CN110750388B - Backup analysis method, device, equipment and medium - Google Patents
Backup analysis method, device, equipment and medium Download PDFInfo
- Publication number
- CN110750388B CN110750388B CN201911047080.5A CN201911047080A CN110750388B CN 110750388 B CN110750388 B CN 110750388B CN 201911047080 A CN201911047080 A CN 201911047080A CN 110750388 B CN110750388 B CN 110750388B
- Authority
- CN
- China
- Prior art keywords
- file
- backup
- file name
- determining
- original
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/164—File meta data generation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Quality & Reliability (AREA)
- Human Computer Interaction (AREA)
- Library & Information Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a backup analysis method, a backup analysis device, backup analysis equipment and a backup analysis medium. Wherein the method comprises the following steps: splitting the backup log file according to the file according to byte information in the backup log file to obtain a file byte sequence; determining the original file name of the backup file according to the file byte sequence; and determining the backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name. According to the technical scheme provided by the embodiment, the user can quickly find the corresponding backup file according to the target original file name, so that the desired data information can be quickly acquired, and the use convenience of the user is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of data backup, in particular to a backup analysis method, a backup analysis device, a backup analysis equipment and a backup analysis medium.
Background
With the advent of the information society, smart phones have become essential tools in people's lives.
When a user uses a smart phone to backup application data in the mobile phone, the data of different applications can generate names of backup files according to certain algorithm rules, and at the moment, the user can find the backup data corresponding to specific applications directly, which is extremely difficult, and great difficulty is caused for the user to use the mobile phone.
Disclosure of Invention
The invention provides a backup analysis method, a backup analysis device and a backup analysis medium, which are convenient for a user to quickly search a backup file of a target application and are convenient for the user to use.
In a first aspect, an embodiment of the present invention provides a backup analysis method, where the method includes:
splitting the backup log file according to the file according to byte information in the backup log file to obtain a file byte sequence;
determining the original file name of the backup file according to the file byte sequence;
and determining the backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name.
In a second aspect, an embodiment of the present invention further provides a backup analysis device, where the device includes:
the splitting module is used for splitting the backup log file according to the byte information in the backup log file to obtain a file byte sequence;
the original file name determining module is used for determining the original file name of the backup file according to the file byte sequence;
and the backup file determining module is used for determining the backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name.
In a third aspect, an embodiment of the present invention further provides an apparatus, where the apparatus includes:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a backup resolution method as in any of the embodiments of the invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the backup resolution method according to any one of the embodiments of the present invention.
According to the method and the device, the backup log file is split according to the byte information of the backup file to obtain the file byte sequence, the original file name of the backup file is determined according to the file byte sequence, and the backup file related to the target original file name is further determined according to the target original file name and the association relation between the original file name and the backup file name, so that a user can quickly find the corresponding backup file according to the target original file name, the required data information is quickly obtained, and the use convenience of the user is improved.
Drawings
Fig. 1 is a flowchart of a backup parsing method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a backup log according to an embodiment of the present invention;
fig. 3 is a flowchart of a backup analysis method according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a backup analysis device according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus according to a fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a backup parsing method according to an embodiment of the present invention, where this embodiment is applicable to parsing a backup file, and typically, the method is applicable to parsing a backup file of an intelligent terminal, and the method may be executed by a backup parsing apparatus, and the apparatus may be implemented by software and/or hardware.
Referring to fig. 1, the method may specifically include the following steps:
step 110, splitting the backup log file according to the byte information in the backup log file to obtain a file byte sequence.
The backup log file is a file generated when the terminal data is backed up and stored, and records backup information of each backup file, such as creation time of the backup file, original file name of the backup file, size of the backup file, and the like.
Specifically, referring to fig. 2, the backup log file is composed of hexadecimal bytes.
Further, the backup log file is composed of a plurality of records, each record corresponds to a piece of backup file information, wherein the previous record and the next record are adjacent, and the data structure in the backup log file can be represented by the following formula:
XXX.log=Rec(1)+Rec(2)+...+Rec(n)
Rec(i)=rec(i,0)+rec(i,1)+...+rec(i,n)
Dat(i)=dat(i,0)+dat(i,1)+...+dat(i,n)
log represents backup log files, and Rec represents records corresponding to each backup file, namely a file byte sequence corresponding to the backup file. Each file byte sequence may include one or node rec, Dat is data information included in the node, and may include one or more pieces of data information.
Therefore, firstly, the backup log file is split according to the byte information in the backup log file, and a file byte sequence corresponding to each backup file pair is obtained.
Specifically, splitting the backup log file according to the byte information in the backup log file, including:
extracting offset byte information and flag bit byte information from the backup log file according to the offset position and the flag bit position;
determining the offset length between adjacent nodes according to the offset byte information;
determining the number of nodes of the file according to the flag bit byte information;
and splitting the backup log file according to the offset length and the number of the nodes.
The offset position is the 4 th bit and the 5 th bit of each node, and the flag position is the 6 th bit of each node. The byte information at the offset position is the offset length between different nodes, and the byte information at the flag bit position indicates the number of nodes contained in one file, and may be one or more. Illustratively, the first 20 bytes of each file byte sequence are extracted and labeled buf, as shown in the following table.
Taking the file byte sequence with sequence number 1 as an example, 4 bytes 0x 00-0 x03 are marked as random numbers and marked as random.
The 2 bytes 0x 04-0 x05 are length or offset length of the next node, and are marked as nextoff, and the calculation formula is as follows: nextoff ═ buf [5] × 0x100+ buf [4] ═ 0x07 × 0x100+0x37 ═ 0x 737.
Thus, the offset between the current node and the next node is 737 bytes. Further, the 1 byte at the position of 0x 06-0 x06 is a flag bit byte, which is marked as flg, and indicates whether the current file byte sequence is composed of a plurality of nodes, specifically, if the value of flg is 1 or 4, it indicates that the current file byte sequence is composed of one node; otherwise, the current file byte sequence is composed of a plurality of nodes, and the plurality of nodes need to be spliced to form byte information of the current file byte sequence.
Furthermore, when the backup log file is split, the backup log can be split by using the handle and the cache file to obtain a file byte sequence.
Illustratively, the backup log file is opened, recorded as handle ifp, and handle ifp is used to traverse the bytes in the backup log file; creating a file name mapping table 'file map.txt', recording a handle as rp, and storing a direct association relation between a backup file name and an original file name; newly building a cache file 'tmp.bin', recording a handle as fp, and temporarily storing the file byte sequence obtained by splitting; using ifp to read 4 bytes of the backup log file, and recording as random; ifp continuously reads 2 bytes of the backup log file, which is recorded as len; ifp reads 1 byte, noted as flg; ifp reads the len length content, which is marked as buf, writes the buf into fp, if flg is 4 or 1, it indicates that the current file byte sequence only contains one node, if the value of flg is other value, it indicates that the current file byte sequence contains multiple nodes, and repeats the step of reading by handle ifp until all nodes in the file byte sequence are read and stored in the cache file.
And step 120, determining the original file name of the backup file according to the file byte sequence.
The file byte sequence is a byte sequence corresponding to the backup file in the backup log file.
Specifically, determining the original file name of the backup file according to the file byte sequence includes:
determining the file name length of the original file name according to the file name length byte information in the file byte sequence;
and reading bytes after the bytes of the file name length according to the file name length to determine the original file name of the backup file.
The 21 st byte of the child node in the file byte sequence is file name length information, the bytes after the 21 st byte are read according to the file name length information, and the original file name of the backup file is determined according to the read bytes.
Referring to the above table, the byte at the position 0x 21-0 x21 represents key _ len, the content immediately after the byte is key _ buf, that is, the byte corresponding to the original file name, and the length of the byte is key _ len, and the file name of the original file can be determined according to the byte of the original file name and the byte corresponding to the original file name.
Illustratively, a file byte sequence stored in a cache file can be read by using a handle, and the cache file "tmp.bin" is opened, wherein the handle is fp; fp reads 4 bytes, and marks as index; fp reads 4 bytes, noted zero; fp reads 1 byte, and marks as sign; fp reads 4 bytes, denoted as one. The 13 bytes are some constant information contained in the byte sequence of the file. Further, fp reads 1 byte, noted as key _ len; fp reads key _ len bytes, and records as key _ buf; key _ len is the file name length corresponding to the original file name, and key _ buf is the corresponding original file name. And acquiring the original file name corresponding to the backup file according to the length byte position of the original file name in the file byte sequence by using the cached file handle.
Optionally, the method further includes: determining other information of the backup file according to byte information in the backup log file; the other information includes at least: at least one of creation time of the backup file, size of the backup file, and file name of the backup file.
Illustratively, after the original filename of the backup file is obtained, a key _ buf byte is followed by a val _ len byte, which indicates the byte length of other information of the backup file, and this byte is followed by a corresponding byte sequence of other information of the backup file. See in particular the following table:
wherein val _ len is a variable-length integer, and the specific calculation formula is as follows:
the information of val _ len is an unsigned integer array [ ], and the length is n (wherein the last element array [ n-1] <0x80), the calculation method is as follows
Val_len=
[(Array[0]&0x7F)]+
[(Array[1]&0x7F)<<7]+
...+
[(Array[n-1]&0x7F)<<(7*(n-1))]
Taking the file byte sequence with sequence number 3 as an example, array [ ] {0xA5,0xB3,0xB1,0x01 }.
val_len=[(Array[0]&0x7F)]+[(Array[1]&0x7F)<<7]+[(Array[2]&0x7F)<<14]+ [(Array[3]&0x7F)]<<21]
=[0xA5&0x7F]+[(0xB3&0x7F)<<7]+[(0xB1&0x7F)<<14]+[(0x01&0x7F)<<21]
=0x25+0x1980+0xC4000+0x200000
=0x2C59A5
Illustratively, 1 variable-length integer can be read by a handle fp, which is denoted as val _ len and used for storing information such as file size, creation time and the like of the backup file; the fp reads val _ len bytes, which are marked as val _ buf, and the content represented by the val _ buf bytes is information such as the size of the backup file, the creation time and the like.
Step 130, determining the backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name.
In this embodiment, the original file name and the backup file name are generated according to a certain algorithm rule, and there is a one-to-one correspondence relationship. Illustratively, the backup file name of the original file can be generated by using an encryption algorithm in an openssl encryption library. Typically, in some intelligent terminals, backup file names are named by hash values. According to the target original file name and the incidence relation between the original file name and the backup file name, the backup file correlated with the target original file can be determined, so that a user can quickly locate the backup file to be acquired.
Illustratively, after the value of val _ buf is obtained, whether the format of val _ buf is json is judged, if yes, the 'hash' and the 'filename' are read and written into rp, so that the association relationship between the original file name and the backup file name is established, and according to any target original file name, the corresponding backup file can be obtained according to the association relationship.
According to the technical scheme of the embodiment, the backup log file is split according to the byte information of the backup file to obtain the file byte sequence, the original file name of the backup file is determined according to the file byte sequence, and the backup file associated with the target original file name is further determined according to the target original file name and the association relation between the original file name and the backup file name, so that a user can quickly find the corresponding backup file according to the target original file name, and the use convenience of the user is improved.
Example two
Fig. 3 is a flowchart of analyzing a backup file according to a second embodiment of the present invention. This embodiment is based on the above embodiment, and further refines the step 130. Referring to fig. 3, the method may specifically include the following steps:
step 210, splitting the backup log file according to the byte information in the backup log file to obtain a file byte sequence.
Step 220, determining the original file name of the backup file according to the file byte sequence.
Step 230, determining the association relationship between the original file name and the backup file name according to the secure hash algorithm.
The secure hash algorithm is an encryption algorithm in an openssl encryption library. The backup file name is generated by adopting a secure hash algorithm, and the generated backup file name is a hash value.
The backup file names are named as follows: the Hash-sha 1 ("filename") allows the association between the original filename and the backup filename to be determined by the secure Hash algorithm.
And step 240, determining the backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name.
In this embodiment, the target original file name is data information that the user wants to acquire, and according to the association between the original file name and the backup file name, the backup file corresponding to the target original file name can be quickly determined, so that the corresponding target data information can be quickly acquired.
Taking the wexin as an example, by searching the "weixin", the backup file corresponding to the wexin can be directly obtained according to the hash value corresponding to the "weixin".
Further, if the data in the mobile terminal is not completely backed up, for example, abnormal conditions such as network disconnection and the like occur in the backup process, the user can directly obtain the corresponding backup file from the target original file name according to the secure hash algorithm.
Illustratively, the correspondence between some application data in the WeChat and the hash value of the backup file is as follows:
"710866aefb1ab6a663e776210b5387f4f5fd6e03"=sha1("weixin_apk");
"5a656b0891e6321126f9b7da9137994c72220ce7"=sha1("weixin_data");
"e3eb522b8fb35c53e8af6bdf264ae615c91fecfd"=sha1("weixin_disk");
"68aabfd4d8f2e1de2fa1dc8810448557a9958c4a"=sha1("weixin_disk_clone")。
the user can directly and quickly acquire the corresponding backup file according to the original file name of the data file to be acquired and the safe hash algorithm.
According to the technical scheme of the embodiment of the invention, the association relationship between the original file name and the backup file name is determined according to the secure hash algorithm, and the backup file associated with the target original file name is determined according to the target original file name and the association relationship between the original file name and the backup file name, so that a user can quickly acquire the backup file of the desired application data, and the use convenience of the user is improved.
Further, on the basis of the above embodiment, after determining the backup file associated with the target original file name, the method further includes:
if the backup file is detected to be encrypted, carrying out password verification on the backup file by using an encryption algorithm of a password, a fixed key and a password plaintext;
if the verification is passed, the content of the backup file is decrypted by using the encryption algorithm of the backup file to obtain the decrypted backup file.
Specifically, if the backup file is encrypted during the backup process, the backup file needs to be decrypted after the backup file is obtained according to the original file name, so as to obtain the content of the backup file.
For example, whether the current backup file is encrypted may be determined by reading an "encrypted" field message in the ". backup" file in the backup file, and if the value of the field is "true", it indicates that the backup file is the encrypted backup file.
And correspondingly acquiring a hash value after password backup from the original file name of the obtained backup file, recording the hash value as hash1, generating a cipher text of the password by using an encryption algorithm HmacSha256 of the password and combining a fixed key and a plain text of the password, recording the cipher text as hash2, comparing whether the hash1 and the hash2 are equal to each other to check the password, and if so, successfully checking the password.
And after the password is successfully verified, decoding the backup file by using an encryption algorithm aes-256-ctr of the backup file and the encryption dictionary to obtain the decrypted backup file. The technical method of the embodiment realizes the verification and decryption of the encrypted backup file, and can be used for evidence obtaining analysis and other ways in law enforcement and case handling.
EXAMPLE III
Fig. 4 is a diagram of a backup analysis apparatus according to an embodiment of the present invention, where the apparatus according to the embodiment of the present invention can execute a backup analysis method according to any embodiment of the present invention. Referring to fig. 4, a backup parsing apparatus according to an embodiment of the present invention may include a splitting module 310, an original file name determining module 320, and a backup file determining module 330.
The splitting module 310 is configured to split the backup log file according to the byte information in the backup log file, so as to obtain a file byte sequence.
And an original file name determining module 320, configured to determine an original file name of the backup file according to the file byte sequence.
The backup file determining module 330 is configured to determine a backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name.
Further, the splitting module 310 is specifically configured to: extracting offset byte information and flag bit byte information from the backup log file according to the offset position and the flag bit position;
determining the offset length between adjacent nodes according to the offset byte information;
determining the number of nodes of the file according to the flag bit byte information;
and splitting the backup log file according to the offset length and the number of the nodes.
Further, the original file name determining module 320 is specifically configured to:
determining the file name length of the original file name according to the file name length byte information in the file byte sequence;
and reading bytes after the bytes of the file name length according to the file name length to determine the original file name of the backup file.
Optionally, the apparatus further includes another information determining module, configured to determine another information of the backup file according to the byte information in the backup log file; the other information includes at least: at least one of creation time of the backup file, size of the backup file, and file name of the backup file.
Further, the backup file determining module 330 is specifically configured to: determining an association relation between the original file name and the backup file name according to a secure hash algorithm;
and determining the backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name.
The backup analysis device provided by the embodiment of the invention can execute the backup analysis method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example four
Fig. is a schematic structural diagram of an apparatus according to a fourth embodiment of the present invention. Fig. 5 illustrates a block diagram of an exemplary device 12 suitable for use in implementing embodiments of the present invention. The device 12 shown in fig. 5 is only an example and should not bring any limitations to the functionality and scope of use of the embodiments of the present invention.
As shown in FIG. 5, device 12 is in the form of a general purpose computing device. The components of device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
Device 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. Device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 5, and commonly referred to as a "hard drive"). Although not shown in FIG. 5, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
Device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with device 12, and/or with any devices (e.g., network card, modem, etc.) that enable device 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the device 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via the network adapter 20. As shown, the network adapter 20 communicates with the other modules of the device 12 via the bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with device 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and data processing, such as implementing the backup parsing method provided by the embodiments of the present invention, by running a program stored in the system memory 28.
EXAMPLE five
Fifth, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the backup resolution method according to any one of the embodiments of the present invention. The backup analysis method comprises the following steps:
splitting the backup log file according to the file according to byte information in the backup log file to obtain a file byte sequence;
determining the original file name of the backup file according to the file byte sequence;
and determining the backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (9)
1. A backup resolution method, the method comprising:
splitting the backup log file according to the file according to byte information in the backup log file to obtain a file byte sequence;
determining the original file name of the backup file according to the file byte sequence;
determining a backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name;
the splitting the backup log file according to the byte information in the backup log file to obtain a file byte sequence comprises the following steps:
extracting offset byte information and flag bit byte information from the backup log file according to the offset position and the flag bit position;
determining the offset length between adjacent nodes according to the offset byte information;
determining the number of nodes of the file according to the flag bit byte information;
and splitting the backup log file according to the offset length and the number of the nodes.
2. The method of claim 1, wherein determining the original filename of the backup file according to the file byte sequence comprises:
determining the file name length of the original file name according to the file name length byte information in the file byte sequence;
and reading bytes after the bytes of the file name length according to the file name length, and determining the original file name of the backup file.
3. The method of claim 1, further comprising:
determining other information of the backup file according to byte information in the backup log file; the other information at least includes: at least one of creation time of the backup file, size of the backup file, and file name of the backup file.
4. The method according to claim 1, wherein determining the backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name comprises:
determining an association relation between the original file name and the backup file name according to a secure hash algorithm;
and determining the backup file associated with the target original file name according to the target original file name and the association relationship between the original file name and the backup file name.
5. The method of claim 1, after determining the backup file associated with the target original file name, further comprising:
if the backup file is detected to be encrypted, carrying out password verification on the backup file by using an encryption algorithm of a password, a fixed key and a password plaintext;
if the verification is passed, the content of the backup file is decrypted by using the encryption algorithm of the backup file to obtain the decrypted backup file.
6. A backup resolution apparatus, the apparatus comprising:
the splitting module is used for splitting the backup log file according to the byte information in the backup log file to obtain a file byte sequence;
the original file name determining module is used for determining the original file name of the backup file according to the file byte sequence;
the backup file determining module is used for determining a backup file related to the target original file name according to the target original file name and the association relation between the original file name and the backup file name;
the splitting module is specifically configured to: extracting offset byte information and flag bit byte information from the backup log file according to the offset position and the flag bit position;
determining the offset length between adjacent nodes according to the offset byte information;
determining the number of nodes of the file according to the flag bit byte information;
and splitting the backup log file according to the offset length and the number of the nodes.
7. The apparatus of claim 6, wherein the original filename determination module is specifically configured to:
determining the file name length of the original file name according to the file name length byte information in the file byte sequence;
and reading bytes after the bytes of the file name length according to the file name length, and determining the original file name of the backup file.
8. A backup resolution device, the device comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the backup resolution method of any of claims 1-5.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the backup resolution method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911047080.5A CN110750388B (en) | 2019-10-30 | 2019-10-30 | Backup analysis method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911047080.5A CN110750388B (en) | 2019-10-30 | 2019-10-30 | Backup analysis method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110750388A CN110750388A (en) | 2020-02-04 |
| CN110750388B true CN110750388B (en) | 2022-06-17 |
Family
ID=69281310
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911047080.5A Active CN110750388B (en) | 2019-10-30 | 2019-10-30 | Backup analysis method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110750388B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111639055B (en) * | 2020-06-01 | 2023-10-17 | 上海艾拉比智能科技有限公司 | Differential packet calculation method, differential packet calculation device, differential packet calculation equipment and storage medium |
| CN114329366B (en) * | 2022-03-14 | 2022-07-26 | 天津联想协同科技有限公司 | Network disk file control method and device, network disk and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101535964A (en) * | 2005-07-14 | 2009-09-16 | 微软公司 | Ghosted file |
| CN102567325A (en) * | 2010-12-14 | 2012-07-11 | 无锡华润矽科微电子有限公司 | Method for analyzing file name of FAT(file allocation table)file system |
| CN104182294A (en) * | 2013-05-23 | 2014-12-03 | 华为技术有限公司 | Method and device for backing up and recovering file |
| CN104598817A (en) * | 2014-12-19 | 2015-05-06 | 北京奇虎科技有限公司 | Method, device and system for repairing file |
| CN104778097A (en) * | 2015-03-27 | 2015-07-15 | 新浪网技术(中国)有限公司 | Data recovery method and data recovery device |
| CN106844106A (en) * | 2017-02-06 | 2017-06-13 | 四川秘无痕信息安全技术有限责任公司 | A kind of method for parsing BlackBerry backup file |
| US10223206B1 (en) * | 2015-06-26 | 2019-03-05 | EMC IP Holding Company LLC | Method and system to detect and delete uncommitted save sets of a backup |
| CN109450777A (en) * | 2018-12-28 | 2019-03-08 | 苏州开心盒子软件有限公司 | Session information extracting method, device, equipment and medium |
-
2019
- 2019-10-30 CN CN201911047080.5A patent/CN110750388B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101535964A (en) * | 2005-07-14 | 2009-09-16 | 微软公司 | Ghosted file |
| CN102567325A (en) * | 2010-12-14 | 2012-07-11 | 无锡华润矽科微电子有限公司 | Method for analyzing file name of FAT(file allocation table)file system |
| CN104182294A (en) * | 2013-05-23 | 2014-12-03 | 华为技术有限公司 | Method and device for backing up and recovering file |
| CN104598817A (en) * | 2014-12-19 | 2015-05-06 | 北京奇虎科技有限公司 | Method, device and system for repairing file |
| CN104778097A (en) * | 2015-03-27 | 2015-07-15 | 新浪网技术(中国)有限公司 | Data recovery method and data recovery device |
| US10223206B1 (en) * | 2015-06-26 | 2019-03-05 | EMC IP Holding Company LLC | Method and system to detect and delete uncommitted save sets of a backup |
| CN106844106A (en) * | 2017-02-06 | 2017-06-13 | 四川秘无痕信息安全技术有限责任公司 | A kind of method for parsing BlackBerry backup file |
| CN109450777A (en) * | 2018-12-28 | 2019-03-08 | 苏州开心盒子软件有限公司 | Session information extracting method, device, equipment and medium |
Non-Patent Citations (1)
| Title |
|---|
| 基于Android平台的手机取证技术研究;赵晓雨;《中国优秀博硕士学位论文全文数据库(硕士)社会科学Ⅰ辑》;20170731;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110750388A (en) | 2020-02-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10922435B2 (en) | Image encryption method, image viewing method, system, and terminal | |
| CN108777685B (en) | Method and apparatus for processing information | |
| CN108921552B (en) | Evidence verification method and device | |
| CN110750388B (en) | Backup analysis method, device, equipment and medium | |
| US11989161B2 (en) | Generating readable, compressed event trace logs from raw event trace logs | |
| CN111291339A (en) | Processing method, device and equipment of block chain data and storage medium | |
| US11501016B1 (en) | Digital password protection | |
| WO2022174737A1 (en) | Method for running neural network model, and electronic device and storage medium | |
| CN109033456B (en) | Condition query method and device, electronic equipment and storage medium | |
| CN109325360B (en) | Information management method and device | |
| CN114615031A (en) | File storage method and device, electronic equipment and storage medium | |
| CN112436943B (en) | Request deduplication method, device, equipment and storage medium based on big data | |
| CN113946863A (en) | Data encryption storage method, system, equipment and storage medium | |
| CN110545542B (en) | Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment | |
| CN111090623B (en) | Data auditing method and device, electronic equipment and storage medium | |
| US9244918B2 (en) | Locating electronic documents | |
| US20190129907A1 (en) | Data transfer system, data transfer apparatus, data transfer method, and computer-readable recording medium | |
| WO2021012554A1 (en) | Method and apparatus for updating data field in block chain, medium, and electronic device | |
| US20170372079A1 (en) | Selective data encryption | |
| KR102368208B1 (en) | File leakage prevention based on security file system and commonly used file access interface | |
| CN112800006B (en) | Log storage method and device for network equipment | |
| CN116028917A (en) | Authority detection method and device, storage medium and electronic equipment | |
| CN114978646A (en) | Access authority determination method, device, equipment and storage medium | |
| CN115250467A (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN112464255A (en) | Data processing method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |