CN112631654A - Program linkage method and system based on evidence obtaining platform - Google Patents

Program linkage method and system based on evidence obtaining platform Download PDF

Info

Publication number
CN112631654A
CN112631654A CN202011581268.0A CN202011581268A CN112631654A CN 112631654 A CN112631654 A CN 112631654A CN 202011581268 A CN202011581268 A CN 202011581268A CN 112631654 A CN112631654 A CN 112631654A
Authority
CN
China
Prior art keywords
program
script
evidence obtaining
platform
task
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011581268.0A
Other languages
Chinese (zh)
Inventor
张永光
魏炜途
朱聚江
李侠林
李山
杨辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Meiya Pico Information Co Ltd
Original Assignee
Xiamen Meiya Pico Information Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Meiya Pico Information Co Ltd filed Critical Xiamen Meiya Pico Information Co Ltd
Priority to CN202011581268.0A priority Critical patent/CN112631654A/en
Publication of CN112631654A publication Critical patent/CN112631654A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/73Program documentation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/368Test management for test version control, e.g. updating test cases to a new software version
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/252Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Abstract

The application discloses a program linkage method and system based on a forensics platform. The method comprises the following steps: writing a forensics program script and performing first function verification; the method comprises the steps of responding to encryption, packaging and compression of a forensics program script, program introduction information and test data, obtaining a forensics program package, and uploading the forensics program package to a sharing platform, wherein the sharing platform executes task deployment and script encryption processing on the forensics program package; and receiving the updated database parameters of the sharing platform, and acquiring the linkage information of the evidence obtaining program issued by the evidence obtaining program package after the evidence obtaining program package is encrypted by the task deployment process and the script of the sharing platform. The problems that the evidence-taking products in the prior art face increasing application types, application iteration is accelerated continuously, the electronic medium technology is upgraded quickly, the types of the evidence-taking products are endless, the current technical development situation cannot be tracked by the technical iteration speed, and group intelligence continuous innovation and quick iteration cannot be integrated are solved.

Description

Program linkage method and system based on evidence obtaining platform
Technical Field
The embodiment of the application relates to the technical field of information security, in particular to a program linkage method and system based on a forensics platform.
Background
With the continuous promotion of social informatization technology, the application types of electronic data evidence obtaining products are gradually increased, and in the era of rapid upgrading of electronic medium technology and endless variety layers, evidence obtaining equipment with powerful functions and suitable for different occasions and different media is needed, group intelligence needs to be integrated for continuous innovation, and an open comprehensive evidence obtaining platform which meets the requirement of user independent actual combat drilling is created. Due to the particularity of the cooperative objects in the evidence obtaining related industries, the cooperative objects are different from the public internet products, most of the existing client-side evidence obtaining equipment is still in a single machine mode, an attack and defense game state also exists between the evidence obtaining technology and the target object to be analyzed, and the electronic data evidence obtaining products are relatively strict in technical confidentiality. The existing evidence obtaining products are not easy to be cracked and decompiled by developing various analysis plug-ins and then integrating the analysis plug-ins on the evidence obtaining products and writing the analysis plug-ins in a high-level language which is biased to the bottom layer, namely C \ C + +. However, with the increasing application types of evidence-obtaining products, the application iteration is accelerated, the electronic medium technology is upgraded rapidly, and the types of evidence-obtaining products are endless, so that the current technical development situation cannot keep up with the technical iteration speed, and cannot be integrated with the group intelligence continuous innovation and rapid iteration.
Disclosure of Invention
The embodiment of the application aims to provide a program linkage method and a program linkage system based on a forensics platform, and the technical problems that the application types of forensics products are gradually increased, the application iteration is continuously accelerated, the electronic medium technology is rapidly upgraded and the types of the products are infinite, the current technical development situation cannot be tracked up to the technical iteration speed, and the current technical development situation cannot be integrated into group intelligence continuous innovation, rapid iteration and the like are solved.
In a first aspect, an embodiment of the present application provides a program linkage method based on a forensics platform, where the method includes:
s1: writing a forensics program script and performing first function verification;
s2: the method comprises the steps of responding to encryption, packaging and compression of a forensics program script, program introduction information and test data, obtaining a forensics program package, and uploading the forensics program package to a sharing platform, wherein the sharing platform executes task deployment and script encryption processing on the forensics program package; and
s3: and receiving the updated database parameters of the sharing platform, and acquiring linkage information of the evidence obtaining program issued by the evidence obtaining program package after the evidence obtaining program package is subjected to the task deployment process and the script encryption processing of the sharing platform.
According to the method, a evidence obtaining sharing platform is built, a client side writes a python script in real time, evidences are extracted quickly, the python script is packaged and uploaded to the sharing platform, a background of the sharing platform triggers an auditing process, an encryption deployment task is added, an encryption deployment process is started, and linkage information issuing platforms of evidence obtaining programs are shared in response to passing of functional verification through unpacking, encryption, repacking and functional verification, so that a user can directly search, download and use through an evidence obtaining software client side or import and use through one key, and an evidence obtaining identification report is generated.
In some embodiments, in step S2, the forensic package is uploaded to the sharing platform through the client or web site. The evidence obtaining program package can be uploaded to the sharing platform through the client and the webpage, so that the evidence obtaining program package can be better applied and popularized.
In some embodiments, in response to uploading the forensics package to the sharing platform through the web page, the transfer parameter information of the client is received by using the resetful interface, or the transfer parameter information is cached to the server background. The resetful interface receives or caches to the background of the server to improve various modes of client parameter information transmission, and is suitable for different client configuration requirements.
In some embodiments, after the forensics program script, the program introduction information and the test data are uploaded to the shared platform, the script file is subjected to hash mapping, the deployment task is added to the task queue, the deployment condition of the task queue is detected through the task daemon, and the task deployment process is started. The Hash mapping script file is utilized, so that the searching efficiency and the deployment condition of subsequent detection tasks are improved conveniently.
In some embodiments, the task deployment process unpacks the forensics package, encrypts the script, verifies a second function, uploads the second function to the shared platform, and updates the platform database parameters. The sharing platform unpacks the evidence obtaining program package, can effectively prevent the evidence obtaining program package uploaded by the front end from being hijacked, modified and forged and then uploaded to the background, and the background judges the legality of the package according to whether the package can be normally unpacked or not.
In some embodiments, the application information includes a title, author, entity, application introduction, and application screenshot of the forensic program script. The linkage information of the evidence obtaining program which is convenient for the sharing platform to release can be directly downloaded and applied by the client.
In a second aspect, an embodiment of the present application provides a program linkage system based on a forensics platform, where the system includes:
the program script compiling module is configured for compiling the evidence obtaining program script and carrying out first function verification;
the uploading sharing platform module is configured to respond to the fact that the evidence obtaining program script, the program introduction information and the test data are encrypted, packaged and compressed to obtain an evidence obtaining program package, and upload the evidence obtaining program package to the sharing platform, wherein the sharing platform executes task deployment and script encryption processing on the evidence obtaining program package; and
and the linkage information module is configured and used for receiving the updated database parameters of the sharing platform and obtaining the linkage information of the evidence obtaining program issued by the evidence obtaining program package after the evidence obtaining program package is encrypted by the task deployment process and the script of the sharing platform.
In some embodiments, after the forensics program script, the program introduction information and the test data are uploaded to the shared platform, the script file is subjected to hash mapping, the deployment task is added to the task queue, the deployment condition of the task queue is detected through the task daemon, and the task deployment process is started.
In some embodiments, the task deployment process is unpacked, and after script encryption processing, second function verification is performed, the second function verification is uploaded to the shared platform, and parameters of a platform database are updated.
In a third aspect, an embodiment of the present application provides an electronic device, including: one or more processors; storage means for storing one or more programs which, when executed by one or more processors, cause the one or more processors to carry out a method as described in any one of the implementations of the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method as described in any implementation manner of the first aspect.
According to the program linkage method and system based on the evidence obtaining platform, the evidence obtaining sharing platform is built, the client side writes evidence obtaining program scripts in real time, evidence is extracted quickly, the evidence is packaged and uploaded to the sharing platform, the platform background triggers an auditing flow, an encryption deployment task is added, and platform sharing is released after an encryption deployment process is started. The user can directly search and download the evidence-obtaining software client for use or import the evidence-obtaining software client for use by one key to generate an evidence-obtaining authentication report. The system can be used without installation, and a user searches and downloads a key from the platform for importing and using through independent writing and direct release to the sharing platform, so that a brand-new evidence obtaining platform linkage technology for data extraction and flexible analysis is realized. Has strategic significance to the evidence obtaining industry and has wide application prospect. The method not only supports real-time writing of the evidence obtaining program script on evidence obtaining software, but also supports obtaining of the shared script from the evidence obtaining platform, is used for target software evidence extraction quickly, achieves quick iteration and smart sharing on the premise that an evidence obtaining client version is not updated, and is characterized in that the key point of the scheme is that the front end is encrypted and packaged, and the background executes unpacking, encryption and packaging and then issuing. The method can reliably prevent the forensics program package uploaded by the front end from being hijacked, modified and forged and then uploaded to the background, and the background can judge the legality of the forensics program package by judging whether the forensics program package can be normally decrypted or not. The method has strategic significance on construction of evidence obtaining ecosphere, has important significance on construction of electronic data evidence obtaining platform, and has wide application prospect.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a forensics platform-based program linkage method according to the present application;
FIG. 3 is a linkage flow diagram of one embodiment of a forensics platform-based program linkage method according to the present application;
FIG. 4 is a schematic structural diagram of one embodiment of a forensic platform based procedural linkage system according to the present application;
FIG. 5 is a partial linkage timing diagram of one embodiment of a forensics platform-based program linkage system according to the present application;
FIG. 6 is a schematic block diagram of a computer system suitable for use in implementing an electronic device according to embodiments of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 illustrates an exemplary system architecture 100 to which a forensics platform-based program linkage method according to an embodiment of the present application may be applied.
As shown in fig. 1, system architecture 100 may include terminal device 101, network 102, and server 103. Network 102 is the medium used to provide communication links between terminal devices 101 and server 103. Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The operator may use the terminal device 101 to interact with the server 103 via the network 102 to receive or send messages or the like. Various communication client applications, such as drawing-type applications, instant messaging tools, search-type applications, web browser applications, and the like, may be installed on the terminal device 101.
The terminal device 101 may be various electronic devices including, but not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), etc., and a fixed terminal such as a digital TV, a desktop computer, etc.
The server 103 may be a server that provides various services, such as a server that performs task deployment and script encryption processing on the forensic package on the terminal apparatus 101. The shared server can send linkage information of the evidence obtaining program and the like issued after the shared platform task deployment process and the script encryption processing to the terminal equipment.
It should be noted that the forensic platform-based program linkage method provided in the embodiment of the present application is generally executed by the terminal device 101, and accordingly, a forensic platform-based program linkage system is generally disposed in the terminal device 101.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, servers, etc., as desired for an implementation.
With continued reference to FIG. 2, a flowchart 200 of one embodiment of a forensics platform-based program linkage method according to the present application is shown. The method comprises the following steps:
step 201, writing a forensics program script, and performing first function verification.
In this embodiment, the method is used for directly writing the python script at the client in real time and rapidly extracting the evidence, the client writes the evidence-obtaining program script, performs first function verification on the written evidence-obtaining program script, and executes subsequent encryption packaging uploading operation if the verification is successful.
Step 202, in response to the fact that the forensic program script, the program introduction information and the test data are encrypted, packaged and compressed, a forensic program package is obtained, and the forensic program package is uploaded to a sharing platform, wherein the sharing platform executes task deployment and script encryption processing on the forensic program package.
In this embodiment, the forensics program script that passes the first functional verification can be directly uploaded to the sharing platform through the client and the web page. If the evidence obtaining program script is directly uploaded to the sharing platform through the client, firstly, evidence obtaining program script introduction information, such as title, author, unit, application introduction, screenshot and other information, is extracted, the evidence obtaining program script, the script introduction information and the test information are verified through a first function, encrypted and packaged to be compressed into an xml-format evidence obtaining program package, the xml-format evidence obtaining program package is directly uploaded to the sharing platform, and the task deployment processing is carried out. If the evidence obtaining program script is uploaded to the sharing platform through the page side, whether the page side can receive the transmission parameter information of the client side is judged firstly, the transmission parameter information comprises information such as application introduction, a script file storage path, a script test data storage path and the like, if yes, the evidence obtaining program parameter information is automatically extracted and filled, and if not, the transmission parameter is manually filled. The client side can transmit the parameter information through a resetful interface or directly cache the parameter information to a background to obtain the parameter information.
In some specific embodiments, after the sharing platform receives the forensics program package uploaded by the client, the background of the sharing platform triggers automatic auditing, an encryption deployment task is added, and when it is detected that an undeployed task exists in the task queue, a task deployment process is started. Unpacking the task deployment process, starting a script encryption tool, starting an encryption deployment process, encrypting, packing and functionally verifying the evidence obtaining program script, responding to the functional verification passing, sharing the issuing platform, enabling the evidence obtaining host client to directly search and download, importing and using by one key, and generating an evidence obtaining identification report.
In some specific embodiments, after the forensics program script, the program introduction information and the test data are uploaded to the shared platform, the script file is subjected to hash mapping, the deployment task is added to the task queue, the deployment condition of the task queue is detected through the task daemon, and the task deployment process is started. And the task deployment process unpacks the evidence obtaining program package, performs second function verification after script encryption processing, uploads the second function verification to the sharing platform, and updates the platform database parameters.
And 203, receiving the updated database parameters of the sharing platform, and acquiring the linkage information of the evidence obtaining program issued by the evidence obtaining program package after the evidence obtaining program package is encrypted by the task deployment process and the script of the sharing platform.
In this embodiment, the evidence obtaining client can write an evidence obtaining program script in real time, and support obtaining of the shared evidence obtaining program script from the evidence obtaining sharing platform, so that the evidence obtaining client can be quickly used for target software evidence extraction, and the purposes of quick iteration and intelligent sharing can be achieved on the premise that the evidence obtaining client version is not updated.
Referring to fig. 3, a linkage flow diagram of an embodiment of a forensics platform-based program linkage method according to the present application is shown, which specifically includes the following sub-steps:
step 301, writing a forensic applet. The user writes a forensic program script at the client, and performs a first functional verification with respect to the written forensic program script, and if the first functional verification is OK, performs step 302.
Step 302, determine whether to upload by the client. And judging whether the evidence obtaining program script is uploaded through the client side, if so, executing step 303 of uploading by the client side, and if not, executing step 304 of uploading by the web side.
And step 303, extracting the title information of the evidence-obtaining small program related to the client interface. When the evidence obtaining program is directly uploaded by a client, evidence obtaining program script introduction information, such as title, author, unit, application introduction, screenshot and the like, is extracted and organized into an xml format (other formats can be selected).
Step 304, determine whether to transmit parameter information through the client. If yes, go to step 305, and if no, go to step 306.
And step 305, filling in the parameter information of the evidence-obtaining small program. When uploading is performed through the page side, the application information, such as information of title, author, unit, application introduction, screenshot and the like, is extracted, the default parameters are transmitted through the resetful interface, another method is to cache the parameters in the background, wherein the transmitted parameter information specifically includes the application introduction, the script file storage path, the script test data storage path and the like, and step 307 is performed.
Step 306, filling in the transfer parameters. Uploading the page (web page side), extracting default parameters, automatically filling the form, and executing step 307.
And 307, encrypting, packaging and submitting the platform, and adding an encryption deployment task. And encrypting, packaging and compressing the evidence obtaining program script, the application introduction XML file and the test data into a mfx format, filling form information into a background after uploading the background successfully after the step 305 or the step 306, performing hash mapping on the script file, and adding a deployment task into a task queue.
Step 308, scanning the deployment task, and starting the encryption deployment process if the undeployed task exists. And detecting a task queue by using a service from the task daemon to the background after the task daemon is deployed in advance, and starting the task deployment process if an undeployed task exists.
Step 309, unpack and start script encryption program. And unpacking the task deployment process, starting a script encryption tool, converting the script source file of py into a pyc format, and preventing the code from being decompiled.
In step 310, a script function test flow is started. After the py source file is encrypted, starting a script function verification program.
Step 311, determine that the verification passes. And judging whether the second function verification passes, if so, repackaging the verification into mfx format for publishing, updating parameters in the platform database, publishing the platform, replacing the download address with a new file path, downloading the file for use and the like. If not, updating the state of the deployment task, updating the failure reason, starting platform display, alarming and reminding functions.
Referring to fig. 4, which illustrates a schematic structural diagram of one embodiment of a forensics platform-based procedural linkage system according to the present application, as shown in fig. 4, a procedural linkage system 400 includes the following elements.
And the program script writing module 401 is configured to write a forensic program script and perform first function verification.
And an upload sharing platform module 402 configured to respond to the forensic program script, the program introduction information, and the test data being encrypted, packaged, and compressed to obtain a forensic program package, and upload the forensic program package to a sharing platform, where the sharing platform performs task deployment and script encryption processing on the forensic program package.
And the linkage information module 403 is configured to receive the updated database parameters of the sharing platform, and obtain linkage information of the forensic program issued by the forensic program package after being encrypted by the sharing platform task deployment process and the script.
In some specific embodiments, after the forensics program script, the program introduction information and the test data are uploaded to the shared platform, the script file is subjected to hash mapping, the deployment task is added to the task queue, the deployment condition of the task queue is detected through the task daemon, and the task deployment process is started.
In some specific embodiments, the task deployment process is unpacked, and after script encryption processing, second function verification is performed, the second function verification is uploaded to the shared platform, and parameters of a platform database are updated.
With continuing reference to FIG. 5, a partial linkage timing diagram of one embodiment of a forensics platform-based program linkage system according to the present application is shown, as shown in FIG. 5, including forensics client 501, shared platform 502, task deployment tool 503, and script encryption tool 504. By setting up the evidence obtaining platform 502, firstly, an evidence obtaining program script is quickly compiled on the evidence obtaining host client 501, the evidence obtaining program script is submitted and uploaded to the sharing platform 502, the background of the sharing platform 502 triggers automatic auditing, the task deployment tool 503 and the script tool 504 are utilized, the evidence obtaining program package passing the auditing is added with an encryption deployment task, the encryption deployment task is unpacked, an encryption deployment process is started, script encryption is started, the script is coded and encrypted, the script function is verified, and finally, the task deployment is detected to be successful, the deployment state is updated, the linkage information of the sharing platform 502 is synchronized, and the uploading result is fed back to the evidence obtaining client, so that the evidence obtaining host client can directly search and download, and the evidence obtaining identification report is generated by importing one key for use.
The program linkage system in the application not only supports writing the program script of collecting evidence in real time on the software of collecting evidence, but also supports obtaining the shared script from the platform of collecting evidence, is used for target software evidence to extract fast, under the prerequisite of not updating the client version of collecting evidence, reaches quick iteration, the purpose of wisdom sharing, this application still lies in the flat front end of sharing in addition and encrypts the packing, carries out the unpacking at the sharing platform backstage and encrypts the repacking back issue. The method can reliably prevent the forensics program package uploaded by the front end from being hijacked, modified and forged and then uploaded to the background, and the background can judge the legality of the forensics program package by judging whether the forensics program package can be normally decrypted or not.
Referring now to FIG. 6, shown is a block diagram of a computer system 600 suitable for use in implementing the electronic device of an embodiment of the present application. The electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. Various programs and data required for the operation of the system 600 are stored in the RAM 603. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: including an input portion 606, an output portion 607, a storage portion 608, a communication portion 609, a drive 610, a removable medium 611. The drive 610 may be connected to the I/O interface 605 as necessary, and a removable medium 611 is mounted on the drive 610 as necessary so that a computer program read out therefrom is installed into the storage section 608 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. Computer program code for carrying out operations of the present application may be written in one or more programming languages, or a combination thereof. The program code may execute entirely on the trainer computer, partly on the trainer computer, as a stand-alone software package, partly on the trainer computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the trainer computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present application may be implemented by software or hardware. The modules described may also be provided in a processor, which may be described as: a processor comprises a program compiling script module, an uploading sharing platform module and a linkage information module. Where the names of these modules do not in some cases constitute a limitation on the unit itself, for example, a program script module may also be described as "program forensics script and perform first functional verification".
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.

Claims (12)

1. A program linkage method based on a forensics platform is characterized by comprising the following steps
S1: writing a forensics program script and performing first function verification;
s2: responding to the evidence obtaining program script, the program introduction information and the test data to be encrypted, packaged and compressed to obtain an evidence obtaining program package, and uploading the evidence obtaining program package to a sharing platform, wherein the sharing platform executes task deployment and script encryption processing on the evidence obtaining program package; and
s3: and receiving the updated database parameters of the sharing platform, and acquiring linkage information of the evidence obtaining program issued by the evidence obtaining program package after the evidence obtaining program package is encrypted by the task deployment process and the script of the sharing platform.
2. The method according to claim 1, wherein in the step S2, the forensic package is uploaded to the shared platform through a client or a web page.
3. The method of claim 1, wherein the forensic program script, the program introduction information and the test data are cryptographically packaged and compressed into the forensic package in a. mfx format, wherein the program introduction information is obtained by extracting application information of the forensic program script.
4. The method according to claim 2, wherein in response to the forensics package being uploaded to the shared platform through a web page, the method receives the transfer parameter information of the client using a resetful interface, or caches the transfer parameter information to a server background.
5. The method according to claim 1, wherein in response to uploading the forensics program script, the program introduction information, and the test data to a shared platform, a script file is hash-mapped, a deployment task is added to a task queue, and a task daemon detects the deployment condition of the task queue and starts the task deployment process.
6. The method according to claim 1, wherein the task deployment process unpacks the forensics package, performs second function verification after script encryption, uploads to the shared platform, and updates the platform database parameters.
7. The method of claim 3, wherein the application information comprises a title, an author, a unit, an application introduction, and an application screenshot of the forensic program script.
8. A forensic platform based procedural linkage system, the system comprising:
the program script compiling module is configured for compiling the evidence obtaining program script and carrying out first function verification;
the uploading sharing platform module is configured to respond to the evidence obtaining program script, the program introduction information and the test data to be encrypted, packaged and compressed to obtain an evidence obtaining program package, and upload the evidence obtaining program package to a sharing platform, wherein the sharing platform executes task deployment and script encryption processing on the evidence obtaining program package; and
and the linkage information module is configured and used for receiving the updated database parameters of the sharing platform and obtaining the linkage information of the evidence obtaining program issued by the evidence obtaining program package after the evidence obtaining program package is encrypted by the task deployment process and the script of the sharing platform.
9. The system of claim 8, wherein in response to uploading the forensics program script, the program introduction information, and the test data to the shared platform, a script file is hashed, a deployment task is added to a task queue, and a task daemon detects the deployment of the task queue and starts the task deployment process.
10. The system of claim 8, wherein the task deployment process is unpacked, subjected to script encryption, subjected to a second function check, uploaded to the shared platform, and updated with the platform database parameters.
11. An electronic device, comprising:
one or more processors;
a storage system for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
CN202011581268.0A 2020-12-28 2020-12-28 Program linkage method and system based on evidence obtaining platform Pending CN112631654A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011581268.0A CN112631654A (en) 2020-12-28 2020-12-28 Program linkage method and system based on evidence obtaining platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011581268.0A CN112631654A (en) 2020-12-28 2020-12-28 Program linkage method and system based on evidence obtaining platform

Publications (1)

Publication Number Publication Date
CN112631654A true CN112631654A (en) 2021-04-09

Family

ID=75325636

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011581268.0A Pending CN112631654A (en) 2020-12-28 2020-12-28 Program linkage method and system based on evidence obtaining platform

Country Status (1)

Country Link
CN (1) CN112631654A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113485692A (en) * 2021-06-07 2021-10-08 广发银行股份有限公司 Big data componentization development method and device based on component store

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004208107A (en) * 2002-12-26 2004-07-22 Toshiba Corp Scrambled broadcast system, broadcast transmission device, and reception device
CN104360837A (en) * 2014-10-16 2015-02-18 公安部第三研究所 Method for realizing evidence collection and analysis of electronic data in evidence collection software based on custom scripts
CN109739529A (en) * 2018-12-04 2019-05-10 贵阳朗玛信息技术股份有限公司 A kind of method and device that program is issued automatically
CN110308917A (en) * 2019-06-26 2019-10-08 深圳前海微众银行股份有限公司 Small routine dissemination method, device, equipment and computer storage medium
CN111478956A (en) * 2020-04-01 2020-07-31 百度在线网络技术(北京)有限公司 Deployment and preview method and device of small program package

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004208107A (en) * 2002-12-26 2004-07-22 Toshiba Corp Scrambled broadcast system, broadcast transmission device, and reception device
CN104360837A (en) * 2014-10-16 2015-02-18 公安部第三研究所 Method for realizing evidence collection and analysis of electronic data in evidence collection software based on custom scripts
CN109739529A (en) * 2018-12-04 2019-05-10 贵阳朗玛信息技术股份有限公司 A kind of method and device that program is issued automatically
CN110308917A (en) * 2019-06-26 2019-10-08 深圳前海微众银行股份有限公司 Small routine dissemination method, device, equipment and computer storage medium
CN111478956A (en) * 2020-04-01 2020-07-31 百度在线网络技术(北京)有限公司 Deployment and preview method and device of small program package

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113485692A (en) * 2021-06-07 2021-10-08 广发银行股份有限公司 Big data componentization development method and device based on component store

Similar Documents

Publication Publication Date Title
CN111143869B (en) Application package processing method and device, electronic equipment and storage medium
CN111163095B (en) Network attack analysis method, network attack analysis device, computing device, and medium
US20220083326A1 (en) Upgrading method and system, server, and terminal device
CN105824909A (en) Page generation method and device
TWI541669B (en) Detection systems and methods for static detection applications, and computer program products
JP6121447B2 (en) Reducing web browsing overhead using external code proof
CN111163094B (en) Network attack detection method, network attack detection device, electronic device, and medium
CN101562618A (en) Method and device for detecting web Trojan
US20150121335A1 (en) Consolidating and reusing portal information
US11003435B2 (en) Manifest trialing techniques
CN106709281B (en) Patch granting and acquisition methods, device
CN105279078A (en) Method and device for detecting security hole
CN112631654A (en) Program linkage method and system based on evidence obtaining platform
CN108462749B (en) Web application processing method, device and system
EP3510557B1 (en) Image processing system for verification of rendered data
CN112788084B (en) Application program installation package downloading method, application program installation package pushing device and computer equipment
CN107145342B (en) Method and device for processing channel information of application
JP6169497B2 (en) Connection destination information determination device, connection destination information determination method, and program
CN112416395A (en) Hot repair updating method and device
JP2010140277A (en) Electronic file processor, computer system, electronic file processing method and computer program
CN111610990B (en) Method, device and related system for upgrading application program
CN113312577A (en) Webpage resource processing method and device, electronic equipment and storage medium
JP5941745B2 (en) Application analysis apparatus, application analysis system, and program
CN110287087B (en) Method and device for detecting application
JP6378808B2 (en) Connection destination information determination device, connection destination information determination method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210409

RJ01 Rejection of invention patent application after publication