CN111858479A - Portable software sample acquisition method based on target equipment - Google Patents
Portable software sample acquisition method based on target equipment Download PDFInfo
- Publication number
- CN111858479A CN111858479A CN202010741698.8A CN202010741698A CN111858479A CN 111858479 A CN111858479 A CN 111858479A CN 202010741698 A CN202010741698 A CN 202010741698A CN 111858479 A CN111858479 A CN 111858479A
- Authority
- CN
- China
- Prior art keywords
- target equipment
- search engine
- file
- software sample
- special search
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- KKIMDKMETPPURN-UHFFFAOYSA-N 1-(3-(trifluoromethyl)phenyl)piperazine Chemical compound FC(F)(F)C1=CC=CC(N2CCNCC2)=C1 KKIMDKMETPPURN-UHFFFAOYSA-N 0.000 claims description 18
- 238000005192 partition Methods 0.000 claims description 16
- 230000004048 modification Effects 0.000 claims description 13
- 238000012986 modification Methods 0.000 claims description 13
- 101100226364 Arabidopsis thaliana EXT1 gene Proteins 0.000 claims description 6
- 101100226366 Arabidopsis thaliana EXT3 gene Proteins 0.000 claims description 6
- 102100029074 Exostosin-2 Human genes 0.000 claims description 6
- 101000918275 Homo sapiens Exostosin-2 Proteins 0.000 claims description 6
- 208000034420 multiple type III exostoses Diseases 0.000 claims description 6
- 230000007547 defect Effects 0.000 abstract description 4
- 238000001514 detection method Methods 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/13—File access structures, e.g. distributed indices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1847—File system types specifically adapted to static storage, e.g. adapted to flash memory or SSD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a portable software sample acquisition method based on target equipment, which comprises the following steps of firstly, appointing an acquisition type in advance; then, accessing the target equipment; then, starting a special search engine, establishing an index for the file on the target equipment, and searching the file with the specified attribute; thirdly, judging whether a sample with the pre-specified attribute is retrieved, if so, reading and copying the software sample with the pre-specified attribute to the electronic storage equipment by the special search engine; otherwise, quitting the access target equipment. The process makes up the defects of the traditional internet software sample collection method, can collect samples aiming at target equipment and a mobile storage medium, and has the advantages of simple and portable method, customizable collection objects, flexible collection means and the like.
Description
Technical Field
The invention mainly relates to the technical field of computer software, in particular to a portable software sample acquisition method based on target equipment.
Background
A massive software sample library is the basis for realizing homology analysis such as software piracy detection, malicious software detection, vulnerability detection and the like (software homology analysis can be understood that whether different software codes are from the same software code or written by the same author or team or not and whether the different software codes have internal relevance and similarity or not), while the existing software sample collection method mainly collects open source software projects, open software, malicious software, vulnerabilities and other open software information from the Internet, and has few practice on software sample collection of specific equipment (such as network equipment such as routers, switches and the like, special purpose computers, servers running an Ftp/tftp protocol, SD cards, hard disks and other storage equipment) and easily causes sample omission, so that sample collection is incomplete, and the accuracy and the comprehensiveness of the homology analysis such as the malicious software detection and the like are influenced.
Disclosure of Invention
In view of this, the present invention provides a portable software sample collection method based on target equipment, which can overcome the missing defect of software sample collection in the prior art, and enhance the flexibility and the purposiveness of collection.
The invention relates to a portable software sample acquisition method based on target equipment, which comprises the following steps:
s1, pre-designating an acquisition type;
s2, accessing target equipment;
s3, starting a special search engine, establishing an index for the file on the target equipment, and searching the file with the specified attribute;
s4, judging whether a sample with pre-specified attributes is searched, if so, entering the step S5, otherwise, entering the step S6;
s5, reading and copying the software sample with the pre-specified attributes to the electronic storage device by the special search engine;
and S6, quitting the access target equipment.
Further, the acquisition types in step S1 include the following four types: the method comprises the following steps of accessing a target device by using a USB flash disk, accessing the target device running a TFTP protocol by using a network, accessing the target device running an FTP protocol by using the network and accessing the target device by using a card reader.
Further, if a mode of accessing a target device by using a usb disk is used, the software sample portable collection method is specifically decomposed into the following processes:
s1', configuring parameters of a special search engine deployed on the USB flash disk, and setting the types of software samples for data acquisition, file sizes and file modification time attributes, wherein the types comprise exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s2', accessing the target equipment by using a U disk;
s3', the U disk automatically starts a special search engine, the special search engine rapidly scans the files on the hard disk of the target equipment and establishes an index, and the files with the designated attributes are searched;
s4 ', judging whether the software sample data with the specified attribute is stored, if yes, executing S5 ', otherwise, executing the step S6 ';
s5', after the scanning is finished, the special search engine automatically copies the software sample with the pre-designated attribute on the hard disk of the target equipment found by the scanning to the U disk;
s6', quit connecting the target equipment.
Further, if the mode of running TFTP protocol target equipment by using network access is used, the software sample
The portable acquisition method is specifically decomposed into the following processes:
s1', using network to access the notebook computer to the target equipment running TFTP protocol;
s2', configuring parameters of a special search engine deployed on a notebook computer, and setting the software sample type, the file size and the file modification time attribute of data acquisition, wherein the types comprise exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s3', starting a special search engine in a manual mode, rapidly scanning files on a target equipment file server running a TFTP protocol by the special search engine, establishing indexes, and searching files with specified attributes;
s4 ', judging whether the software sample data with the specified attribute is stored, if yes, executing the step S5 ', otherwise, executing the step S6 ';
s5', after the scanning is finished, the special search engine automatically copies the software sample with the pre-assigned attribute on the hard disk of the target equipment which is found by scanning and runs the TFTP protocol to the notebook computer;
s6', quitting connecting the target equipment running the TFTP protocol.
Further, if a network is used to access a target device running the FTP protocol, the software sample portable collection method is specifically decomposed into the following processes:
s1' ″, the notebook computer is accessed to the target equipment running the FTP protocol by using the network;
s2' ″, configuring parameters of a special search engine deployed on a notebook computer, and setting the software sample type, the file size and the file modification time attribute of data acquisition, wherein the type comprises exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s3' ″, starting a special search engine in a manual mode, rapidly scanning files on a target equipment file server running the FTP protocol by the special search engine, establishing an index, and searching files with specified attributes;
s4 ' ″, judging whether the software sample data of the designated attribute is stored, if yes, executing the step S5 ' ″, otherwise, executing the step S6 ';
s5' ″, after the scanning is finished, the special search engine automatically copies the software sample with the pre-designated attribute on the hard disk of the target equipment which runs the FTP protocol and is found by the scanning to the notebook computer;
and S6', quitting connecting the target equipment running the FTP protocol.
Further, if a card reader is used to access the target equipment, the portable software sample collection method is specifically decomposed into the following processes:
s1', connecting the card reader of the notebook computer with the SD card and the hard disk type target equipment;
s2', configuring parameters of a special search engine deployed on a notebook computer, and setting the software sample type, the file size and the file modification time attribute of data acquisition, wherein the type comprises exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s3', starting a special search engine in a manual mode, rapidly scanning files on an SD card and hard disk type target equipment by the special search engine, establishing an index, and searching files with specified attributes;
s4 ', judging whether the software sample data with the designated attribute is stored, if yes, executing S5 ', otherwise, executing the step S6 ';
s5', after the scanning is finished, the special search engine automatically copies the software sample with the pre-designated attribute on the SD card and the hard disk type target equipment discovered by the scanning to the notebook computer;
s6', quits the connection target equipment.
Furthermore, the special search engine adopts an efficient indexing algorithm to index and search the files.
Further, the specific process of the efficient indexing algorithm for file indexing and searching is as follows:
step one, reading a partition boot sector to judge the partition format, if the partition boot sector contains an NTFS identifier, judging the partition boot sector to be in the NTFS format, and continuing to execute the step two; if the structure type of EXT4_ super _ block is contained, judging the structure type to be in an EXT4 format, and continuing to execute the step III; if the file system Magic Number identifier is contained and the identifier is equal to 0XEF53, judging that the format is EXT2 or EXT3, and continuing to execute the step three; if not, turning to the fourth step;
reading a Main File Table (MFT) of the NTFS partition, acquiring a file list, creating an index, and turning to the fourth step;
reading the inode Table of the file node partitioned by EXT4 or EXT3 or EXT2, acquiring a directory and a file list, and creating an index;
and step four, completing the index creation.
The invention provides a portable software sample acquisition method, which comprises the following steps of firstly, appointing an acquisition type in advance; then, accessing the target equipment; then, starting a special search engine, establishing an index for the file on the target equipment, and searching the file with the specified attribute; thirdly, judging whether a sample with the pre-specified attribute is retrieved, if so, reading and copying the software sample with the pre-specified attribute to the electronic storage equipment by the special search engine; otherwise, quitting the access target equipment. The process makes up the defects of the traditional internet software sample collection method, can collect samples aiming at target equipment and mobile storage media (such as SD cards and hard disks), and has the advantages of simple and portable method, customizable collection objects, flexible collection means and the like.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow chart of a software sample portable acquisition method based on target equipment according to the present invention;
FIG. 2 is a flow chart of a software sample portable acquisition method according to an embodiment of the invention;
FIG. 3 is a flow chart of a software sample portable acquisition method according to another embodiment of the invention;
FIG. 4 is a flow chart of a software sample portable acquisition method according to yet another embodiment of the present invention;
fig. 5 is a flow chart of a software sample portable acquisition method according to yet another embodiment of the invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 is a flow chart of a portable acquisition method of a software sample based on target equipment, referring to fig. 1, the acquisition method comprises the following steps:
s1, pre-designating an acquisition type;
s2, accessing target equipment;
s3, starting a special search engine, establishing an index for the file on the target equipment, and searching the file with the specified attribute;
s4, judging whether a sample with pre-specified attributes is searched, if so, entering the step S5, otherwise, entering the step S6;
s5, reading and copying a software sample with a pre-specified attribute to an electronic storage device by the dedicated search engine, wherein the electronic storage device may be a usb disk or a notebook computer, and is specifically configured as required;
and S6, quitting the access target equipment.
Specifically, the acquisition target range in the invention can be selected as required, and the acquisition target range comprises the following four acquisition modes:
1) a mode of accessing the target equipment by using the USB flash disk;
2) a mode of accessing a target device running a TFTP protocol by using a network;
3) a mode of accessing a target device running the FTP protocol by using a network;
4) the manner in which the card reader is used to access the target equipment.
Fig. 2 is a flowchart of a portable software sample collection method according to an embodiment of the present invention, in which a usb disk is used to access a target device for portable software sample collection, which includes the following steps:
s1', configuring parameters of a special search engine deployed on the USB flash disk, and setting the types of software samples for data acquisition, file sizes and file modification time attributes, wherein the types comprise exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s2', accessing the target equipment by using a U disk;
s3', the U disk automatically starts a special search engine, the special search engine rapidly scans the files on the hard disk of the target equipment and establishes an index, and the files with the designated attributes are searched;
s4 ', judging whether the software sample data with the specified attribute is stored, if yes, executing S5 ', otherwise, executing the step S6 ';
s5', after the scanning is finished, the special search engine automatically copies the software sample with the pre-designated attribute on the hard disk of the target equipment found by the scanning to the U disk;
s6', quit connecting the target equipment.
As another embodiment, as shown in fig. 3, in this embodiment, the portable collection of the software sample is performed by accessing the target equipment running the TFTP protocol through the network, which is specifically divided into the following processes:
s1', using network to access the notebook computer to the target equipment running TFTP protocol;
s2', configuring parameters of a special search engine deployed on a notebook computer, and setting the software sample type, the file size and the file modification time attribute of data acquisition, wherein the types comprise exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s3', starting a special search engine in a manual mode, rapidly scanning files on a target equipment file server running a TFTP protocol by the special search engine, establishing indexes, and searching files with specified attributes;
s4 ', judging whether the software sample data with the specified attribute is stored, if yes, executing the step S5 ', otherwise, executing the step S6 ';
s5' ″, after the scanning, the special search engine automatically copies the software sample with the pre-assigned attribute on the hard disk of the target equipment which runs the TFTP protocol and is found by the scanning to the notebook computer;
s6', quitting connecting the target equipment running the TFTP protocol.
Meanwhile, fig. 4 is a flowchart of a portable software sample collection method according to still another embodiment of the present invention, in which a network is used to access a target device running the FTP protocol for sampling a portable software sample, the portable software sample collection method is specifically decomposed into the following processes:
s1' ″, the notebook computer is accessed to the target equipment running the FTP protocol by using the network;
s2' ″, configuring parameters of a special search engine deployed on a notebook computer, and setting the software sample type, the file size and the file modification time attribute of data acquisition, wherein the type comprises exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s3' ″, starting a special search engine in a manual mode, rapidly scanning files on a target equipment file server running the FTP protocol by the special search engine, establishing an index, and searching files with specified attributes;
s4 ' ″, judging whether the software sample data of the designated attribute is stored, if yes, executing the step S5 ' ″, otherwise, executing the step S6 ';
s5' ″, after the scanning is finished, the special search engine automatically copies the software sample with the pre-designated attribute on the hard disk of the target equipment which runs the FTP protocol and is found by the scanning to the notebook computer;
and S6', quitting connecting the target equipment running the FTP protocol.
In addition, as another embodiment of the present invention, as shown in fig. 5, in this embodiment, a way that a card reader accesses a target device is used to perform software portable sample sampling, and then the software portable sample collecting method is specifically decomposed into the following processes:
s1', connecting the card reader of the notebook computer with the SD card and the hard disk type target equipment;
s2', configuring parameters of a special search engine deployed on a notebook computer, and setting the software sample type, the file size and the file modification time attribute of data acquisition, wherein the type comprises exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s3', starting a special search engine in a manual mode, rapidly scanning files on an SD card and hard disk type target equipment by the special search engine, establishing an index, and searching files with specified attributes;
s4 ', judging whether the software sample data with the designated attribute is stored, if yes, executing S5 ', otherwise, executing the step S6 ';
s5', after the scanning is finished, the special search engine automatically copies the software sample with the pre-designated attribute on the SD card and the hard disk type target equipment discovered by the scanning to the notebook computer;
s6', quits the connection target equipment.
S6', quits the connection target equipment.
In a further technical solution, the dedicated search engine deployed in each of the above embodiments performs file indexing and searching by using an efficient indexing algorithm, and the implementation steps thereof are as follows:
step one, reading a partition boot sector to judge the partition format, if the partition boot sector contains an NTFS identifier, judging the partition boot sector to be in the NTFS format, and continuing to execute the step two; if the structure type of EXT4_ super _ block is contained, judging the structure type to be in an EXT4 format, and continuing to execute the step III; if the file system Magic Number identifier is contained and the identifier is equal to 0XEF53, judging that the format is EXT2 or EXT3, and continuing to execute the step three; if not, turning to the fourth step;
reading a Main File Table (MFT) (Master File Table) of the NTFS partition, acquiring a File list, creating an index, and turning to the fourth step;
reading the inode Table of the file node partitioned by EXT4 or EXT3 or EXT2, acquiring a directory and a file list, and creating an index;
and step four, completing the index creation.
In a word, the method makes up the defects of the traditional internet software sample collection method, carries out sample collection aiming at target equipment and mobile storage media (such as SD cards and hard disks), and has the advantages of simple and portable method, customizable collection objects, flexible collection means and the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (8)
1. A portable software sample acquisition method based on target equipment is characterized by comprising the following steps:
s1, pre-designating an acquisition type;
s2, accessing target equipment;
s3, starting a special search engine, establishing an index for the file on the target equipment, and searching the file with the specified attribute;
s4, judging whether a sample with pre-specified attributes is searched, if so, entering the step S5, otherwise, entering the step S6;
s5, reading and copying the software sample with the pre-specified attributes to the electronic storage device by the special search engine;
and S6, quitting the access target equipment.
2. The portable target equipment-based software sample collection method as claimed in claim 1, wherein the collection types in step S1 include four types as follows: the method comprises the following steps of accessing a target device by using a USB flash disk, accessing the target device running a TFTP protocol by using a network, accessing the target device running an FTP protocol by using the network and accessing the target device by using a card reader.
3. The portable target equipment-based software sample collection method according to claim 2, wherein if a usb disk is used to access the target equipment, the portable target equipment sample collection method is specifically decomposed into the following procedures:
s1', configuring parameters of a special search engine deployed on the USB flash disk, and setting the types of software samples for data acquisition, file sizes and file modification time attributes, wherein the types comprise exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s2', accessing the target equipment by using a U disk;
s3', the U disk automatically starts a special search engine, the special search engine rapidly scans the files on the hard disk of the target equipment and establishes an index, and the files with the designated attributes are searched;
s4 ', judging whether the software sample data with the specified attribute is stored, if yes, executing S5 ', otherwise, executing the step S6 ';
s5', after the scanning is finished, the special search engine automatically copies the software sample with the pre-designated attribute on the hard disk of the target equipment found by the scanning to the U disk;
s6', quit connecting the target equipment.
4. The portable target equipment-based software sample collection method according to claim 2, wherein if a target equipment running TFTP protocol is accessed by using a network, the portable target equipment sample collection method is specifically decomposed into the following procedures:
s1', using network to access the notebook computer to the target equipment running TFTP protocol;
s2', configuring parameters of a special search engine deployed on a notebook computer, and setting the software sample type, the file size and the file modification time attribute of data acquisition, wherein the types comprise exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s3', starting a special search engine in a manual mode, rapidly scanning files on a target equipment file server running a TFTP protocol by the special search engine, establishing indexes, and searching files with specified attributes;
s4 ', judging whether the software sample data with the specified attribute is stored, if yes, executing the step S5 ', otherwise, executing the step S6 ';
s5', after the scanning is finished, the special search engine automatically copies the software sample with the pre-assigned attribute on the hard disk of the target equipment which is found by scanning and runs the TFTP protocol to the notebook computer;
s6', quitting connecting the target equipment running the TFTP protocol.
5. The portable target equipment-based software sample collection method according to claim 2, wherein if a target equipment running FTP protocol is accessed through a network, the method is specifically decomposed into the following procedures:
s1' ″, the notebook computer is accessed to the target equipment running the FTP protocol by using the network;
s2' ″, configuring parameters of a special search engine deployed on a notebook computer, and setting the software sample type, the file size and the file modification time attribute of data acquisition, wherein the type comprises exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s3' ″, starting a special search engine in a manual mode, rapidly scanning files on a target equipment file server running the FTP protocol by the special search engine, establishing an index, and searching files with specified attributes;
s4 ' ″, judging whether the software sample data of the designated attribute is stored, if yes, executing the step S5 ' ″, otherwise, executing the step S6 ';
s5' ″, after the scanning is finished, the special search engine automatically copies the software sample with the pre-designated attribute on the hard disk of the target equipment which runs the FTP protocol and is found by the scanning to the notebook computer;
and S6', quitting connecting the target equipment running the FTP protocol.
6. The portable target equipment-based software sample collection method according to claim 2, wherein if a card reader is used to access the target equipment, the portable target equipment sample collection method is specifically decomposed into the following procedures:
s1', connecting the card reader of the notebook computer with the SD card and the hard disk type target equipment;
s2', configuring parameters of a special search engine deployed on a notebook computer, and setting the software sample type, the file size and the file modification time attribute of data acquisition, wherein the type comprises exe, dll, msi, elf, so, vbs, js and bat, and other attributes are set as required;
s3', starting a special search engine in a manual mode, rapidly scanning files on an SD card and hard disk type target equipment by the special search engine, establishing an index, and searching files with specified attributes;
s4 ', judging whether the software sample data with the designated attribute is stored, if yes, executing S5 ', otherwise, executing the step S6 ';
s5', after the scanning is finished, the special search engine automatically copies the software sample with the pre-designated attribute on the SD card and the hard disk type target equipment discovered by the scanning to the notebook computer;
s6', quits the connection target equipment.
7. The portable target equipment-based software sample collection method of any one of claims 3 to 6, wherein the dedicated search engine employs an efficient indexing algorithm for file indexing and searching.
8. The portable target equipment-based software sample acquisition method as claimed in claim 7, wherein the efficient indexing algorithm performs file indexing and searching in the following specific processes:
step one, reading a partition boot sector to judge the partition format, if the partition boot sector contains an NTFS identifier, judging the partition boot sector to be in the NTFS format, and continuing to execute the step two; if the structure type of EXT4_ super _ block is contained, judging the structure type to be in an EXT4 format, and continuing to execute the step III; if the label of FilesystemMagicNumber is contained and the label is equal to 0XEF53, judging that the format is EXT2 or EXT3, and continuing to execute the step three; if not, turning to the fourth step;
reading a Main File Table (MFT) of the NTFS partition, acquiring a file list, creating an index, and turning to the fourth step;
reading a file node table inodeTable of EXT4 or EXT3 or EXT2 partition, acquiring a directory and a file list, and creating an index;
and step four, completing the index creation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010741698.8A CN111858479A (en) | 2020-07-29 | 2020-07-29 | Portable software sample acquisition method based on target equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010741698.8A CN111858479A (en) | 2020-07-29 | 2020-07-29 | Portable software sample acquisition method based on target equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111858479A true CN111858479A (en) | 2020-10-30 |
Family
ID=72948294
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010741698.8A Pending CN111858479A (en) | 2020-07-29 | 2020-07-29 | Portable software sample acquisition method based on target equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111858479A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007067424A2 (en) * | 2005-12-06 | 2007-06-14 | David Sun | Forensics tool for examination and recovery of computer data |
| CN103210368A (en) * | 2010-10-29 | 2013-07-17 | 惠普发展公司,有限责任合伙企业 | Software application recognition |
| US9471285B1 (en) * | 2015-07-09 | 2016-10-18 | Synopsys, Inc. | Identifying software components in a software codebase |
| CN110990351A (en) * | 2019-12-05 | 2020-04-10 | 南方电网数字电网研究院有限公司 | Unstructured data acquisition method, device and system and computer equipment |
-
2020
- 2020-07-29 CN CN202010741698.8A patent/CN111858479A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007067424A2 (en) * | 2005-12-06 | 2007-06-14 | David Sun | Forensics tool for examination and recovery of computer data |
| CN103210368A (en) * | 2010-10-29 | 2013-07-17 | 惠普发展公司,有限责任合伙企业 | Software application recognition |
| US9471285B1 (en) * | 2015-07-09 | 2016-10-18 | Synopsys, Inc. | Identifying software components in a software codebase |
| CN110990351A (en) * | 2019-12-05 | 2020-04-10 | 南方电网数字电网研究院有限公司 | Unstructured data acquisition method, device and system and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111241389B (en) | Sensitive word filtering method and device based on matrix, electronic equipment and storage medium | |
| KR100911377B1 (en) | Device and Method for searching data in digital forensic | |
| US20110173159A1 (en) | Data mover discovery of object extent | |
| CN103559276A (en) | Method and device for clearing useless files | |
| KR101932619B1 (en) | Method, apparatus and data processing system for matching content items with images | |
| US20120131072A1 (en) | System and Method for removing Master File Table ($MFT) File Record Segments (FRS) | |
| EP1696340B1 (en) | Information processing apparatus, information processing method, and computer program | |
| CN111125298A (en) | Method, equipment and storage medium for reconstructing NTFS file directory tree | |
| US9129109B2 (en) | Method and apparatus for detecting a malware in files | |
| CN112115002A (en) | Method and device for recovering file from damaged or non-trusted mechanical hard disk | |
| CN102609531B (en) | Method for pegging files according to keywords | |
| RU2595523C2 (en) | Image processing method, method of generating image index, method of detecting conformity of the image from the image storage and server (versions) | |
| CN111858479A (en) | Portable software sample acquisition method based on target equipment | |
| CN107590233B (en) | File management method and device | |
| Minnaard et al. | Timestomping ntfs | |
| EP3542273A1 (en) | Systems and methods for recovering lost clusters from a mounted volume | |
| KR101688629B1 (en) | Method and apparatus for recovery of file system using metadata and data cluster | |
| CN111639087A (en) | Data updating method and device in database and electronic equipment | |
| KR20110023580A (en) | The method and system for recovering data | |
| CN111027071B (en) | Threat program full-behavior association analysis method and device | |
| CN111258503A (en) | Management method and device of CIROS file system | |
| CN110569430A (en) | mobile terminal web crawler system | |
| Decusatis et al. | Methodology for an open digital forensics model based on CAINE | |
| CN113220953B (en) | Data filtering method and device | |
| CN114138552B (en) | Data dynamic repeating and deleting method, system, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |