å¹¶å å¥çµåè¯æ®å±ç¤ºè®¤è¯æºå¶ï¼å¤çè¿ç¨æ´å®å¨ãéè½ã The present invention relates to a multimedia electronic data forensics report and its generation and display method and system. The system includes: a collection device for multimedia electronic data forensics report; a device for generating multimedia electronic data forensics report; and an authentication and display device. Compressed data files adopt compression algorithm, verification method, irreversible encryption algorithm and corresponding decryption data when displaying forensics report, self-extraction inspection header file, and merge to generate multimedia report. The method and system of the invention can ensure the integrity, tamper-proof and security of multimedia electronic data as a whole. Regardless of whether the electronic data evidence is text or audio-visual materials, it can be tamper-proofed by integrity technology through a closed tamper-proof device, and an electronic evidence display authentication mechanism is added to make the processing process safer and more concealed. Description Translated from Chinese ä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥ååå¶çæãå±ç¤ºæ¹æ³åç³»ç»A multimedia electronic data forensics report and its generation and display method and system

ææ¯é¢åtechnical field

æ¬åæå±çµåæ°æ®è¯æ®é¢åï¼æ¶åå¤åªä½çµåæ°æ®è¯æ®çåºå®ãä¼ è¾ãåç°ãThe invention belongs to the field of electronic data evidence and relates to the fixing, transmission and reproduction of multimedia electronic data evidence.

èæ¯ææ¯Background technique

é¢å¯¹ä¿¡æ¯åãæ°ååçä»å¤©ï¼çµåæ°æ®è¯æ®çæ¶éååºå®è¡ä¸ºè¦æ±åºäºçµåè¯æ®çåå§æ§ååï¼å¿é¡»ä¿è¯çµåè¯æ®ä»äº§çå°è¾åºçå®æ´æ§åæææ§ãä¼ ç»çææ¬åå®¹ççµåè¯æ®ï¼å¯éè¿æå°ï¼æ³¨æåè¯æ¶é´ãåè¯äººåãæ°æ®æ¥æºçï¼å¹¶å çå¬ç« åï¼ä»¥ä¹¦è¯çå½¢å¼äºä»¥åºå®ä¿åï¼é²æ¢çµåè¯æ®åºå®è¿ç¨çå®æ´æ§éå°ç ´åï¼ä¼ ç»çå·æè§å¬èµæï¼å¦åå«é³é¢ãè§é¢çè¯æ®ï¼éç¨æç§åæåçæ¹æ³å¯¹è¯æ®å ä»¥åºå®ãIn the face of today's informatization and digitization, the collection and fixation of electronic data evidence requires the original principle of electronic evidence, and the integrity and validity of electronic evidence must be guaranteed from generation to output. Electronic evidence of traditional text content can be printed, indicating the time of evidence collection, evidence collection personnel, data source, etc., and stamped with the official seal, and then be fixed and preserved in the form of documentary evidence to prevent the integrity of the electronic evidence fixing process from being damaged; Traditionally, there are audio-visual materials, such as evidence including audio and video, and the methods of taking photos and videos are used to fix the evidence.

ç°æææ¯ä¸»è¦åºç¨äºæ°åç¾åææ¯ï¼éè¿è®¡ç®çµåæ°æ®å¯ä¸çæ°åæè¦å¼ææ ¡éªç ï¼ä¿è¯çµåæ°æ®è¯æ®çå®æ´æ§ï¼ä½å¨ç°æææ¯ä¸é½æªæ¶åå¤åªä½çµåæ°æ®è¯æ®å¦ä½åºå®ãä¼ è¾ååç°çå®æ´è§£å³æ¹æ¡ãç°æææ¯å¯¹çµåè¯æ®å½¢æåå¨èå¼±å°åºå¦ä¸ï¼ï¼1ï¼å¤åªä½çµåæ°æ®è¯æ®å¦ä½åºå®ï¼æ²¡æç¸åºçä¿¡æ¯åææ¯æ¹æ¡ï¼ï¼2ï¼å¤åªä½çµåæ°æ®è¯æ®ä¸ï¼æ¶åå¤§éçé³ãè§é¢èµæï¼å¦ææä¼ ç»æ¹æ³éä¸ªè¿è¡ç¾åï¼é£ä¹ä¼ è¾è¿ç¨ä¸å¯ä»¥å°ææä»¶åå¯¹åºç¾ååæ¶å é¤èä¸è¢«åç°ï¼ä»èç ´åè¯æ®çå®æ´æ§ï¼å¦æå¯¹æ¶åçé³ãè§é¢èµææ´ä½æåç¾åï¼æ¶åçå±ç¤ºé®é¢ææ²¡æè§èçè§£å³æ¹æ¡ï¼ï¼3ï¼éç¨æ°åç¾åè¿ç¨ä¸æªå å¥å å¯æºå¶ï¼å¯è½åå¨æ¶æç¨åºçä¾µå¥ï¼ç ´åç¾åçæææ§ãThe prior art is mainly applied to the digital signature technology, which ensures the integrity of the electronic data evidence by calculating the unique digital digest value or check code of the electronic data, but none of the prior art involves how the multimedia electronic data evidence is fixed, transmitted and A complete solution for reproduction. There are weak areas in the existing technology for the formation of electronic evidence as follows: (1) There is no corresponding information technology solution for how to fix multimedia electronic data evidence; (2) Multimedia electronic data evidence involves a large amount of audio and video materials. method to sign one by one, then a file and the corresponding signature can be deleted at the same time during the transmission process without being discovered, thereby destroying the integrity of the evidence; if the audio and video materials involved are packaged and signed as a whole, is there a standard for the display problem involved? Solution; (3) The encryption mechanism is not added in the process of digital signature, and there may be intrusion of malicious programs, which will destroy the validity of the signature.

åæåå®¹Contents of the invention

æ¬åæçç®çä¹ä¸æ¯æä¾ä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥åçæãå±ç¤ºæ¹æ³ï¼ä»æ´ä½ä¸ç¡®ä¿å¤åªä½çµåæ°æ®çå®æ´æ§ãé²ç¯¡æ¹åå®å¨æ§ãæ è®ºçµåæ°æ®è¯æ®æ¯ææ¬è¿æ¯è§å¬ææï¼é½è½éè¿å°éçé²ç¯¡æ¹è£ç½®è¿è¡å®æ´æ§ææ¯é²ç¯¡æ¹ï¼å¹¶å å¥çµåè¯æ®å±ç¤ºè®¤è¯æºå¶ï¼å¤çè¿ç¨æ´å®å¨ãéè½ãOne of the objectives of the present invention is to provide a method for generating and displaying multimedia electronic data forensics reports, which can ensure the integrity, tamper-proof and security of multimedia electronic data as a whole. Regardless of whether the electronic data evidence is text or audio-visual materials, it can be tamper-proofed by integrity technology through a closed tamper-proof device, and an electronic evidence display authentication mechanism is added to make the processing process safer and more concealed.

ä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥åçææ¹æ³ï¼å¶æ¥éª¤åæ¬ï¼A method for generating a multimedia electronic data forensics report, the steps comprising:

1ï¼æåè³å°ä¸ç§ç±»åççµåæ°æ®å¹¶å»ºç«åºäºæä»¶ç®å½çåæ¥çµååè¯æ¥åï¼1) Extract at least one type of electronic data and create a preliminary electronic forensics report based on the file directory;

2ï¼å¯¹æè¿°åæ¥çµåæä»¶åè¯æ¥åè¿è¡åç¼©åå¹¶æåä¸çåç¼©æä»¶å¹¶è®°å½æä»¶åå¨ä½ç½®ï¼2) Compress and merge the preliminary electronic document forensics report into a single compressed file and record the storage location of the file;

3ï¼å°éæºçæåç¬¦ä¸²å¯é¥ä½ä¸ºæè¿°åç¼©æä»¶å¯¹ç§°å å¯å¯é¥ï¼ç¶åå¯¹æè¿°åç¼©æä»¶è¿è¡å å¯è®¡ç®åºæä»¶æè¦ï¼3) Use a randomly generated string key as the symmetric encryption key for the compressed file; then encrypt the compressed file to calculate the file digest;

4ï¼ä½¿ç¨é¢ç½®çéå¯¹ç§°å å¯ç®æ³å¯¹æè¿°æä»¶æè¦ãæä»¶åå¨ä½ç½®ä»¥åæä»¶å¯¹ç§°å å¯å¯é¥è¿è¡å å¯ï¼å å¯å®æåå¢å ä¸å¼å¯¼ç¨åºï¼çæåä¸æä»¶æ ¼å¼çå¤åªä½çµåæ°æ®åè¯æ¥åã4) Use a preset asymmetric encryption algorithm to encrypt the file abstract, file storage location, and file symmetric encryption key; after the encryption is completed, add a boot program to generate a multimedia electronic data forensics report in a single file format.

ä¼éå°ï¼æè¿°åºäºæä»¶ç®å½çåæ¥çµååè¯æ¥ååºäºhtmlè¶ææ¬æ è¯è¯è¨ãPreferably, the preliminary electronic forensics report based on file directory is based on html hypertext markup language.

ä¼éå°ï¼éç¨MD5æSHA1è®¡ç®åºæä»¶æè¦ãPreferably, the file digest is calculated by using MD5 or SHA1.

ä¼éå°ï¼æ ¹æ®æè¿°æä»¶æè¦éªè¯åºæ²¡æè¢«ç¯¡æ¹ççµåæ°æ®åè¯æ¥åçæ¹æ³ä¸ºï¼Preferably, the method for verifying the electronic data forensics report that has not been tampered with according to the document summary is as follows:

æ¯è¾è®¡ç®å¾å°çæä»¶æè¦ä¸çæçµåæ°æ®åè¯æ¥åæ¶äº§ççæä»¶æè¦æ¯å¦ç¸åï¼å¦æç¸åï¼åå¤åªä½çµåæ°æ®åè¯æä»¶æ¯å®æ´èä¸æªè¢«ç¯¡æ¹ï¼å¦æä¸ç¸åï¼åå¤åªä½çµåæ°æ®åè¯æä»¶è¢«ç¯¡æ¹è¿ï¼æç¤ºæ°æ®ä¸å®æ´ï¼éè¦ä»åå§æ°æ®æºéæ°è·å¾åè¯æ¥åãCompare the calculated file abstract with the file abstract generated when the electronic data forensics report is generated. If they are the same, the multimedia electronic data forensics file is complete and has not been tampered with; if they are not the same, the multimedia electronic data forensics file has been tampered with. Indicates that the data is incomplete and the forensic report needs to be retrieved from the original data source.

ä¼éå°ï¼å¨å¤åªä½åè¯æ¥åè¿è¡å±ç¤ºä¸ï¼å å¥ç¾åè®¤è¯æºå¶ï¼æ¾ç¤ºè®¤è¯ç¾ååä½ï¼ä½¿å¤åªä½æ¥åå¨ä¼ è¾è¿ç¨ä¸æ´å®å¨ææãPreferably, in the running display of the multimedia forensics report, a signature authentication mechanism is added to display the authentication signature unit, so that the transmission of the multimedia report is safer and more effective.

ä¼éå°ï¼è³å°ä¸ç§ç±»åççµåæ°æ®åæ¬ï¼wordææ¡£ï¼excelææ¡£ï¼çä¿¡ï¼éè¯è®°å½ï¼ç§çï¼å½é³ï¼å½åãPreferably, at least one type of electronic data includes: word documents, excel documents, short messages, call records, photos, audio recordings, and video recordings.

æ´è¿ä¸æ¥ï¼æ ¹æ®æè¿°å¤åªä½çµåæ°æ®åè¯æ¥åçææ¹æ³çæçä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥åçéªè¯å±ç¤ºæ¹æ³ï¼å¶æ¥éª¤åæ¬ï¼Furthermore, a method for verifying and displaying a multimedia electronic data forensics report generated according to the method for generating a multimedia electronic data forensics report, the steps of which include:

1ï¼å°æè¿°å¤åªä½çµåæ°æ®åè¯æ¥åä¼ è¾å°éè¦å±ç¤ºçè®¡ç®æºå/æç§»å¨ç»ç«¯è®¾å¤å¯å¨å¼å¯¼ç¨åºè§£å¯åºæä»¶æè¦ãæä»¶åå¨ä½ç½®ä»¥åæä»¶å¯¹ç§°å å¯å¯é¥ï¼1) Transmit the multimedia electronic data forensics report to the computer and/or mobile terminal equipment to be displayed to start the boot program to decrypt the file summary, file storage location and file symmetric encryption key;

2ï¼æ ¹æ®æè¿°æä»¶æè¦éªè¯åºæ²¡æè¢«ç¯¡æ¹ççµåæ°æ®åè¯æ¥åï¼å¹¶æ ¹æ®æè¿°å¯¹ç§°å å¯å¯é¥å¯¹è¯¥çµåæ°æ®åè¯æ¥åè¿è¡è§£å¯ï¼å°çæç»æä¿åå°ä¸´æ¶æä»¶ç®å½å¯¹åè¯æ¥åè¿è¡å±ç¤ºï¼2) Verify the electronic data forensics report that has not been tampered with according to the document summary, and decrypt the electronic data forensics report according to the symmetric encryption key, and save the generated result to the temporary file directory to display the forensics report;

3ï¼æè¿°æ¥åå¼å¯¼ç¨åºèªå¨å é¤ä¸´æ¶æä»¶ï¼å®æå±ç¤ºã3) The report guide program automatically deletes temporary files to complete the display.

ä¼éå°ï¼æè¿°å¤åªä½çµåæ°æ®åè¯æ¥åå¨å±ç¤ºæ¶ï¼å å¥ç¾åè®¤è¯æºå¶ï¼æ¾ç¤ºè®¤è¯ç¾ååä½ãPreferably, when the multimedia electronic data forensics report is displayed, a signature authentication mechanism is added to display the authentication signature unit.

ä¼éå°ï¼éè¿Uçæ·è´ãç½ç»ä¼ éçæ¹å¼å°æè¿°å¤åªä½çµåæ°æ®åè¯æ¥åä¼ è¾å°éè¦å±ç¤ºçè®¡ç®æºå/æç§»å¨ç»ç«¯è®¾å¤ãPreferably, the multimedia electronic data forensics report is transmitted to the computer and/or mobile terminal equipment that needs to be displayed by means of USB disk copy and network transmission.

æ¬åæçå¦ä¸ç®çå¨äºæä¾ä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥åï¼åæ¬ç»è¿éå¯¹ç§°å å¯çï¼æä»¶æè¦ãæä»¶åå¨ä½ç½®ãåç¼©æä»¶å¯¹ç§°å å¯å¯é¥ä»¥åä¸å¼å¯¼ç¨åºï¼Another object of the present invention is to provide a multimedia electronic data forensics report, including asymmetrically encrypted: file summary, file storage location, compressed file symmetric encryption key and a boot program;

æè¿°åç¼©æä»¶å¯¹ç§°å å¯å¯é¥å°éæºçæåç¬¦ä¸²å¯é¥è·å¾ï¼The compressed file symmetric encryption key will be obtained by randomly generating a string key;

æè¿°æä»¶æè¦éè¿å¯¹æè¿°åç¼©æä»¶è¿è¡å å¯è·å¾ï¼The file digest is obtained by encrypting the compressed file;

æè¿°å¼å¯¼ç¨åºç¨äºå¨ç¨æ·è¿è¡è¯¥å¤åªä½çµåæ°æ®åè¯æ¥ååï¼å¯¹å¤åªä½åè¯æ¥åçå®æ´æ§è¿è¡æ ¡éªï¼The guide program is used to verify the integrity of the multimedia electronic data forensics report after the user runs the multimedia electronic data forensics report;

æè¿°æä»¶åå¨ä½ç½®ç¨äºè®°å½ä¿åè¯¥å¤åªä½çµåæ°æ®åè¯æ¥åæ¶èªå¨æ¾ç¤ºè¿ä¸ªå¤åªä½å±ç¤ºç®å½ãThe file storage location is used to automatically display the multimedia display directory when recording and saving the multimedia electronic data forensics report.

æ¬åæçå¦ä¸ç®çå¨äºæä¾ä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥åçæå±ç¤ºç³»ç»ï¼ä»æ´ä½ä¸è§£å³å¤åªä½çµåæ°æ®è¯æ®çåºå®ãä¼ è¾åå±ç¤ºï¼å·ä½ææ¯æ¹æ¡å¦ä¸ï¼Another object of the present invention is to provide a multimedia electronic data forensics report generation and display system, which solves the fixing, transmission and display of multimedia electronic data evidence as a whole. The specific technical solutions are as follows:

æ¬åæè¿æåºä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥åçæãå±ç¤ºç³»ç»ï¼åæ¬ï¼å¤åªä½çµåæ°æ®åè¯æ¥åçééè£ç½®ï¼å¤åªä½çµåæ°æ®åè¯æ¥åçæè£ç½®ï¼è®¤è¯å±ç¤ºè£ç½®ï¼The present invention also proposes a system for generating and displaying a multimedia electronic data forensic report, comprising: a collection device for a multimedia electronic data forensic report; a device for generating a multimedia electronic data forensic report; an authentication display device;

æè¿°å¤åªä½çµåæ°æ®åè¯æ¥åçééè£ç½®ï¼ç¨äºä»è®¡ç®æºå/æç§»å¨ç»ç«¯è®¾å¤ä¸ééè³å°ä¸ç§ç±»åççµåæ°æ®ï¼The collection device of the multimedia electronic data forensics report is used to collect at least one type of electronic data from computers and/or mobile terminal equipment;

æè¿°å¤åªä½çµåæ°æ®åè¯æ¥åçæè£ç½®ï¼ç¨äºæ ¹æ®æåå¾å°çè³å°ä¸ç§ç±»åççµåæ°æ®å¹¶å»ºç«åºäºæä»¶ç®å½çåæ¥çµååè¯æ¥åï¼å¯¹æè¿°åæ¥çµåæä»¶åè¯æ¥åè¿è¡åç¼©åå¹¶æåä¸çåç¼©æä»¶å¹¶è®°å½æä»¶åå¨ä½ç½®ï¼å°éæºçæåç¬¦ä¸²å¯é¥ä½ä¸ºæè¿°åç¼©æä»¶å¯¹ç§°å å¯å¯é¥ï¼ç¶åå¯¹æè¿°åç¼©æä»¶è¿è¡å å¯è®¡ç®åºæä»¶æè¦ï¼ä½¿ç¨é¢ç½®çéå¯¹ç§°å å¯ç®æ³å¯¹æè¿°æä»¶æè¦ãæä»¶åå¨ä½ç½®ä»¥åæä»¶å¯¹ç§°å å¯å¯é¥è¿è¡å å¯ï¼å å¯å®æåå¢å ä¸å¼å¯¼ç¨åºï¼çæåä¸æä»¶æ ¼å¼çå¤åªä½çµåæ°æ®åè¯æ¥åï¼The multimedia electronic data forensics report generating device is used to create a preliminary electronic forensics report based on the file directory based on the extracted at least one type of electronic data; compress and merge the preliminary electronic file forensics report into a single compressed file And record the file storage location; randomly generate a character string key as the compressed file symmetric encryption key; then encrypt the compressed file to calculate the file abstract; use the preset asymmetric encryption algorithm to encrypt the file abstract, The file storage location and file symmetric encryption key are encrypted; after the encryption is completed, a boot program is added to generate a multimedia electronic data forensics report in a single file format;

æè¿°è®¤è¯å±ç¤ºè£ç½®ï¼ç¨äºå°æè¿°å¤åªä½çµåæ°æ®åè¯æ¥åä¼ è¾å°éè¦å±ç¤ºçè®¡ç®æºå/æç§»å¨ç»ç«¯è®¾å¤å¯å¨å¼å¯¼ç¨åºè§£å¯åºæä»¶æè¦ãæä»¶åå¨ä½ç½®ä»¥åæä»¶å¯¹ç§°å å¯å¯é¥ï¼æ ¹æ®æè¿°æä»¶æè¦éªè¯åºæ²¡æè¢«ç¯¡æ¹ççµåæ°æ®åè¯æ¥åï¼å¹¶æ ¹æ®æè¿°å¯¹ç§°å å¯å¯é¥å¯¹è¯¥çµåæ°æ®åè¯æ¥åè¿è¡è§£å¯ï¼å°çæç»æä¿åå°ä¸´æ¶æä»¶ç®å½å¯¹åè¯æ¥åè¿è¡å±ç¤ºï¼æè¿°æ¥åå¼å¯¼ç¨åºèªå¨å é¤ä¸´æ¶æä»¶ï¼å®æå±ç¤ºãThe authentication display device is used to transmit the multimedia electronic data forensics report to the computer and/or mobile terminal equipment that needs to be displayed to start the boot program to decrypt the file abstract, file storage location and file symmetric encryption key; according to the file The summary verifies that the electronic data forensics report has not been tampered with, and decrypts the electronic data forensics report according to the symmetric encryption key, and saves the generated result to a temporary file directory to display the forensics report; the report guide program automatically deletes Temporary file, complete display.

æ¬åæçæçææï¼Beneficial effects of the present invention:

ä¸ç°æææ¯ç¸æ¯ï¼æ¬åæå¯¹å¤åªä½åè¯æ¥åå¨ä¼ è¾è¿ç¨ä¸æ°æ®è¿è¡å®æ´æ§ä¿æ¤ãCompared with the prior art, the invention protects the integrity of the data in the transmission process of the multimedia forensics report.

1ï¼éè¿åç¼©å¤åªä½æ°æ®ï¼è®¡ç®æä»¶æ ¡éªå¼ï¼çæå å¯æ°æ®ãæ£éªå¤´æä»¶ï¼å¹¶å¯¹åçæçæ ¡éªå¼å å¯å¤çï¼ææé²æ¢æ¶æç¨æ·æ´æ¹æ ¡éªå¼çç®çã1) By compressing multimedia data, calculating file verification value, generating encrypted data, verifying header files, and encrypting the generated verification value, it can effectively prevent malicious users from changing the verification value.

2ï¼å°åç¼©çæ°æ®æä»¶éç¨åç¼©ç®æ³ãæ ¡éªæ¹æ³ãä¸å¯éçå å¯ç®æ³ä»¥åå¯¹åºçè§£å¯æ°æ®ãèªè§£åæ£éªå¤´æä»¶ï¼åå¹¶çæå¤åªä½æ¥åã2) Combine compressed data files with compression algorithm, verification method, irreversible encryption algorithm, corresponding decrypted data, and self-extracting inspection header files to generate a multimedia report.

3ï¼å¨å¤åªä½åè¯æ¥åè¿è¡å±ç¤ºä¸ï¼å å¥ç¾åè®¤è¯æºå¶ï¼æ¾ç¤ºè®¤è¯ç¾ååä½ï¼ä½¿å¤åªä½æ¥åå¨ä¼ è¾è¿ç¨ä¸æ´å®å¨ææã3) In the running display of the multimedia forensics report, a signature authentication mechanism is added to display the authentication signature unit, making the multimedia report more secure and effective during transmission.

éå¾è¯´æDescription of drawings

å¾1ä¸ºæ¬åæä¸å®æ½ä¾ä¸å®ç°è¿ç¨å¤åªä½çµåæ°æ®åè¯æ¥åçç¤ºæå¾ï¼Fig. 1 is the schematic diagram that realizes using multimedia electronic data forensics report in one embodiment of the present invention;

å¾2ä¸ºæ¬åæä¸å®æ½ä¾ä¸å¤åªä½çµåæ°æ®åè¯æ¥åæä»¶çææ§è¡æµç¨å¾Fig. 2 is the flow chart of generating and executing multimedia electronic data forensics report file in one embodiment of the present invention

å¾3ä¸ºæ¬åæä¸å®æ½ä¾ä¸å¤åªä½çµåæ°æ®åè¯æ¥åçè®¤è¯å±ç¤ºæµç¨å¾ï¼Fig. 3 is the authentication demonstration flow chart of multimedia electronic data forensics report in one embodiment of the present invention:

å¾4ä¸ºæ¬åæä¸å®æ½ä¾ä¸ä»¥æçµåæ°æ®åè¯é´å®ä¸å¿ä¸ºä¾å¯¹æé¨ææºè¿è¡åæ¥é´å®çæµç¨ç¤ºæå¾ãFig. 4 is a schematic flow diagram of an investigation and appraisal of a certain mobile phone by taking a certain electronic data forensics and appraisal center as an example in an embodiment of the present invention.

å¾5ä¸ºæ¬åæä¸å®æ½ä¾ä¸é´å®ä»»å¡æåºäººå¯ä»¥å°å¤åªä½çµåæ°æ®åè¯æ¥åå¨éç¨çè®¡ç®æºä¸ï¼è¿è¡æµè§ãå±ç¤ºç¤ºæå¾ãFig. 5 is a schematic diagram of an identification task proposer who can browse and display multimedia electronic data forensics reports on a general-purpose computer in an embodiment of the present invention.

å·ä½å®æ½æ¹å¼detailed description

ä¸ºäºä½¿æ¬åæçç®çãææ¯æ¹æ¡æ´å æç¡®ï¼ä»¥ä¸éè¿å·ä½å®æ½ä¾å¹¶éåéå¾ï¼å¯¹æ¬åæè¿è¡è¯¦ç»è¯´æãIn order to make the purpose and technical solution of the present invention clearer, the present invention will be described in detail below through specific embodiments and accompanying drawings.

å¨æ¬åæçä¸å®æ½ä¾ä¸å¤åªä½çµåæ°æ®åè¯æ¥åçåºå®ãä¼ è¾åå±ç¤ºè¿ç¨æ¶åå°äºä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥åçæå±ç¤ºç³»ç»ï¼åæ¬ä¸é¨åï¼å¤åªä½çµåæ°æ®åè¯æ¥åçééè£ç½®ï¼å¤åªä½çµåæ°æ®åè¯æ¥åçæè£ç½®ï¼è®¤è¯å±ç¤ºè£ç½®ï¼ä»¥ä¸æ¯å¯¹è£ç½®çè¯¦ç»è¯´æï¼In one embodiment of the present invention, the process of fixing, transmitting and displaying the multimedia electronic data forensics report involves a system for generating and displaying the multimedia electronic data forensics report, which includes three parts: a collection device for the multimedia electronic data forensics report; a multimedia electronic data forensics report collection device; Report Generating Device; Certification Demonstration Device; The following is a detailed description of the device:

å¤åªä½çµåæ°æ®åè¯æ¥åééè£ç½®ï¼ç¨äºä»è®¡ç®æºãç§»å¨ç»ç«¯è®¾å¤ä¸ééææ¬ãç§çãé³é¢ãè§é¢ææãå¨è®¡ç®æºåç§»å¨ç»ç«¯è®¾å¤ä¸ï¼åå¨å¤§éççµåæ°æ®ï¼ééè£ç½®ä¼æ ¹æ®å¤åªä½çµåæ°æ®æ¥åä½¿ç¨èçè¦æ±ï¼çµåæ°æ®åè¯äººåå¯ä»¥å¯¹è¯»åçå¤åªä½ç±»åè¿è¡é¢è®¾ãéåãé¢è®¾å¯éæ©åªåªä¸ç±»åççµåæ°æ®ä½ä¸ºçµåæ°æ®è¯æ®ï¼å¦wordææ¡£ï¼excelææ¡£ï¼çä¿¡ï¼éè¯è®°å½ï¼ç§çï¼å½é³ï¼å½åçãThe multimedia electronic data forensics report collection device is used to collect text, photos, audio and video materials from computers and mobile terminal equipment. In computers and mobile terminal equipment, there is a large amount of electronic data, and the acquisition device will report the user's requirements according to the multimedia electronic data, and the electronic data forensics personnel can preset and select the type of multimedia to be read. Preset which type of electronic data can be selected as electronic data evidence, such as word documents, excel documents, text messages, call records, photos, audio recordings, video recordings, etc.

ééå°å¤åªä½æ°æ®åéååºç¹å®ççµåæ°æ®ç±»åï¼ä½ä¸ºçµåæ°æ®è¯æ®ï¼æä¾ç»ç¨æ·ãééå°çææ¬ãç§çãé³é¢ãè§é¢çæä»¶ï¼ä¸è¬å¯ä»¥å¨ééè®¾å¤ä¸ç´æ¥è¿è¡æµè§ãåæãå¤åªä½è¯æ®ééè£ç½®ééå°çææ¬ãç§çãé³é¢ãè§é¢æä»¶ï¼å°ä½ä¸ºè¾å¥ä¼ å¥å¤åªä½çµåæ°æ®åè¯æ¥åçæè£ç½®ãAfter the multimedia data is collected, a specific electronic data type is selected and provided to the user as electronic data evidence. The collected text, photos, audio, video and other files can generally be browsed and analyzed directly on the collection device. The text, photos, audio and video files collected by the multimedia evidence collection device will be sent to the multimedia electronic data evidence collection report generation device as input.

å¤åªä½çµåæ°æ®åè¯æ¥åçæè£ç½®ï¼ç¨äºå°ééçææ¬ãç§çãé³é¢ãè§é¢ææï¼ç»ç®å½ç»ç»ãåç¼©ãæè¦ãå å¯åå½¢æåä¸ªæä»¶ãThe multimedia electronic data forensics report generation device is used to form a single file after the collected text, photos, audio and video materials are cataloged, compressed, summarized and encrypted.

æ¬é¢åææ¯äººåæ¸æ¥å°æäºç®å½ç»ç»æ¯æï¼ä»ç§»å¨éä¿¡è®¾å¤æèè®¡ç®æºä¸æåççµåæ°æ®ï¼ä¸ºäºæ¹ä¾¿å¤åªä½çµåæ°æ®åè¯æ¥åçä½¿ç¨èçåæçè§£ï¼æç§çµåæ°æ®ç±»åï¼å¦éä¿¡å½ãéè¯è®°å½ï¼ç§ççï¼ä»¥ç®å½çå½¢å¼éçº§å±ç¤ºãThose skilled in the art clearly understand that directory organization refers to electronic data extracted from mobile communication devices or computers. In order to facilitate the analysis and understanding of users of multimedia electronic data forensics reports, according to the type of electronic data, such as address books and call records, Photos, etc., are displayed step by step in the form of a directory.

å¨æ¬åæä¸éè¿åç¼©åï¼å°å¤ä¸ªå¤åªä½çµåæä»¶åå¹¶æä¸ä¸ªåä¸æä»¶ãAfter compression in the present invention, multiple multimedia electronic files are combined into a single file.

æè¿°æè¦çç®çå¯¹æä»¶çå®æ´æ§è¿è¡æ ¡éªï¼è®¡ç®æè¦åï¼å¯¹æè¦è¿è¡å å¯ãä¸æ¦æä»¶è¢«ä¿®æ¹ï¼å°±å¯ä»¥éè¿æ¯è¾æè¦ï¼åç°æä»¶è¢«ä¿®æ¹ãç±äºæè¦å å¯éç¨éå¯¹ç§°å å¯ç®æ³ï¼å æ¤æ æ³ä¼ªé å å¯åçæè¦ãThe purpose of the digest is to verify the integrity of the file, and after the digest is calculated, the digest is encrypted. Once the file is modified, it can be found that the file has been modified by comparing the summary. Since the digest encryption uses an asymmetric encryption algorithm, it is impossible to forge the encrypted digest.

æè¿°å å¯æ¯æï¼å¯¹æè¦çå å¯éç¨çæ¯éå¯¹ç§°å å¯ç®æ³ï¼å¯¹æ´ä¸ªæä»¶çå å¯éç¨çæ¯å¯¹ç§°å å¯ç®æ³ãThe encryption refers to: an asymmetric encryption algorithm is used for the encryption of the abstract, and a symmetric encryption algorithm is used for the encryption of the entire file.

æè¿°å¤åªä½çµåæ°æ®åè¯æ¥åçè®¤è¯å±ç¤ºè£ç½®ï¼ç¨äºå¨ç¡®è®¤å¤åªä½çµåæ°æ®åè¯æ¥åå®æ´æ§åä¸è´æ§ä¹åï¼å¯¹å¤åªä½çµåæ°æ®åè¯æ¥åè¿è¡å±ç¤ºãThe certification display device for the multimedia electronic data forensics report is used for displaying the multimedia electronic data forensics report after confirming the integrity and consistency of the multimedia electronic data forensics report.

å¨æ¬åæçä¸å®æ½ä¾ä¸ä¸ç§å¤åªä½çµåæ°æ®åè¯æ¥åçæå±ç¤ºæ¹æ³ï¼å¶æ¥éª¤ä¸ºï¼In an embodiment of the present invention, a method for generating and displaying a multimedia electronic data forensics report, the steps are:

ç¬¬ä¸æ¥ï¼ç¨æ·ä»å¤åªä½çµåæ°æ®ééè£ç½®ä¸éæ©ç¹å®ççµåæ°æ®åï¼ä½ä¸ºè¾å¥ä¼ éç»å¤åªä½çµåæ°æ®åè¯æ¥åçæè£ç½®ãå¤åªä½çµåæ°æ®åè¯æ¥åçæè£ç½®æ ¹æ®çµåæ°æ®çåå¨å³èå³ç³»ï¼å»ºç«åºäºhtmlæ è¯è¯è¨çæ¹ä¾¿æµè§çåºäºæä»¶ç®å½ççµåæ°æ®åè¯æ¥åãæ¤æ¥éª¤å®æåï¼å³å½¢æåæ¥çhtmlåè¯æ¥åï¼å¯ä»¥éè¿htmlçç®å½æ ¼å¼ï¼æ¹ä¾¿çæµè§åç§åè¯ä¿¡æ¯ãHtmlå³âè¶ææ¬âå°±æ¯æé¡µé¢åå¯ä»¥åå«å¾çãé¾æ¥ï¼çè³é³ä¹ãç¨åºçéæååç´ ãè¶ææ¬æ è®°è¯è¨çç»æåæ¬å¤´é¨åï¼Headï¼ãåä¸»ä½é¨åï¼Bodyï¼ï¼å¶ä¸å¤´é¨ï¼headï¼æä¾å³äºç½é¡µçä¿¡æ¯ï¼ä¸»ä½ï¼bodyï¼é¨åæä¾ç½é¡µçå·ä½åå®¹ãIn the first step, the user selects specific electronic data from the multimedia electronic data collection device, and sends it as an input to the multimedia electronic data forensic report generation device. The multimedia electronic data forensics report generation device creates an electronic data forensics report based on the file directory for easy browsing based on the html markup language according to the internal correlation of the electronic data. After this step is completed, a preliminary html forensic report will be formed, and various forensic information can be easily browsed through the html directory format. Html or "hypertext" means that the page can contain non-text elements such as pictures, links, and even music and programs. The structure of the hypertext markup language includes a head part (Head) and a body part (Body), wherein the head (head) provides information about the web page, and the body (body) part provides the specific content of the web page.

ç¬¬äºæ¥ï¼å°åºäºæä»¶ç®å½æ ¼å¼çhtmlåè¯æ¥åè¿è¡åç¼©åå¹¶ï¼å½¢æä¸ä¸ªåä¸çåç¼©æä»¶ï¼å³å°htmlçåè¯æ¥ååç¼©åå¹¶ä¸ºä¸ä¸ªåç¼©æä»¶ï¼ï¼å¹¶è®°å½htmlæä»¶çæä»¶åå¨ä½ç½®ï¼htmlæä»¶ä½ä¸ºå¤åªä½çµåæ°æ®åè¯æ¥åçå±ç¤ºç®å½ï¼éè¦è®°å½è¿ä¸ªæä»¶çå¨åç¼©åä¸çç¸å¯¹ä½ç½®ï¼è¿æ ·ä¾¿äºå¨å±ç¤ºå¯¹åªä½åè¯æ¥åæ¶ï¼èªå¨æ¾ç¤ºè¿ä¸ªå¤åªä½ç®å½ãï¼ãèªå¨çæä¸ä¸ªåç¬¦ä¸²å¯ç ï¼ä½ä¸ºå¯¹åç¼©åæä»¶çå¯¹ç§°å å¯ç®æ³çå¯é¥å³è¾å¥ï¼å¯¹çæçåç¼©æä»¶è¿è¡å å¯ãéç¨MD5æSHA1è®¡ç®è¿ä¸ªåç¼©æä»¶çæä»¶æè¦å¾å°æ ¡éªå¼ï¼éç¨çæ¯æ åçæ ¡éªæ¹æ³ï¼å³ä¸å¯éçhashå¼æ¯è¾ï¼å¨æ¬åæä¸å¹¶ä¸åå·ä½çéå¶ãå°çæçæä»¶æè¦ãå¯¹ç§°å å¯å¯ç ï¼èªå¨çäº§çåç¬¦ä¸²ç§å¯ï¼ãhtmlæä»¶åå¨ä½ç½®ä¿¡æ¯ï¼ä½¿ç¨é¢å¶çéå¯¹ç§°å å¯ç®æ³è¿è¡å å¯ãThe second step is to compress and merge the html forensic report based on the file directory format to form a single compressed file (that is, compress and merge the html forensic report into a compressed file), and record the file storage location of the html file (the html file is used as a multimedia The display directory of the electronic data forensics report needs to record the relative position of this file in the compressed package, so that this multimedia directory can be automatically displayed when displaying the media forensics report.). Automatically generate a string password, which is input as the key of the symmetric encryption algorithm for the compressed file, and encrypt the generated compressed file. Adopting MD5 or SHA1 to calculate the file summary of this compressed file to obtain the verification value, what adopts is a standard verification method, that is, irreversible hash value comparison, which is not specifically limited in the present invention. The generated file summary, symmetric encryption password (automatically generated string secret), and html file storage location information are encrypted using a prefabricated asymmetric encryption algorithm.

ç¬¬ä¸æ¥ï¼å°å¤åªä½çµåæ°æ®åè¯æ¥åå¤çå¼å¯¼ç¨åºãåç¼©å å¯åçæ°æ®æä»¶ãå å¯åçæä»¶æè¦åå¯¹ç§°å å¯å¯ç ãhtmlæä»¶åå¨ä½ç½®ä¿¡æ¯è¿è¡ç»ä¸å¤çï¼çæåä¸æä»¶æ ¼å¼çå¤åªä½åè¯æ¥åãæè¿°å¼å¯¼ç¨åºçä½ç¨æ¯å¨åå»è¿è¡å¤åªä½åè¯æ¥ååï¼å¯¹å¤åªä½åè¯æ¥åçå®æ´æ§è¿è¡æ ¡éªï¼å¦æå¤åªä½åè¯æ¥åæ²¡æè¢«ä¿®æ¹ï¼å®å¯ä»¥å°åºäºhtmlç®å½çå¤åªä½åè¯æ¥åè§£æåºæ¥ï¼å¹¶æå¼htmlç®å½ä¾ç¨æ·æµè§ãThe third step is to uniformly process the multimedia electronic data forensics report processing boot program, compressed and encrypted data files, encrypted file abstracts, symmetric encryption passwords, and html file storage location information to generate a multimedia forensics report in a single file format. The function of the boot program is to verify the integrity of the multimedia forensics report after double-clicking to run the multimedia forensics report. If the multimedia forensics report has not been modified, it can parse out the multimedia forensics report based on the html directory and open the html Directory for users to browse.

å¤åªä½çµåæ°æ®åè¯æ¥åçè®¤è¯å±ç¤ºè£ç½®ï¼ç¨äºå¨ç¡®è®¤å¤åªä½çµåæ°æ®åè¯æ¥åå®æ´æ§åä¸è´æ§ä¹åï¼å¯¹å¤åªä½çµåæ°æ®åè¯æ¥åè¿è¡å±ç¤ºï¼å±ç¤ºæ¹æ³å¦ä¸ï¼The certified display device for the multimedia electronic data forensics report is used to display the multimedia electronic data forensics report after confirming the integrity and consistency of the multimedia electronic data forensics report. The display method is as follows:

ç¬¬ä¸æ¥ï¼å¤åªä½çµåæ°æ®åè¯æ¥åå¼å¯¼ç¨åºï¼è§£å¯åºæä»¶æè¦éå¯¹ç§°å å¯çå¯é¥ãå¯¹ç§°å å¯å¯é¥åhtmlæä»¶åå¨ä½ç½®ä¿¡æ¯ãIn the first step, the multimedia electronic data forensics report guide program decrypts the asymmetric encryption key of the document abstract, the symmetric encryption key and the storage location information of the html file.

ç¬¬äºæ¥ï¼å¯¹åç¼©å å¯çå¤åªä½æ°æ®æä»¶ï¼ç¨ä¸çäº§å¤åªä½çµåæ°æ®åè¯æ¥åç¸åçç®æ³è®¡ç®æä»¶æè¦ãæ¯è¾è®¡ç®å¾å°çæä»¶æè¦ä¸ç¬¬ä¸æ¥å¾å°çæä»¶æè¦ï¼å¦æç¸åï¼åè®¤ä¸ºå¤åªä½çµåæ°æ®åè¯æä»¶æ¯å®æ´èä¸æªè¢«ç¯¡æ¹è¿çï¼è¿å¥ç¬¬ä¸æ¥ï¼å¦æä¸ç¸åï¼è¯´æå¤åªä½çµåæ°æ®åè¯æä»¶æ¯è¢«ç¯¡æ¹è¿çï¼æç¤ºæ°æ®ä¸å®æ´ï¼éè¦ä»åå§æ°æ®æºè·å¾åè¯æ¥ååï¼éåºå¤çè¿ç¨ãIn the second step, for the compressed and encrypted multimedia data files, the file summary is calculated using the same algorithm as that used for producing multimedia electronic data forensics reports. Comparing the calculated file abstract with the file abstract obtained in the first step, if they are the same, it is considered that the multimedia electronic data forensics file is complete and has not been tampered with, and enter the third step; if not the same, it means that the multimedia electronic data forensics file is If it has been tampered with, it indicates that the data is incomplete, and it is necessary to obtain a forensic report from the original data source and exit the processing process.

ç¬¬ä¸æ¥ï¼ä½¿ç¨ç¬¬ä¸æ¥è·å¾çå¯¹ç§°å å¯å¯é¥ï¼å¯¹åç¼©å å¯åçå¤åªä½çµåæ°æ®æä»¶è¿è¡è§£å¯ï¼å¨å±ç¤ºæ¶ï¼ä½¿ç¨æ¥éª¤äºä¸çå¯é¥å¯¹å å¯åçåç¼©æä»¶è¿è¡è§£å¯ï¼ï¼çæä¸ä¸ªåä¸çåç¼©æä»¶ãå¯¹è¿ä¸ªåç¼©æä»¶ï¼ä½¿ç¨åç¼©ç®æ³å¯¹åºçè§£åç®æ³è¿è¡è§£åï¼å°çæç»æä¿åå°ä¸´æ¶æä»¶ç®å½ãIn the third step, use the symmetric encryption key obtained in the first step to decrypt the compressed and encrypted multimedia electronic data file (during the display, use the key in step 2 to decrypt the encrypted compressed file), and generate a single compressed file. For this compressed file, use the decompression algorithm corresponding to the compression algorithm to decompress, and save the generated result to the temporary file directory.

ç¬¬åæ¥ï¼å¤åªä½çµåæ°æ®åè¯æ¥åå¼å¯¼ç¨åºè°ç¨å±ç¤ºè®¡ç®æºä¸çæµè§å¨ï¼ä»¥htmlæä»¶åå¨ä½ç½®ä¿¡æ¯ä½ä¸ºè¾å¥ï¼æç§é¢è®¾çå¤åªä½çµåæ°æ®ç®å½ï¼å¯¹åè¯ä¿¡æ¯è¿è¡å±ç¤ºãIn the fourth step, the guide program of the multimedia electronic data forensics report invokes the browser on the display computer, takes the storage location information of the html file as input, and displays the forensic information according to the preset multimedia electronic data directory.

ç¬¬äºæ¥ï¼å¯¹å¤åªä½çµåæ°æ®åè¯æ¥åå±ç¤ºå®æï¼å³éå¯¹åºçæµè§å¨åï¼å¤åªä½çµåæ°æ®åè¯æ¥åå¼å¯¼ç¨åºèªå¨å é¤ç¨åºçæçä¸´æ¶æä»¶ãIn the fifth step, the display of the multimedia electronic data forensics report is completed, and after closing the corresponding browser, the multimedia electronic data forensics report guide program automatically deletes the temporary files generated by the program.

ä¸è¿°å±ç¤ºæ¹å¼è¿åæ¬ç¾åæºå¶ï¼æ¯å¯¹å¤åªä½çµåæ°æ®åè¯æ¥åééäººçèº«ä»½è®¤è¯ãThe above display method also includes a signature mechanism, which is the identity authentication of the collector of the multimedia electronic data forensics report.

å¾1ä¸ºæ¬åæä¸å®æ½ä¾ä¸å®ç°è¿ç¨å¤åªä½çµåæ°æ®åè¯æ¥åçç¤ºæå¾ãçµåæ°æ®åè¯åè¿è¡å¤åªä½æ°æ®ééï¼ééå®åå½¢æå¤åªä½çµåæ°æ®åè¯æ¥åãæ ¹æ®è¯¥å¤åªä½çµåæ°æ®åè¯æ¥åï¼å¤åªä½çµåæ¥åä½¿ç¨èå¯ä»¥ç´æ¥ç¨å¶è¿è¡å±ç¤ºç¨æ·ãFIG. 1 is a schematic diagram of realizing the use of multimedia electronic data for forensic reporting in an embodiment of the present invention. The electronic data forensics officer collects multimedia data, and forms a multimedia electronic data forensics report after the collection is completed. According to the multimedia electronic data forensics report, the user of the multimedia electronic report can directly use it to display the user.

å¾2ä¸ºæ¬åæä¸å®æ½ä¾ä¸å¤åªä½çµåæ°æ®åè¯æ¥åæä»¶çææ§è¡æµç¨å¾ãæµç¨å¦ä¸ï¼Fig. 2 is a flow chart of generating and executing multimedia electronic data forensics report files in an embodiment of the present invention. The process is as follows:

1ï¼å°å¤åªä½æ°æ®ééè·å¾çå¤åªä½çµåæ°æ®æèéåç¨äºçæå¤åªä½çµåæ°æ®åè¯æ¥åçæºæ°æ®ï¼1) Collect the multimedia electronic data obtained by multimedia data collection or select the source data used to generate the multimedia electronic data forensics report;

2ï¼æ ¹æ®è·å¾çæ°æ®çæåºäºæä»¶ç®å½çhtmlçå¤åªä½çµåæ°æ®æ¥åï¼2) According to the obtained data, generate an html multimedia electronic data report based on the file directory;

3ï¼åç¼©æåä¸æä»¶æ ¼å¼ï¼3) Compressed into a single file format;

4ï¼å å¯ãè®¡ç®æä»¶æè¦ï¼4) Encryption and calculation of file digests;

5ï¼ä½¿ç¨éå¯¹ç§°å å¯ç®æ³å¯¹æä»¶æè¦ãæä»¶å å¯å¯ç ãhtmlåå¨è·¯å¾ä¿¡æ¯è¿è¡å å¯ï¼5) Use an asymmetric encryption algorithm to encrypt file abstracts, file encryption passwords, and html existence path information;

6ï¼çæå¤åªä½çµåæ°æ®æ¥åã6) Generate multimedia electronic data reports.

å¾3ä¸ºæ¬åæä¸å®æ½ä¾ä¸å¤åªä½çµåæ°æ®åè¯æ¥åçè®¤è¯å±ç¤ºæµç¨å¾ãæµç¨å¦ä¸ï¼Fig. 3 is a flow chart of authentication presentation of a multimedia electronic data forensics report in an embodiment of the present invention. The process is as follows:

1ï¼å¤åªä½çµåæ°æ®åè¯æ¥åè¢«ä»¥Uçæ·è´ãç½ç»ä¼ éçæ¹å¼ï¼åéå°éè¦è¿è¡çµåæ°æ®åè¯ç»æå±ç¤ºçè®¡ç®æºï¼1) The multimedia electronic data forensics report is sent to the computer that needs to display the electronic data forensics results by means of U disk copy, network transmission, etc.;

2ï¼åå»å¤åªä½çµåæ°æ®åè¯æ¥åæä»¶ï¼2) Double-click the multimedia electronic data forensics report file;

3ï¼å¤åªä½çµåæ°æ®åè¯æ¥åå¼å¯¼ç¨åºè¿ååºæä»¶æè¦ï¼å å¯å¯ç ï¼htmlåå¨è·¯å²çä¿¡æ¯ï¼3) The multimedia electronic data forensics report guide program restores the file summary, encrypted password, html storage path and other information;

4ï¼è®¡ç®æä»¶æè¦ï¼å¹¶ä¸åå¨çæä»¶æè¦è¿è¡æ¯è¾ï¼è¥æè¦ä¸ç¸åï¼åæç¤ºå¤åªä½æ°æ®åè¯æ¥åå¯è½è¢«ç¯¡æ¹ï¼ç»ææå¼ï¼è¥æè¦ç¸åï¼åå°å¤åªä½çµåæ°æ®åè¯æä»¶è§£å¯ãè§£åå°ä¸´æ¶è·¯å¾ï¼4) Calculate the file summary and compare it with the stored file summary. If the summary is not the same, it will prompt that the multimedia data forensics report may have been tampered with and end the opening; if the summary is the same, the multimedia electronic data forensics file will be decrypted and decompressed to a temporary path. ;

5ï¼ä½¿ç¨ç³»ç»èªå¸¦çæµè§å¨å¯¹htmlè¿è¡å±ç¤ºï¼å®ç°å¯¹å¤åªä½çµåæ°æ®çå±ç¤ºï¼5) Use the browser that comes with the system to display html to realize the display of multimedia electronic data;

6ï¼å®æå¯¹å¤åªä½åè¯æ¥åçæµè§åå³éæµè§å¨ï¼èªå¨å é¤çæçä¸´æ¶è·¯å¾åæä»¶ã6) Close the browser after browsing the multimedia forensics report, and automatically delete the generated temporary paths and files.

å¦å¾4æç¤ºæ¯æçµåæ°æ®åè¯é´å®ä¸å¿ä¸ºä¾å¯¹æé¨ææºè¿è¡åæ¥é´å®çæµç¨ç¤ºæå¾ãå½æçµåæ°æ®åè¯é´å®ä¸å¿æ¥åä¸é¡¹ä»»å¡ï¼é´å®ä¸å¿ææ´¾é´å®åå¯¹è¯¥ææºè¿è¡é´å®ï¼è¯¥é´å®åå¯¹è¿é¨ææºè¿è¡åè¯é´å®åï¼å©ç¨å¤åªä½çµåæ°æ®åè¯æ¥åçæææ¯ï¼çæå¯ä»¥è±ç¦»åè¯é´å®è®¾å¤çå¤åªä½çµåæ°æ®åè¯æ¥åãè¯¥å¤åªä½çµåæ°æ®åè¯æ¥åè¢«ä»¥æä»¶çå½¢å¼æ·è´æèéè¿ç½ç»åéç»é´å®ä»»å¡æåºäººãå¨å¤åªä½çµåæ°æ®åè¯æ¥åçæè£ç½®ä¸è¿è¡å¦ä¸çæä½ï¼As shown in Figure 4, it is a schematic diagram of the flow chart of an electronic data forensics identification center for an example of a certain mobile phone investigation and identification. When an electronic data forensics appraisal center accepts a task, the appraisal center assigns an appraiser to appraise the mobile phone. After the appraiser conducts the forensic appraisal of the mobile phone, he uses the multimedia electronic data forensics report generation technology to generate a device that can be separated from the forensic appraisal. Multimedia Electronic Data Forensics Report. The multimedia electronic data forensics report is copied in the form of a file or sent to the identification task proposer through the network. Perform the following operations in the multimedia electronic data forensics report generation device:

1ï¼çæåºäºæä»¶è·¯å¾çhtmlæ¥åï¼1) Generate an html report based on the file path;

2ï¼å°çæçæä»¶æè¦ãå¯¹ç§°å å¯å¯ç ãhtmlæä»¶åå¨ä½ç½®ä¿¡æ¯ï¼ä½¿ç¨é¢å¶çéå¯¹ç§°å å¯ç®æ³è¿è¡å å¯ï¼2) Encrypt the generated file summary, symmetric encryption password, and html file storage location information using a prefabricated asymmetric encryption algorithm;

3ï¼å°å¤åªä½çµåæ°æ®åè¯æ¥åå¼å¯¼ç¨åºãåç¼©æä»¶ä»¥åç¸å³ä¿¡æ¯å¤ççæå¤åªä½çµååè¯æ¥åã3) Process the multimedia electronic data forensics report guide program, compressed files and related information to generate a multimedia electronic forensics report.

å¾5æç¤ºæ¯å®ä»»å¡æåºäººï¼å¯ä»¥å°å¤åªä½çµåæ°æ®åè¯æ¥åå¨éç¨çè®¡ç®æºä¸çæµè§ãå±ç¤ºç¤ºæå¾ãéè¿å¤åªä½çµåæ°æ®åè¯æ¥åä¸åºç¨çéå¯¹ç§°å å¯ææ¯ï¼è½å¤ç¡®ä¿çµåæ°æ®çå®æ´æ§åä¸è´æ§ãå·ä½æµç¨å¦ä¸ï¼Fig. 5 is a schematic diagram showing a task proposer who can browse and display multimedia electronic data forensics reports on a general-purpose computer. Through the asymmetric encryption technology applied in the multimedia electronic data forensics report, the integrity and consistency of electronic data can be ensured. The specific process is as follows:

1ï¼é´å®ä»»å¡æåºäººï¼è·å¾å¤åªä½çµåæ°æ®åè¯æ¥åæä»¶ï¼1) Identify the task proposer and obtain the multimedia electronic data forensics report;

2ï¼å¨å¤åªä½çµåæ°æ®åè¯æ¥åå±ç¤ºè®¤è¯è£ç½®ä¸ï¼å¤åªä½çµåæ°æ®åè¯æ¥åå¼å¯¼ç¨åºå¯¹åè¯æ¥åè¿è¡åæï¼2) In the multimedia electronic data forensics report display authentication device, the multimedia electronic data forensics report guide program analyzes the forensics report;

3ï¼ç¡®å®åè¯æ¥åçå®æ´æ§åä¸è´æ§ï¼3) determine the completeness and consistency of the forensic report;

4ï¼è§£åå°ä¸´æ¶æä»¶å¤¹ï¼4) Unzip to a temporary folder;

5ï¼å¯¹å¤åªä½åè¯æ¥åè¿è¡æµè§åå±ç¤ºï¼5) Browse and display the multimedia forensics report;

6ï¼å±ç¤ºå®æåï¼å é¤ä¸´æ¶æä»¶ã6) After the display is complete, delete the temporary file.

Claims (11)

1. a multimedia electronic data forensic report generation method, its step comprises:

1) the preliminary electron evidence obtaining that the electronic data extracting at least one type is also set up based on file directory is reported;

2) described preliminary electron file evidence obtaining report is compressed be merged into single compressed file and log file memory location;

3) using stochastic generation character string key as described compressed file symmetric cryptographic key; Then described compressed file is encrypted and calculates document;

4) preset rivest, shamir, adelman is used to be encrypted described document, file storage location and file symmetric cryptographic key; Encrypt rear increase by boot, generate the multimedia electronic data forensic report of single file layout.

2. multimedia electronic data forensic report generation method according to claim 1, is characterized in that, the described evidence obtaining of the preliminary electron based on file directory report is based on html Hypertext Markup Language.

3. multimedia electronic data forensic report generation method according to claim 1, is characterized in that, adopts MD5 or SHA1 to calculate document.

4. multimedia electronic data forensic report generation method according to claim 1, it is characterized in that, run in displaying in multimedia evidence obtaining report, add signature authentication mechanism, display authentication signature unit, makes multimedia reports safer and more effective in transmitting procedure.

5. multimedia electronic data forensic report generation method according to claim 1, is characterized in that, the electronic data of at least one type comprises: word document, excel document, note, message registration, photo, recording, video recording.

6. the multimedia electronic data forensic report that multimedia electronic data forensic report generation method according to claim 1 generates verifies methods of exhibiting, and its step comprises:

1) computing machine and/or the mobile terminal device Bootloader that described multimedia electronic data forensic report are transferred to needs displaying decrypt document, file storage location and file symmetric cryptographic key;

2) verify the electronic data evidence obtaining report be not tampered according to described document, and according to described symmetric cryptographic key, the report of this electronic data evidence obtaining is decrypted, generation result is saved in temporary file directory and evidence obtaining report is shown;

3) described report boot deletes temporary file automatically, completes displaying.

7. multimedia electronic data forensic report checking methods of exhibiting according to claim 6, is characterized in that, the method verifying the electronic data evidence obtaining report be not tampered according to described document is:

Whether the document that the document relatively calculated produces when reporting with generation electronic data evidence obtaining is identical, if identical, then multimedia electronic data forensic file is complete and is not tampered; If not identical, then multimedia electronic data forensic file was tampered, and reminder-data is imperfect, needed to regain evidence obtaining report from raw data source.

8. multimedia electronic data forensic report checking methods of exhibiting according to claim 6, it is characterized in that, described multimedia electronic data forensic report, when showing, adds signature authentication mechanism, display authentication signature unit.

9. multimedia electronic data forensic report checking methods of exhibiting according to claim 6, it is characterized in that, copied by USB flash disk and/or network transmit mode described multimedia electronic data forensic report is transferred to need show computing machine and/or mobile terminal device.

10. a multimedia electronic data forensic report, is characterized in that, comprises through asymmetric encryption: document, file storage location, compressed file symmetric cryptographic key and a boot;

Described compressed file symmetric cryptographic key is obtained by stochastic generation character string;

Described document is by being encrypted acquisition to described compressed file;

Described boot is used for after user runs this multimedia electronic data forensic report, verifies the integrality of multimedia evidence obtaining report;

Automatically this multimedia show catalogue is shown when described file storage location is for recording and preserving this multimedia electronic data forensic report.

11. 1 kinds of multimedia electronic data forensic report generate, display systems, it is characterized in that, comprising: the harvester of multimedia electronic data forensic report; Multimedia electronic data forensic report generating apparatus; Certification exhibiting device;

The harvester of described multimedia electronic data forensic report, for gathering the electronic data of at least one type from computing machine and/or mobile terminal device;

Described multimedia electronic data forensic report generating apparatus, for also setting up the preliminary electron evidence obtaining report based on file directory according to the electronic data extracting at least one type obtained; Described preliminary electron file evidence obtaining report is compressed and is merged into single compressed file and log file memory location; Using stochastic generation character string key as described compressed file symmetric cryptographic key; Then described compressed file is encrypted and calculates document; Preset rivest, shamir, adelman is used to be encrypted described document, file storage location and file symmetric cryptographic key; Encrypt rear increase by boot, generate the multimedia electronic data forensic report of single file layout;

Described certification exhibiting device, decrypts document, file storage location and file symmetric cryptographic key for the computing machine and/or mobile terminal device Bootloader described multimedia electronic data forensic report being transferred to needs displaying; Verify the electronic data evidence obtaining report be not tampered according to described document, and according to described symmetric cryptographic key, the report of this electronic data evidence obtaining is decrypted, generation result is saved in temporary file directory and evidence obtaining report is shown; Described report boot deletes temporary file automatically, completes displaying.

CN201310607114.8A 2013-11-25 2013-11-25 A kind of multimedia electronic data forensic report and generation, methods of exhibiting and system Expired - Fee Related CN103617402B (en) Priority Applications (1) Application Number Priority Date Filing Date Title CN201310607114.8A CN103617402B (en) 2013-11-25 2013-11-25 A kind of multimedia electronic data forensic report and generation, methods of exhibiting and system Applications Claiming Priority (1) Application Number Priority Date Filing Date Title CN201310607114.8A CN103617402B (en) 2013-11-25 2013-11-25 A kind of multimedia electronic data forensic report and generation, methods of exhibiting and system Publications (2) Family ID=50168105 Family Applications (1) Application Number Title Priority Date Filing Date CN201310607114.8A Expired - Fee Related CN103617402B (en) 2013-11-25 2013-11-25 A kind of multimedia electronic data forensic report and generation, methods of exhibiting and system Country Status (1) Families Citing this family (8) * Cited by examiner, â Cited by third party Publication number Priority date Publication date Assignee Title CN105049581B (en) * 2015-03-31 2018-05-29 æå·ç¿äººæ°æ®ç§ææéå¬å¸ Telephonograph evidence processing system and processing method CN105139322B (en) * 2015-07-02 2019-01-25 çç³è½¯ä»¶ï¼ä¸æµ·ï¼æéå¬å¸ A kind of distributed electronic data evidence obtaining system and method CN105354773B (en) * 2015-10-28 2020-05-12 éåºé®çµå¤§å¦ System for evidence preservation and verification on traffic accident scene CN105635257A (en) * 2015-12-24 2016-06-01 ç¦å»ºå¤©æ³æè²ç§ææéå¬å¸ Method and system for automatically detecting data update CN106850793A (en) * 2017-01-23 2017-06-13 éåºé®çµå¤§å¦ A kind of method that remote trusted towards Android phone is collected evidence CN107871063A (en) * 2017-11-16 2018-04-03 çç£ Anti-tamper video and audio recording digital signature method, device and storage medium CN114065139A (en) * 2020-08-04 2022-02-18 æé½é¼æ¡¥éä¿¡ææ¯æéå¬å¸ Multimedia file tamper-proof method and device CN118227699B (en) * 2024-03-18 2025-03-04 æ±èé¼è·è¾ç½ç»ç§ææéå¬å¸ Electronic data forensics combat training integrated equipment system Citations (4) * Cited by examiner, â Cited by third party Publication number Priority date Publication date Assignee Title CN1928842A (en) * 2005-09-07 2007-03-14 åæç§æè¡ä»½æéå¬å¸ High-Secret Non-sequential Hidden Block Memory Confidential Data Protection Method for Massive Data Storage Devices CN102325139A (en) * 2011-09-14 2012-01-18 ç¦å»ºä¼æ¶ä»£ä¿¡æ¯ç§æè¡ä»½æéå¬å¸ Electronic document processing method, processing system and verification system CN102724044A (en) * 2012-07-04 2012-10-10 ä¸æ¹éç¾ç§ææéå¬å¸ Electronic evidence verification and preservation method CN103400083A (en) * 2013-07-08 2013-11-20 ç¦å»ºä¼æ¶ä»£ä¿¡æ¯ç§æè¡ä»½æéå¬å¸ Method, device and system for protecting electronic evidence

2013
- 2013-11-25 CN CN201310607114.8A patent/CN103617402B/en not_active Expired - Fee Related

Patent Citations (4) * Cited by examiner, â Cited by third party Publication number Priority date Publication date Assignee Title CN1928842A (en) * 2005-09-07 2007-03-14 åæç§æè¡ä»½æéå¬å¸ High-Secret Non-sequential Hidden Block Memory Confidential Data Protection Method for Massive Data Storage Devices CN102325139A (en) * 2011-09-14 2012-01-18 ç¦å»ºä¼æ¶ä»£ä¿¡æ¯ç§æè¡ä»½æéå¬å¸ Electronic document processing method, processing system and verification system CN102724044A (en) * 2012-07-04 2012-10-10 ä¸æ¹éç¾ç§ææéå¬å¸ Electronic evidence verification and preservation method CN103400083A (en) * 2013-07-08 2013-11-20 ç¦å»ºä¼æ¶ä»£ä¿¡æ¯ç§æè¡ä»½æéå¬å¸ Method, device and system for protecting electronic evidence Also Published As Similar Documents Publication Publication Date Title CN103617402B (en) 2016-03-30 A kind of multimedia electronic data forensic report and generation, methods of exhibiting and system CN110798315B (en) 2021-04-13 Data processing method and device based on block chain and terminal WO2022052630A1 (en) 2022-03-17 Method and apparatus for processing multimedia information, and electronic device and storage medium US8856532B2 (en) 2014-10-07 Digital signatures of composite resource documents CN101017544B (en) 2010-12-01 Authentication method of integrated seal signature with digital certificate of electronic seal Chen et al. 2020 Study and implementation on the application of blockchain in electronic evidence generation US11394538B2 (en) 2022-07-19 System and method for verifying the no-later-than date-of-existence, data integrity, identity of the recorder, and timestamp of the recording for digital content US20040039932A1 (en) 2004-02-26 Apparatus, system and method for securing digital documents in a digital appliance CN107124281B (en) 2020-02-28 Data security method and related system TW201814566A (en) 2018-04-16 Apparatus, system, and method of preventing forgery or falsification of electronic document based on content US11449584B1 (en) 2022-09-20 Generating authenticable digital content CN110958319A (en) 2020-04-03 Method and device for managing infringement and evidence-based block chain CN111143869A (en) 2020-05-12 Application package processing method, device, electronic device and storage medium CN115952560B (en) 2024-02-06 Method, system, equipment and medium for verifying authenticity of electronic archive file based on original handwriting signature US11770260B1 (en) 2023-09-26 Determining authenticity of digital content CN106557707B (en) 2020-03-24 Method and system for processing document data CN113315745A (en) 2021-08-27 Data processing method, device, equipment and medium CN107888591B (en) 2020-02-14 Method and system for electronic data preservation CN112583772B (en) 2022-07-15 Data acquisition and storage platform CN108900472B (en) 2021-11-30 Information transmission method and device CN112954403B (en) 2023-02-17 Video encryption method, device, equipment and storage medium CN111724155A (en) 2020-09-29 Electronic contract management method and device CN115834035A (en) 2023-03-21 Multimedia data storage method, computer equipment and storage device KR20200069034A (en) 2020-06-16 Method for preventing falsification data from being stored in network and system performing the method CN101951365B (en) 2014-03-26 Network information counterfeiting issuing system, counterfeiting receiving system, and counterfeiting system and method Legal Events Date Code Title Description 2014-03-05 PB01 Publication 2014-03-05 PB01 Publication 2014-04-02 C10 Entry into substantive examination 2014-04-02 SE01 Entry into force of request for substantive examination 2016-03-30 C14 Grant of patent or utility model 2016-03-30 GR01 Patent grant 2024-11-22 CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160330

2024-11-22 CF01 Termination of patent right due to non-payment of annual fee

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4