CN101482870A - Computer information retrieval system and method - Google Patents
Computer information retrieval system and method Download PDFInfo
- Publication number
- CN101482870A CN101482870A CNA2008101962323A CN200810196232A CN101482870A CN 101482870 A CN101482870 A CN 101482870A CN A2008101962323 A CNA2008101962323 A CN A2008101962323A CN 200810196232 A CN200810196232 A CN 200810196232A CN 101482870 A CN101482870 A CN 101482870A
- Authority
- CN
- China
- Prior art keywords
- retrieval
- module
- computer
- information
- search
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a computer information retrieval system which comprises an object computer, a system starting device, and a mobile storing device, wherein the mobile storing device is provided with configuration information of a retrieval object and is used for storing retrieval results; the system starting device is provided with a starting program and a retrieval program of the object computer and is used for starting the object computer and causing the object computer to operate the retrieval program. A computer information retrieval method comprises following steps: generating the configuration information of the retrieval object through configuration program on a working computer; writing the configuration information of the retrieval object into the mobile storing device; starting the object computer by using the system starting device which is provided with the retrieval program; leading the configuration information of the retrieval object into the retrieval program; processing object computer information retrieval; generating a retrieval report.
Description
Technical field
The present invention relates to a kind of method and system of electronic data processing, relate in particular to a kind of method and system that the data of computer storage is carried out retrieval process.
Background technology
Along with being the develop rapidly of the modern information technologies of representative with computing machine, network technology, it is more and more important for people's life, work to be stored in the computing machine various electronic data.People usually need to retrieve a large amount of electronic data; particularly in time collect, analyze, confirm, protect, extract, file all kinds of electronic data of computer system, become the emergency response of computer security incident, hit computer crime, hit and relate to the technical barrier that needs to be resolved hurrily most in the criminal activity of computing machine electronic evidence.
Existing computer forensics technical requirement is reached the spot through the technical professional, operation, inspection target computer system, the dismounting cabinet also takes out storage medium, utilize specialized equipment such as hard-disk duplicator to duplicate storage medium reaching the purpose of saving original evidence from damage, and then the storage medium that utilizes the evidence-obtaining system analysis computer system and duplicate.In the said process,, must reach the spot in order to obtain final forensics analysis conclusion, complicated dismounting, replication work for a long time, length consuming time and complexity.In addition, during the file system of the operating system that evidence-obtaining system is installed on loading storage medium, tend to initiatively write partial information, thereby cause the raw information on the storage medium to be destroyed.The offender that part is unique, even can utilize the leak of operating system inside, make operating system when loading, destroy responsive evidence.Adopt the direct storage medium of analyzing after duplicating of evidence-obtaining system,, can destroy the data after dump equally, thereby cause to analyze crucial raw data though can avoid storage medium itself to be destroyed.
In sum, there are following weak point in existing computer search, evidence-obtaining system: in order to obtain final forensics analysis conclusion, must reach the spot, complicated dismounting, replication work for a long time length consuming time and complexity, inefficiency; Evidence obtaining to the computing machine electronic evidence that relates to crime is very high to technician's requirement, need comprehensive computer software and hardware knowledge, with regard to the existing technology status of judicial personnel, be difficult to popularize computing machine electronic evidence forensic technologies, be unfavorable for that strike relates to the criminal activity of computing machine electronic evidence; No matter be to retrieve from object computer self os starting, still take out the object computer storage medium and duplicate the back retrieval, all might destroy responsive evidence, cause to analyze crucial raw data, have a strong impact on authenticity, legitimacy, relevance and proof that analysis obtains electronic evidence; Retrieval, evidence obtaining function weakness, kind are single, can only finish plain text key word, file name is the retrieval of target, lacks the function to multiple customizing messages retrieval such as picture, file content, telephone number, credit card number, addresses of items of mail, the network address, ID (identity number) card No..
Summary of the invention:
The objective of the invention is to overcome above-mentioned deficiency, a kind of method and system that the data of computer storage is carried out retrieval process is provided.
Technical scheme of the present invention is as follows: a kind of machine information retrieval system, comprise object computer, system starting device, flash memory device, and described flash memory device is loaded with the configuration information of searched targets and is used for search result storage; Described system starting device is loaded with described object computer start-up routine and search program, is used to start described object computer and makes described object computer operation search program.
Described search program is made of user monitoring interface module, retrieval scheduler module, communication module, management of process module, retrieval tasks distribution module, index generation module, search function module, retrieval service module.
When described user monitoring interface module is moved, show the information of current retrieval status, comprise case information, current retrieval progress, result for retrieval, Disk State; Be used for user's input control information and retrieval descriptor.
When described retrieval scheduler module is moved, read and analyze the searched targets configuration information, the index of the file to be retrieved of evaluating objects computer memory device, according to file index scheduling retrieval tasks to be retrieved, retrieval status information is sent to described user monitoring interface module, result for retrieval information is sent to daily record submodule in the described retrieval service module, to generate retrieve log.
When described communication module was moved, circulation sent control and data message between each module.
When described management of process module is moved, be responsible for starting and closing the operation of other each modules.
When described retrieval tasks allocation template is moved, according to the different search function resume module of retrieval tasks scheduling.
When described index generation module moves, generate the index of file to be retrieved on the object computer memory device according to the searched targets configuration information.
Described retrieval service module comprises compression service, mail service, log services, OFFICE document process, PDF document process submodule.
When described search function module is moved, have picture, literal, file content coupling search function.
Described system starting device starts the operating system that described object computer does not rely on described object computer self.
Described system starting device and described flash memory device are a device or independent device separately.
The configuration information of described searched targets writes described flash memory device by working computer.
Connection between described working computer and the described flash memory device occurs not accepting writing of searched targets configuration information when unusual.
Described object computer is the destroyed and computing machine that can't start of in-local system.
Described result for retrieval writes described flash memory device by described system starting device control.
Described search program is retrieved described object computer canned data according to the configuration information of described searched targets.
Described object computer starts by described system starting device, occurs when unusual, and described system starting device can stop starting automatically.
Connection between described object computer and the described flash memory device occurs when unusual, and described system starting device can be suspended retrieval.
A kind of computer information retrieval method may further comprise the steps: generate the searched targets configuration information by configurator on working computer; The searched targets configuration information is write flash memory device; Start object computer with the system starting device that is loaded with search program; The searched targets configuration information is imported search program; Carry out the object computer information retrieval; Generate search report.
Described search program is made of user monitoring interface module, retrieval scheduler module, communication module, management of process module, retrieval tasks distribution module, index generation module, search function module, retrieval service module.
When described user monitoring interface module is moved, show the information of current retrieval status, comprise case information, current retrieval progress, result for retrieval, Disk State; Be used for user's input control information and retrieval descriptor.
When described retrieval scheduler module is moved, read and analyze the searched targets configuration information, the index of the file to be retrieved of evaluating objects computer memory device, according to file index scheduling retrieval tasks to be retrieved, retrieval status information is sent to described user monitoring interface module, result for retrieval information is sent to daily record submodule in the described retrieval service module, to generate retrieve log.
When described communication module was moved, circulation sent control and data message between each module.
When described management of process module is moved, be responsible for starting and closing the operation of other each modules.
When described retrieval tasks distribution module is moved, according to the different search function resume module of retrieval tasks scheduling.
When described index generation module moves, generate the index of file to be retrieved on the object computer memory device according to the searched targets configuration information.
Described retrieval service module comprises compression service, mail service, log services, OFFICE document process, PDF document process submodule.
When described search function module is moved, have picture, literal, file content coupling search function.
When described user monitoring interface module is moved, comprise the steps: to wait for the arrival of news at object computer or by network display monitoring interface on other computing machines; Judge whether the message that receives is user input commands, if continue to judge that whether this message is for exiting command, if then withdraw from; If not, then this message is issued communication module, continue to wait for the arrival of news; If what receive is not user input commands, then continue to judge whether to be the retrieval end, if then finish; If not, then the information that receives is shown on the user interface, continues then to wait for the arrival of news.
When described retrieval scheduler module is moved, comprise the steps: from movable storage device, to obtain the searched targets configuration information, the searched targets configuration information is sent to communication module; The index data that reception sends over from communication module reads the fileinfo that needs retrieval from index data, analyze index data, judges whether index data analyzes end, if, then send end to the user interface monitoring module, finish then; If not, the condition according to retrieval sends to communication module to file to be retrieved; Receive result for retrieval information from communication module, and log information is sent to communication module, again daily record and other information are sent to the user interface monitoring module; Return again and from index data, read the fileinfo that needs retrieval.
When described communication module is moved, comprise the steps: to wait for and receive data; Judge whether these data are the order of withdrawing from communication module, if then withdraw from; If not, continue to judge whether these data are command messages, if, then this data forwarding is given the retrieval scheduler module, continue then to wait for to receive data; Whether if not, then detecting these data is the data that the retrieval scheduler module is sent, if, then be transmitted to the management of process module, continue to wait for the reception data then; If not, then judge the data whether these data are returned for the management of process module, if, then give the retrieval scheduler module data forwarding, continue then to wait for to receive data; If not, then write error daily record continues to wait for to receive data then.
When described management of process module is moved, comprise the steps: to start respectively user monitoring interface module, retrieval scheduler module, communication module, index generation module, retrieval service module, retrieval tasks distribution module; The data that beginning received communication module is sent; Judge whether these data are the order of withdrawing from the management of process module, if then withdraw from the management of process module; If not, judge further that then which kind of COS is these data be, if, then generate file index to be retrieved for index generates COS; If be the retrieval service type, then carry out specific retrieval service, as compression service, mail service, log services, OFFICE document process, PDF document process; If be the search function COS, searched targets data then are as literal, picture and file content; More than three kinds of service execution finish, the result is returned to communication module, and restarts the data that the received communication module is sent.
When described index generation module moves, comprise the steps: to obtain the searched targets configuration information, read the listed files information in the target storage device,, generate file index to be retrieved according to searched targets configuration information screening file from the management of process module; Judge whether to be provided with the path of first search, if, adjust file index to be retrieved, the file that is included in the preferred path is placed on the index front portion, preserve file index to be retrieved; If not, directly preserve file rope to be retrieved; The result is returned to the management of process module.
When described search function module is carried out picture retrieval, comprise the steps: to obtain the searched targets configuration information, judge whether to be fuzzy search from the management of process module, if, then use the picture fuzzy matching algorithm to calculate matching degree, then result for retrieval is returned the management of process module; If not, then use the accurate matching algorithm retrieval of picture, again result for retrieval is returned the management of process module.
Multiple picture format is supported in described fuzzy search, comprises GIF, JPEG, PNG, XPM, TGA, TIFF, BMP, SVG.
When described search function module is carried out the retrieval of file content coupling, comprise the steps: to obtain the searched targets configuration information, calculate the matching files size, judge whether verification succeeds for the first time from the management of process module, if not, then result for retrieval is returned the management of process module; If, then calculate matching files MD5 verification and, judge whether verification succeeds again, if not, then result for retrieval is returned the management of process module; If, then calculate matching files SHA256 verification and, judge whether verification succeeds for the third time, if not, then result for retrieval is returned the management of process module; If also result for retrieval is returned the management of process module.
When described search function module is carried out character search, comprise the steps: to obtain the searched targets configuration information, judge whether to be key search, if then search key hereof returns result for retrieval the management of process module again from the management of process module; If not, then utilize POSIX regular expression rule to retrieve, again result for retrieval is returned the management of process module.
The described POSIX of utilization regular expression rule is retrieved, and supports the search of specific format as e-mail address, credit card number.
Described object computer is the destroyed and computing machine that can't start of in-local system, and described system starting device starts the operating system that described object computer does not rely on described object computer self.
The present invention possesses non-destructive for the hard-disk content of object computer.
The present invention supports the search of office suite document, electrical form, mail, webpage, instant messaging record, text.
The present invention can searching deleted document, and can recover.
Support of the present invention is searched for fast according to prioritization.
The present invention supports to search for the pictorial information in the non-picture file.
The present invention supports to search for compressed file.
The present invention supports the compact disc image files search.
The present invention can support to search for the various codings of simplified form of Chinese Character and Chinese-traditional simultaneously, comprise GB2312, GBK, GB18030, BIG5, BIG5-HKSCS, UTF-16, UTF-8, no matter file content is with above which kind of coding, as long as the file of Chinese character all can be retrieved out in the coupling search key.
The present invention supports the search to thumbnail data in the windows system.
The beneficial effect that the present invention compared with prior art has is: in order to obtain final forensics analysis conclusion, do not have complicated dismounting, long replication work, realize search fast, on-the-spot evidence obtaining, weak point consuming time and process are simple, the efficient height helps the strike of computer crime; To the evidence obtaining of the computing machine electronic evidence that relates to crime to the technician require low, even do not need computer software and hardware knowledge, with regard to the existing technology status of judicial personnel, help popularizing computing machine electronic evidence forensic technologies, help strike and relate to the criminal activity of computing machine electronic evidence; Not from the os starting of object computer, search program is not installed at object computer, storage medium to object computer does not have any modification, can not destroy responsive evidence and cause to analyze crucial raw data, guarantee that analysis obtains the authenticity of electronic evidence, legitimacy, relevance and proof; It is powerful to retrieve, collect evidence, and has picture, literal, file content coupling search function, supports the search of office suite document, electrical form, mail, webpage, instant messaging record, text.Can searching deleted document, and can recover.Support is searched for fast according to prioritization.Support the pictorial information in the non-picture file of search.Support the search compressed file.The search of support compact disc image files.
Description of drawings:
Fig. 1 is a structural representation of the present invention;
Fig. 2 is the search program module map;
Fig. 3 is the search program process flow diagram;
Fig. 4 is a user monitoring module process flow diagram;
Fig. 5 is retrieval scheduler module process flow diagram;
Fig. 6 is the communication module process flow diagram;
Fig. 7 is a management of process module process flow diagram;
Fig. 8 is an index generation module process flow diagram;
Fig. 9 is a keyword search module process flow diagram;
Figure 10 is a picture searching module process flow diagram;
Figure 11 is the accurate retrieval module process flow diagram of file content.
Embodiment:
Below in conjunction with the drawings and specific embodiments the present invention is described in detail.
As shown in Figure 1, a kind of machine information retrieval system comprises object computer 101, system starting device 102, flash memory device 103, and flash memory device 103 is loaded with the configuration information of searched targets and is used for search result storage; System starting device 102 is loaded with start-up routine and search program, is used to start object computer 101 and makes object computer 101 operation search programs.
A kind of computer information retrieval method may further comprise the steps: generate the searched targets configuration information by configurator on working computer; The searched targets configuration information is write flash memory device 103; Start object computer with the system starting device 102 that is loaded with search program; The searched targets configuration information is imported search program; Carry out object computer 101 information retrieval; Generate search report.
As shown in Figure 2, search program is made of user monitoring interface module, retrieval scheduler module, communication module, management of process module, retrieval tasks distribution module, index generation module, search function module, retrieval service module.
As shown in Figure 3, search program is pressed following process flow operation: at step S301, flow process begins; At step S302, the start-up routine that using system starter gear 102 is loaded with starts object computer 101; At step S303, start the management of process module; At step S304, begin to retrieve the data that are stored in the object computer 101; At step S305, search complete, generates search report; At step S306, flow process finishes.
Specifically describe each functional module operational scheme of search program below.
As shown in Figure 4, during the operation of user monitoring interface module, comprise following flow process: at step S401, flow process begins; At step S402, at object computer or by network display monitoring interface on other computing machines; At step S403, wait for the arrival of news; At step S404, judge whether the message that receives is user input commands, as user's input control information, retrieval descriptor; If, enter step S406, if not, enter step S405.
At step S406, continue to judge that whether this message is for exiting command, if enter step S409, the flow process end; If not, enter step S408, then this message is issued communication module, further flow process as shown in Figure 6; Return step S403 then, continue to wait for the arrival of news.
At step S405, continue to judge whether to be the retrieval end, if, entering step S409, flow process finishes; If not, enter step S407, the information that receives is shown on the user interface, show the information of current retrieval status, comprise case information, current retrieval progress, result for retrieval, Disk State; Return step S403 then, continue to wait for the arrival of news.
As shown in Figure 5, during the operation of retrieval scheduler module, comprise following flow process: at step S501, flow process begins; At step S502, from movable storage device, obtain the searched targets configuration information; At step S503, the searched targets configuration information is sent to communication module, further flow process is as shown in Figure 6; At step S504, receive the index data that sends over from communication module; At step S505, from index data, read the fileinfo that needs retrieval; At step S506, analyze index data; In step 507, judge whether index data analyzes end, if, then enter step S509, if not, enter step S508.
At step S509, send end to the user interface monitoring module, further flow process, as shown in Figure 4; Enter step S513 then, flow process finishes.
At step S508, the condition according to retrieval sends to communication module to file to be retrieved, and further flow process as shown in Figure 6; At step S510, receive result for retrieval information from communication module; At step S511, log information is sent to communication module, further flow process, as shown in Figure 6; At step S512, again daily record and other information are sent to the user interface monitoring module, further flow process, as shown in Figure 4; Return step S505 then, continue from index data, to read the fileinfo that needs retrieval.
The retrieval scheduler module reads and analyzes the searched targets configuration information, the index of the file to be retrieved of evaluating objects computer memory device, according to file index scheduling retrieval tasks to be retrieved, retrieval status information is sent to described user monitoring interface module, result for retrieval information is sent to daily record submodule in the described retrieval service module, to generate retrieve log.
As shown in Figure 6, during the communication module operation, circulation sends control and data message between each module, and comprise following flow process: at step S601, flow process begins; At step S602, wait for and receive data; At step S603, judge whether these data are the order of withdrawing from communication module, if, then entering step S605, flow process finishes; If not, enter step S604.
At step S604, continue to judge whether these data are command messages, if, then enter step S606, if not, enter step S607.
At step S606, give the retrieval scheduler module with this data forwarding, further flow process, as shown in Figure 5; Return step S602 then, continue to wait for the reception data; At step S607, judge whether these data are the data that the retrieval scheduler module is sent, if, enter step S608, if not, enter step S609.
At step S608, give the management of process module with this data forwarding, further flow process, as shown in Figure 7; Return step S602 then, continue to wait for the reception data; At step S609, judge the data whether these data are returned for the management of process module, if, enter step S606, if not, enter step S610.
At step S606, give the retrieval scheduler module data forwarding, return step S602 then, continue to wait for the reception data; At step S610, step S602 is returned in then write error daily record then, continues to wait for the reception data.
As shown in Figure 7, during the operation of management of process module, be responsible for starting and closing the operation of other each modules, comprise following flow process: at step S701, flow process begins; At step S702, start the user monitoring interface module; At step S703, start the retrieval scheduler module; At step S704, start communication module; At step S705, start the index generation module; At step S706, start the retrieval service module; At step S707, start the retrieval tasks distribution module, according to the different search function resume module of retrieval tasks scheduling; At step S708, the data that beginning received communication module is sent; At step S710, judge whether these data are the order of withdrawing from the management of process module, if, entering step S709, flow process finishes; If not, enter step S711.
At step S711, judge which kind of COS is these data be, if, then enter step S712, generate file index to be retrieved for index generates COS; If be the retrieval service type, then enter step S713, carry out specific retrieval service, as compression service, mail service, log services, OFFICE document process, PDF document process; If be the search function COS, then enter step S714, the searched targets data, as literal, picture and file content, support the search of office suite document, electrical form, mail, webpage, instant messaging record, text, can searching deleted document, and can recover, support the pictorial information in the non-picture file of search, support is searched for fast according to prioritization, supports the pictorial information in the non-picture file of search, supports the search compressed file, the search to thumbnail data in the windows system is supported in the search of support compact disc image files; Above step S712, step S713, step S714 are finished, and enter step S715 separately, and execution result is returned to communication module, further flow process, as shown in Figure 6; Return step S708 then, restart the data that the received communication module is sent.
As shown in Figure 8, during the operation of index generation module, comprise following flow process: at step S801, flow process begins; At step S802, obtain the searched targets configuration information from the management of process module; At step S803, read the listed files information in the target storage device; At step S804,, generate file index to be retrieved according to searched targets configuration information screening file; At step S805, judge whether to be provided with the path of first search, if enter step S806; If not, enter step S807.
At step S806, adjust file index to be retrieved, the file that is included in the preferred path is placed on the index front portion; Enter step S807 then.
At step S807, preserve file index to be retrieved; At step S808, file index to be retrieved is returned to the management of process module, further flow process, as shown in Figure 7; At step S809, flow process finishes.
As shown in Figure 9, when the search function module is carried out character search, comprise following flow process: at step S901, flow process begins; At step S902, obtain the searched targets configuration information from the management of process module; Judge whether to be key search at step S903, if then enter step S904, hereof search key; If not, then enter, utilize POSIX regular expression rule to retrieve, support the search of specific format as e-mail address, credit card number at step S905; Above step S904, S905 are finished, and enter step S906 separately, and result for retrieval is returned the management of process module, further flow process, as shown in Figure 7; At step S907, flow process finishes.
As shown in figure 10, when the search function module is carried out picture retrieval, comprise following flow process: at step S1001, flow process begins; At step S1002, obtain the searched targets configuration information from the management of process module; At step S1003, judge whether to be fuzzy search, support multiple picture format, comprise GIF, JPEG, PNG, XPM, TGA, TIFF, BMP, SVG; If, then entering step S1005, the picture fuzzy matching algorithm that uses gqview, imgseek, instruments such as findimagedupes, gnuift to provide calculates matching degree; If not, then enter step S1004, use md5, sha256 verification and and key element such as file size carry out picture and accurately mate retrieval; Above step S1004, S1005 are finished, and enter step S1006 separately, and result for retrieval is returned the management of process module, further flow process, as shown in Figure 7; At step S1007, flow process finishes.
As shown in figure 11, when the search function module was carried out the retrieval of file content coupling, comprise following flow process: at step S1101, flow process began; At step S1102, obtain the searched targets configuration information from the management of process module; At step S1103, calculate the matching files size; At step S1104, judge whether verification succeeds, if not, then enter at step S1109; If enter step S1105.
At step S1105, calculate matching files MD5 verification and; At step S1106, judge whether verification succeeds, then enter if not at step S1109; If enter step S1107.
At step S1107; Calculate matching files SHA256 verification and; At step S1108, judge whether verification succeeds, if not, then enter at step S1109; If also enter step S1109.
At step S1109, result for retrieval is returned the management of process module, further flow process, as shown in Figure 7; At step S1110, flow process finishes.
In addition to the implementation, the present invention can also have other embodiments, and all employings are equal to the technical scheme of replacement or equivalent transformation formation, all drop within the protection domain of requirement of the present invention.
Claims (45)
1. a machine information retrieval system comprises object computer, system starting device, flash memory device, it is characterized in that described flash memory device is loaded with the configuration information of searched targets and is used for search result storage; Described system starting device is loaded with described object computer start-up routine and search program, is used to start described object computer and makes described object computer operation search program; Described search program is made of user monitoring interface module, retrieval scheduler module, communication module, management of process module, retrieval tasks distribution module, index generation module, search function module, retrieval service module.
2. a kind of machine information retrieval system according to claim 1 when it is characterized in that described user monitoring interface module is moved, shows the information of current retrieval status, comprises retrieval tasks information, current retrieval progress, result for retrieval, Disk State; Be used for user's input control information and retrieval tasks information.
3. a kind of machine information retrieval system according to claim 1, when it is characterized in that described retrieval scheduler module is moved, read and analyze the searched targets configuration information, the index of the file to be retrieved of evaluating objects computer memory device, according to file index scheduling retrieval tasks to be retrieved, retrieval status information is sent to described user monitoring interface module, result for retrieval information is sent to daily record submodule in the described retrieval service module, to generate retrieve log.
4. a kind of machine information retrieval system according to claim 1, when it is characterized in that described communication module is moved, circulation sends control and data message between each module.
5. a kind of machine information retrieval system according to claim 1 when it is characterized in that described management of process module is moved, is responsible for starting and closing the operation of other each modules.
6. a kind of machine information retrieval system according to claim 1 is when is characterized in that described retrieval tasks distribution module is moved, according to the different search function resume module of retrieval tasks scheduling.
7. a kind of machine information retrieval system according to claim 1 when it is characterized in that described index generation module moves, generates the index of file to be retrieved on the object computer memory device according to the searched targets configuration information.
8. a kind of machine information retrieval system according to claim 1 is characterized in that described retrieval service module comprises compression service, mail service, log services, OFFICE document process and PDF document process submodule.
9. a kind of machine information retrieval system according to claim 1 when it is characterized in that described search function module is moved, has picture, literal, file content coupling search function.
10. a kind of machine information retrieval system according to claim 1 is characterized in that described system starting device and described flash memory device are a device.
11. a kind of machine information retrieval system according to claim 1 is characterized in that described system starting device and described flash memory device are independent device separately.
12. a kind of machine information retrieval system according to claim 1 is characterized in that the configuration information of described searched targets writes described flash memory device by working computer.
13. a kind of machine information retrieval system according to claim 1 is characterized in that described system starting device starts the operating system that described object computer does not rely on described object computer self.
14. a kind of machine information retrieval system according to claim 1 is characterized in that described result for retrieval writes described flash memory device by described system starting device control.
15. a kind of machine information retrieval system according to claim 1 is characterized in that the configuration information of the described searched targets of described search program foundation is retrieved described object computer canned data.
16. a computer information retrieval method is characterized in that may further comprise the steps: on working computer, generate the searched targets configuration information by configurator; The searched targets configuration information is write flash memory device; Start object computer with the system starting device that is loaded with search program; The searched targets configuration information is imported search program; Carry out the object computer information retrieval; Generate search report.
17. a kind of computer information retrieval method according to claim 16 is characterized in that described search program is made of user monitoring interface module, retrieval scheduler module, communication module, management of process module, retrieval tasks distribution module, index generation module, search function module, retrieval service module.
18. a kind of computer information retrieval method according to claim 17 when it is characterized in that described user monitoring interface module is moved, shows the information of current retrieval status, comprises case information, current retrieval progress, result for retrieval, Disk State; Be used for user's input control information and retrieval descriptor.
19. a kind of computer information retrieval method according to claim 17, when it is characterized in that described retrieval scheduler module is moved, read and analyze the searched targets configuration information, the index of the file to be retrieved of evaluating objects computer memory device, according to file index scheduling retrieval tasks to be retrieved, retrieval status information is sent to described user monitoring interface module, result for retrieval information is sent to daily record submodule in the described retrieval service module, to generate retrieve log.
20. a kind of computer information retrieval method according to claim 17, when it is characterized in that described communication module is moved, circulation sends control and data message between each module.
21. a kind of computer information retrieval method according to claim 17 when it is characterized in that described management of process module is moved, is responsible for starting and closing the operation of other each modules.
22. a kind of computer information retrieval method according to claim 17 is when is characterized in that described retrieval tasks distribution module is moved, according to the different search function resume module of retrieval tasks scheduling.
23. a kind of computer information retrieval method according to claim 17 when it is characterized in that described index generation module moves, generates the index of file to be retrieved on the object computer memory device according to the searched targets configuration information.
24. a kind of computer information retrieval method according to claim 17 is characterized in that described retrieval service module comprises compression service, mail service, log services, OFFICE document process, PDF document process submodule.
25. a kind of computer information retrieval method according to claim 17 when it is characterized in that described search function module is moved, has picture, literal, file content coupling search function.
26. a kind of computer information retrieval method according to claim 17 when it is characterized in that described user monitoring interface module is moved, comprises the steps: to wait for the arrival of news at object computer or by network display monitoring interface on other computing machines; Judge whether the message that receives is user input commands, if continue to judge that whether this message is for exiting command, if then withdraw from; If not, then this message is issued communication module, continue to wait for the arrival of news; If what receive is not user input commands, then continue to judge whether to be the retrieval end, if then finish; If not, then the information that receives is shown on the user interface, continues then to wait for the arrival of news.
27. a kind of computer information retrieval method according to claim 17, when it is characterized in that described retrieval scheduler module is moved, comprise the steps: from movable storage device, to obtain the searched targets configuration information, the searched targets configuration information is sent to communication module; The index data that reception sends over from communication module reads the fileinfo that needs retrieval from index data, analyze index data, judges whether index data analyzes end, if, then send end to the user interface monitoring module, finish then; If not, the condition according to retrieval sends to communication module to file to be retrieved; Receive result for retrieval information from communication module, and log information is sent to communication module, again daily record and other information are sent to the user interface monitoring module; Return again and from index data, read the fileinfo that needs retrieval.
28. a kind of computer information retrieval method according to claim 17 when it is characterized in that described communication module is moved, comprises the steps: to wait for and receive data; Judge whether these data are the order of withdrawing from communication module, if then withdraw from; If not, continue to judge whether these data are command messages, if, then this data forwarding is given the retrieval scheduler module, continue then to wait for to receive data; Whether if not, then detecting these data is the data that the retrieval scheduler module is sent, if, then be transmitted to the management of process module, continue to wait for the reception data then; If not, then judge the data whether these data are returned for the management of process module, if, then give the retrieval scheduler module data forwarding, continue then to wait for to receive data; If not, then write error daily record continues to wait for to receive data then.
29. a kind of computer information retrieval method according to claim 17, when it is characterized in that described management of process module is moved, comprise the steps: to start respectively user monitoring interface module program, retrieval scheduler module program, communication module program, index generation module program, retrieval service modular program, retrieval tasks distribution module program; The data that beginning received communication module is sent; Judge whether these data are the order of withdrawing from the management of process module, if then withdraw from the management of process module; If not, judge further that then which kind of COS is these data be, if, then generate file index to be retrieved for index generates COS; If be the retrieval service type, then carry out specific retrieval service, as compression service, mail service, log services, OFFICE document process, PDF document process; If be the search function COS, searched targets data then are as literal, picture and file content; More than three kinds of service execution finish, the result is returned to communication module, and restarts the data that the received communication module is sent.
30. a kind of computer information retrieval method according to claim 17, when it is characterized in that described index generation module moves, comprise the steps: to obtain the searched targets configuration information from the management of process module, read the listed files information in the target storage device, according to searched targets configuration information screening file, generate file index to be retrieved; Judge whether to be provided with the path of first search, if, adjust file index to be retrieved, the file that is included in the preferred path is placed on the index front portion, preserve file index to be retrieved; If not, directly preserve file rope to be retrieved; The result is returned to the management of process module.
31. a kind of computer information retrieval method according to claim 17, when it is characterized in that described search function module is carried out picture retrieval, comprise the steps: to obtain the searched targets configuration information from the management of process module, judge whether to be fuzzy search, if, then use the picture fuzzy matching algorithm to calculate matching degree, then result for retrieval is returned the management of process module; If not, then use the accurate matching algorithm retrieval of picture, again result for retrieval is returned the management of process module.
32. a kind of computer information retrieval method according to claim 31 is characterized in that described fuzzy search supports multiple picture format, comprises GIF, JPEG, PNG, XPM, TGA, TIFF, BMP, SVG.
33. a kind of computer information retrieval method according to claim 17, when it is characterized in that described search function module is carried out the retrieval of file content coupling, comprise the steps: to obtain the searched targets configuration information from the management of process module, calculating matching files size, judge whether for the first time verification succeeds, if not, then result for retrieval is returned the management of process module; If, then calculate matching files MD5 verification and, judge whether verification succeeds again, if not, then result for retrieval is returned the management of process module; If, then calculate matching files SHA256 verification and, judge whether verification succeeds for the third time, if not, then result for retrieval is returned the management of process module; If also result for retrieval is returned the management of process module.
34. a kind of computer information retrieval method according to claim 17, when it is characterized in that described search function module is carried out character search, comprise the steps: to obtain the searched targets configuration information from the management of process module, judge whether to be key search, if, then search key hereof returns result for retrieval the management of process module again; If not, then utilize POSIX regular expression rule to retrieve, again result for retrieval is returned the management of process module.
35. a kind of computer information retrieval method according to claim 34 is characterized in that the described POSIX of utilization regular expression rule retrieves, and supports the search of specific format as e-mail address, credit card number.
36. a kind of computer information retrieval method according to claim 16 is characterized in that described system starting device starts the operating system that described object computer does not rely on described object computer self.
37. a kind of computer information retrieval method according to claim 16 is characterized in that possessing non-destructive for the hard-disk content of object computer.
38. a kind of computer information retrieval method according to claim 16 is characterized in that supporting the search of office suite document, electrical form, mail, webpage, instant messaging record, text.
39. a kind of computer information retrieval method according to claim 16, it is characterized in that can searching deleted document, and can recover.
40. a kind of computer information retrieval method according to claim 16 is characterized in that supporting to search for fast according to prioritization.
41. a kind of computer information retrieval method according to claim 16 is characterized in that supporting to search for the pictorial information in the non-picture file.
42. a kind of computer information retrieval method according to claim 16 is characterized in that supporting the search compressed file.
43. a kind of computer information retrieval method according to claim 16 is characterized in that supporting the compact disc image files search.
44. a kind of computer information retrieval method according to claim 16, it is characterized in that to support simultaneously to search for the various codings of simplified form of Chinese Character and Chinese-traditional, comprise GB2312, GBK, GB18030, BIG5, BIG5-HKSCS, UTF-16, UTF-8, no matter file content is with above which kind of coding, as long as the file of Chinese character all can be retrieved out in the coupling search key.
45. a kind of computer information retrieval method according to claim 16 is characterized in that supporting the search to thumbnail data in the windows system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101962323A CN101482870A (en) | 2008-08-29 | 2008-08-29 | Computer information retrieval system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101962323A CN101482870A (en) | 2008-08-29 | 2008-08-29 | Computer information retrieval system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101482870A true CN101482870A (en) | 2009-07-15 |
Family
ID=40879984
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008101962323A Pending CN101482870A (en) | 2008-08-29 | 2008-08-29 | Computer information retrieval system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101482870A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106446235A (en) * | 2016-10-10 | 2017-02-22 | Tcl集团股份有限公司 | Video searching method and device |
| CN109977279A (en) * | 2019-03-15 | 2019-07-05 | 天津字节跳动科技有限公司 | Online document method and device is searched in external member |
-
2008
- 2008-08-29 CN CNA2008101962323A patent/CN101482870A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106446235A (en) * | 2016-10-10 | 2017-02-22 | Tcl集团股份有限公司 | Video searching method and device |
| CN109977279A (en) * | 2019-03-15 | 2019-07-05 | 天津字节跳动科技有限公司 | Online document method and device is searched in external member |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100592284C (en) | Information retrieving and displaying method and computer-readable medium | |
| CN104158945A (en) | Conversation information obtaining method, device and system | |
| CN103917960A (en) | Storage apparatus and duplicate data detection method | |
| CN110569214A (en) | Index construction method and device for log file and electronic equipment | |
| CN103366247A (en) | Standard effectiveness judging system and method | |
| CN101547289B (en) | Image log management device and image log management method | |
| CN112860642A (en) | Court trial data processing method, server and terminal | |
| JP2011204005A (en) | Information processing device, printer and information processing program | |
| CN101211361A (en) | Information processing apparatus, information processing system, and information processing method | |
| CN114491518A (en) | Unauthorized access detection method, device, system and medium | |
| CN103503388B (en) | A kind of distributed queue's message read method and equipment, system | |
| CN101482870A (en) | Computer information retrieval system and method | |
| CN101482872A (en) | Computer information retrieval system and method based on network | |
| CN113495874A (en) | Information processing apparatus and computer readable medium | |
| CN101482871A (en) | Computer information retrieval system and method | |
| CN101520789A (en) | System and method for computer information retrieval | |
| CN109067587B (en) | Method and device for determining key information infrastructure | |
| CN101520790A (en) | System and method for a computer information retrieval based on network | |
| CN104240107A (en) | Community data screening system and method thereof | |
| CN101526943A (en) | Computer information retrieval system and method based on network | |
| CN103309993A (en) | Keyword extraction method and device | |
| CN110187385B (en) | Seismic data acquisition method, seismic data processing method and device | |
| CN114911751A (en) | Method, device and equipment for building coal preparation plant management platform and readable storage medium | |
| JP2004295836A (en) | Document management method | |
| CN108075932B (en) | Data monitoring method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20090715 |