CN113986806B - GOIP high-speed evidence obtaining method and system based on serial port and network port and storage medium - Google Patents
GOIP high-speed evidence obtaining method and system based on serial port and network port and storage medium Download PDFInfo
- Publication number
- CN113986806B CN113986806B CN202111295770.XA CN202111295770A CN113986806B CN 113986806 B CN113986806 B CN 113986806B CN 202111295770 A CN202111295770 A CN 202111295770A CN 113986806 B CN113986806 B CN 113986806B
- Authority
- CN
- China
- Prior art keywords
- goip
- equipment
- evidence obtaining
- evidence
- serial port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2205—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing using arrangements specific to the hardware being tested
- G06F11/221—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing using arrangements specific to the hardware being tested to test buses, lines or interfaces, e.g. stuck-at or open line faults
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/382—Information transfer, e.g. on bus using universal interface adapter
Abstract
The invention provides a GOIP high-speed evidence obtaining method, a system and a storage medium based on a serial port and a network port. The method comprises the following steps: the evidence obtaining equipment is connected with the GOIP equipment and enters a system guide mode of the GOIP; compiling a communication flow of the GOIP equipment and the evidence obtaining equipment and compiling the communication flow into an executable program, and downloading the executable program to a memory of the GOIP equipment through a transmission instruction in the system guide mode; executing the executable program through the program execution instruction in the system boot mode; uploading the GOIP mirror image data to the evidence obtaining equipment through a network connected with the GOIP equipment; and the evidence obtaining equipment is used for obtaining evidence, analyzing and displaying. The method, the system and the corresponding storage medium provide a solution for comprehensive and efficient evidence obtaining of the GOIP equipment on site, solve the problems that the prior art is low in evidence obtaining efficiency of the GOIP equipment, requires password authority and is incomplete in evidence obtaining data, and have great significance for obtaining evidence of the GOIP equipment and even electronic data of the Internet of things.
Description
Technical Field
The invention relates to the field of evidence obtaining safety of Internet of things embedded equipment, in particular to a method, a system and a storage medium for obtaining evidence at a high speed by GOIP (generic object identification protocol) based on a serial port and a network port.
Background
With the popularization of 4G communication technology, various terminal devices integrating multiple communication modules, which are commonly used in the internet of things, are also upgraded, and the traditional VOIP is evolved to the GOIP devices which are widely used at present. At present, there are three main technologies for obtaining evidence for the GOIP, the first is to take a picture of an IMEI nameplate on an internal communication module to obtain evidence by disassembling GOIP equipment, but there may be a problem that the nameplate is damaged and unclear, and the extracted data is limited; secondly, logging in a GOIP background management through a GOIP network port to extract webpage data, wherein the extracted data is not comprehensive enough, and account passwords need to be managed in a background mode, and are modified under normal conditions; the third is a evidence obtaining technology based on a GOIP debugging serial port, an account number and a password are not needed in the method, but the rate of obtaining evidence through debugging the serial port is low, dozens of MB of mirror images need dozens of hours or even days, the evidence obtaining efficiency for storing large GOIP is very low, and field evidence obtaining is very difficult.
The above several evidence obtaining modes can not meet the urgent needs of the internet of things embedded equipment evidence obtaining safety field.
Disclosure of Invention
In order to solve the problems of low forensics efficiency of GOIP equipment, requirement of password authority and incomplete forensics data in the prior art, the embodiment of the invention provides the following technical scheme:
a GOIP high-speed evidence obtaining method based on a serial port and a network port comprises the following steps:
s1: the evidence obtaining equipment is connected with the GOIP equipment and enters a system guide mode of the GOIP;
s2: compiling a communication flow of the GOIP equipment and the evidence obtaining equipment and compiling the communication flow into an executable program, and downloading the executable program to a memory of the GOIP equipment through a transmission instruction in the system guide mode;
s3: executing the executable program through the program execution instruction in the system boot mode;
s4: uploading the GOIP mirror image data to the evidence obtaining equipment through a network connected with the GOIP equipment;
s5: and the evidence obtaining equipment is used for obtaining evidence, analyzing and displaying.
Furthermore, the evidence obtaining device is connected with the debugging serial port of the GOIP device through a signal transfer line.
Furthermore, the system boot mode specifically enters into the following manner: and opening the debugging serial port, and sequentially sending character strings corresponding to the system boot mode to the GOIP equipment until the mark character string of the system boot mode entering the GOIP appears.
Further, the generation of the executable program comprises the following steps:
s21, reversely analyzing the firmware of the GOIP equipment and determining a function pointer of a network interface of the GOIP equipment;
s22, compiling a transmission flow code of the GOIP and the evidence obtaining equipment communication based on the network related interface function;
and S23, compiling the transmission flow codes through a cross compiler to generate an executable binary program of the GOIP.
Furthermore, the debugging serial port comprises a USB interface, a USB virtual serial port, a TTL serial port or a console port.
The invention also provides a GOIP high-speed evidence obtaining system, which comprises:
a guidance mode unit: configuring a system boot mode for connecting the evidence obtaining equipment with the GOIP equipment and entering the GOIP;
an executable program compiling unit: configuring and compiling a communication flow for compiling the GOIP equipment and the evidence obtaining equipment into an executable program, and downloading the executable program to a memory of the GOIP equipment through a transmission instruction in the system guide mode;
a downloading unit: configured to download and run the executable program via program execution instructions in the system boot mode;
mirror image data upload unit: the GOIP equipment is configured to be used for uploading the GOIP mirror image data to the evidence obtaining equipment through a network connected with the GOIP equipment;
evidence collection analysis and display unit: and the evidence obtaining device is configured for obtaining evidence, analyzing and displaying evidence by utilizing the evidence obtaining device.
Furthermore, the evidence obtaining device is connected with a debugging serial port of the GOIP device through a signal transfer line.
Further, the boot mode unit performs operations including: and opening the debugging serial port, and sequentially sending character strings corresponding to the system boot mode to the GOIP equipment until the mark character string of the system boot mode entering the GOIP appears.
Further, the operations performed by the executable program compiling unit include the steps of:
s21, reversely analyzing the firmware of the GOIP equipment and determining a function pointer of a network interface of the GOIP equipment;
s22, compiling a transmission flow code of the GOIP and the evidence obtaining equipment communication based on the network related interface function;
and S23, compiling the transmission flow codes through a cross compiler to generate an executable binary program of the GOIP.
The invention also proposes a computer-readable storage medium having stored thereon a computer program which, when executed, performs the forensics method according to any one of claims 1 to 5.
The invention has the technical effects that: the technical problem of giving permission is solved by entering a special mode of the GOIP equipment through a serial port; the storage mirror image is uploaded to the evidence obtaining device through the network port, so that the problem of low on-site evidence obtaining efficiency is solved; because the complete chip mirror image data is extracted, more comprehensive electronic data can be forensically analyzed. The method, the system and the corresponding storage medium provide a solution for comprehensive and efficient evidence obtaining of the GOIP equipment on site, and have great significance for obtaining evidence of the GOIP equipment and even the electronic data of the Internet of things.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments and together with the description serve to explain the principles of the invention. Other embodiments and many of the intended advantages of embodiments will be readily appreciated as they become better understood by reference to the following detailed description. The elements of the drawings are not necessarily to scale relative to each other. Like reference numerals designate corresponding similar parts.
FIG. 1 is a schematic diagram of a GOIP apparatus;
FIG. 2 is a schematic diagram of high-speed evidence obtaining of a GOIP device;
FIG. 3 is a flow chart of high-speed evidence obtaining of GOIP equipment;
fig. 4 is a flowchart of a GOIP high-speed forensics method based on a serial port and a network port according to an embodiment of the present invention;
fig. 5 is a flowchart of executable program generation in step S2 according to an embodiment of the present invention;
fig. 6 is a block diagram of a GOIP high-speed forensic system according to an embodiment of the present invention.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
The present invention first introduces the GOIP related knowledge, which helps to understand the high speed forensic method of the present invention. As shown in fig. 1, the device is a common goip (gsm Over ip) device, which is an evolution of VoIP gateway. The GOIP is a signal used for converting digital signals of IP networks such as short messages, voice and the like into mobile communication frequency bands so as to be transmitted in the mobile communication network, supports simultaneous use of a plurality of SIM cards, can realize the functions of group sending of short messages and group dialing of calls, and can realize remote dialing by combining with a remote server.
At least two interfaces are arranged around the external part of the GOIP device, as shown in fig. 1, the left USB interface is a Console debugging serial port for development, debugging and upgrading of the GOIP device, and a system boot mode of the GOIP device, such as a system boot mode, a debugging mode, a BIOS mode, and other modes with higher authority, can be entered through the interface. The right side is a network port through which data transmission can be performed with the GOIP device, for example, short messages and voice data in an IP network format are transmitted to the GOIP device through the network port and then converted into mobile communication signals.
The principle of high-speed evidence collection for the GOIP equipment is shown in the figure 2:
the method comprises the steps of firstly entering a system boot mode of the GOIP through a debugging serial port of the GOIP, secondly writing a custom program integrating mirror image acquisition and network transmission functions, embedding a custom executable program into a memory through a special command in the mode, and finally transmitting mirror image data to evidence obtaining equipment through running the embedded executable program through the special command in the mode, thereby realizing high-speed evidence obtaining research of the GOIP equipment.
Fig. 3 is a description of the GOIP high-speed forensics process, which includes:
the method comprises the following steps: the GOIP debugging serial port is connected to the evidence obtaining equipment through a special patch cord, the debugging serial port is opened, the special character strings corresponding to the system guiding mode are sequentially sent until the character strings related to the system guiding mode are returned, namely the special character strings represent the system guiding mode entering the GOIP equipment.
Step two: and determining the function address of the network related interface by performing decompiling analysis on the firmware of the GOIP equipment.
Step three: and writing a communication flow of the evidence obtaining equipment by combining the determined network interface function in the second step, wherein the communication flow comprises common network protocols such as TCP/IP (transmission control protocol/Internet protocol), FTP (file transfer protocol) and the like, and cross-compiling to generate a binary executable program.
Step four: and downloading the binary program into a free address memory in the memory through related commands of program downloading in the system boot mode.
Step five: and executing the binary program downloaded in the step four through a program execution related command in the system boot mode, and uploading the memory image to the evidence obtaining device through the network.
Step six: and the evidence obtaining equipment is used for carrying out evidence obtaining analysis and display on the uploaded mirror image.
Step seven: and (6) ending.
Fig. 4 shows a GOIP high-speed forensics method based on a serial port and a network port, the method including:
s1: the evidence obtaining equipment is connected with the GOIP equipment and enters a system guide mode of the GOIP;
s2: compiling a communication flow of the GOIP equipment and the evidence obtaining equipment and compiling the communication flow into an executable program, and downloading the executable program to a memory of the GOIP equipment through a transmission instruction in the system guide mode;
s3: executing the executable program through the program execution instruction in the system boot mode;
s4: uploading the GOIP mirror image data to the evidence obtaining equipment through a network connected with the GOIP equipment;
s5: and (4) carrying out evidence obtaining analysis and display by evidence obtaining equipment.
In the invention, the debugging serial port can be any one of a USB interface, a USB virtual serial port, a TTL serial port or a console port, and the evidence obtaining equipment is connected with the debugging serial port of the GOIP equipment through a special signal transfer line.
In an embodiment of the present invention, the entering manner of the system boot mode in S1 is specifically: and opening the debugging serial port, and sequentially sending character strings corresponding to the system boot mode to the GOIP equipment until the mark character string of the system boot mode entering the GOIP appears.
The strings that Enter the system boot mode include, but are not limited to, ctrl + c (\ x03), Enter (\ x0d), tk, start, and the like.
The flag strings include, but are not limited to, EFI >, uboot, root #, root >, GENESIS #, and the like.
Through the above operation, the forensics device can enter the system boot mode of the GOIP, so that the relevant instructions in the system boot mode can be called to cooperate with the operation steps required for forensics, which is one of the important invention points of the present invention.
In an embodiment of the present invention, as shown in fig. 5, the generating of the executable program in S2 includes the following steps:
s21, reversely analyzing the firmware of the GOIP equipment and determining a function pointer of a network interface of the GOIP equipment;
s22, compiling a transmission flow code of the GOIP and the evidence obtaining equipment communication based on the network related interface function;
and S23, compiling the transmission flow codes through a cross compiler to generate an executable binary program of the GOIP.
The GOIP firmware can be obtained through a device website or a command in a GOIP system guide mode, reverse analysis is a common software analysis method of a function call mode, a function pointer related to a network interface of the GOIP device can be determined through the reverse analysis of the GOIP firmware, then a GOIP device and evidence obtaining device communication process is compiled according to a reverse output interface function, a GOIP device executable binary program is compiled and generated through a cross compiling environment by combining common network transmission protocols such as TFTP, SFTP and the like, and therefore the GOIP can finish data transmission from the GOIP to the evidence obtaining device under the control of the executable program.
With further reference to fig. 6, as an implementation of the method described in fig. 4, the present application provides an embodiment of a GOIP high-speed forensics system, where the embodiment of the system corresponds to the embodiment of the method described in fig. 4, and the system may be specifically included in various electronic devices.
Fig. 6 shows a GOIP high-speed forensics system, including:
boot mode unit 401: configuring a system guide mode for connecting the evidence obtaining equipment and the GOIP equipment and entering the GOIP;
executable program compiling unit 402: configuring and compiling a communication flow for compiling the GOIP equipment and the evidence obtaining equipment into an executable program, and downloading the executable program to a memory of the GOIP equipment through a transmission instruction in the system guide mode;
the download unit 403: configured to download and run the executable program via program execution instructions in the system boot mode;
the mirror data upload unit 404: the method comprises the steps that a network connected with GOIP equipment is configured to upload GOIP mirror image data to the evidence obtaining equipment;
forensic analysis and presentation unit 405: the evidence obtaining device is configured to perform evidence obtaining analysis and display by using the evidence obtaining device.
The evidence obtaining device is connected with the debugging serial port of the GOIP device through a signal transfer line.
In a specific embodiment of the high-speed forensic system of the present invention, the boot mode unit 401 performs operations comprising: and opening the debugging serial port, and sequentially sending character strings corresponding to the system boot mode to the GOIP equipment until the mark character string of the system boot mode entering the GOIP appears. In a specific embodiment of the high-speed forensics system of the present invention, the executable program compiling unit 402 executes the following operations:
s21, reversely analyzing the firmware of the GOIP equipment and determining a function pointer of a network interface of the GOIP equipment;
s22, compiling a transmission flow code of the GOIP and the evidence obtaining equipment communication based on the network related interface function;
and S23, compiling the transmission flow codes through a cross compiler to generate an executable binary program of the GOIP.
For convenience of description, the above system is described as being divided into various units by functions, and described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
Finally, it should be noted that: although the present invention has been described in detail with reference to the above embodiments, it should be understood by those skilled in the art that: modifications and equivalents may be made thereto without departing from the spirit and scope of the invention and it is intended to cover in the claims the invention as defined in the appended claims.
Claims (10)
1. A GOIP high-speed evidence obtaining method based on a serial port and a network port is characterized by comprising the following steps:
s1: the evidence obtaining equipment is connected with the GOIP equipment and enters a system guide mode of the GOIP;
s2: compiling a communication flow of the GOIP equipment and the evidence obtaining equipment and compiling the communication flow into an executable program, and downloading the executable program to a memory of the GOIP equipment through a transmission instruction in the system guide mode;
s3: executing the executable program through the program execution instruction in the system boot mode;
s4: uploading the GOIP mirror image data to the evidence obtaining equipment through a network connected with the GOIP equipment;
s5: and the evidence obtaining equipment is used for obtaining evidence, analyzing and displaying.
2. The GOIP high-speed evidence obtaining method based on the serial port and the network port as claimed in claim 1, wherein the evidence obtaining device is connected with a debugging serial port of the GOIP device through a signal transfer line.
3. The GOIP high-speed evidence obtaining method based on the serial port and the network port as claimed in claim 2, wherein the entry mode of the system boot mode is specifically as follows: and opening the debugging serial port, and sequentially sending character strings corresponding to the system boot mode to the GOIP equipment until the mark character string of the system boot mode entering the GOIP appears.
4. The GOIP high-speed evidence obtaining method based on the serial port and the network port as claimed in claim 1, wherein the generation of the executable program comprises the following steps:
s21, reversely analyzing the firmware of the GOIP equipment and determining a function pointer of a network interface of the GOIP equipment;
s22, compiling a transmission flow code of the GOIP and the evidence obtaining equipment communication based on the network related interface function;
and S23, compiling the transmission flow codes through a cross compiler to generate an executable binary program of the GOIP.
5. The GOIP high-speed evidence obtaining method based on the serial port plus the network port as claimed in claim 2, wherein the debugging serial port comprises a USB interface, a USB virtual serial port, a TTL serial port or a console port.
6. A GOIP high speed forensics system, comprising:
a guidance mode unit: configuring a system boot mode for connecting the evidence obtaining equipment with the GOIP equipment and entering the GOIP;
an executable program compiling unit: configuring and compiling a communication flow for compiling the GOIP equipment and the evidence obtaining equipment into an executable program, and downloading the executable program to a memory of the GOIP equipment through a transmission instruction in the system guide mode;
a downloading unit: configured to download and run the executable program via program execution instructions in the system boot mode;
mirror image data upload unit: the GOIP equipment is configured to be used for uploading the GOIP mirror image data to the evidence obtaining equipment through a network connected with the GOIP equipment;
evidence collection analysis and display unit: and the evidence obtaining device is configured for obtaining evidence, analyzing and displaying evidence by utilizing the evidence obtaining device.
7. A GOIP high speed forensic system according to claim 6 further comprising: the evidence obtaining device is connected with the debugging serial port of the GOIP device through a signal transfer line.
8. A GOIP high speed forensics system according to claim 7, wherein:
the boot mode unit performs operations including: and opening the debugging serial port, and sequentially sending character strings corresponding to the system boot mode to the GOIP equipment until the mark character string of the system boot mode entering the GOIP appears.
9. A GOIP high speed forensic system according to claim 6 further comprising: the operations performed by the executable program compiling unit include the steps of:
s21, reversely analyzing the firmware of the GOIP equipment and determining a function pointer of a network interface of the GOIP equipment;
s22, compiling a transmission flow code of the GOIP and the evidence obtaining equipment communication based on the network related interface function;
and S23, compiling the transmission flow codes through a cross compiler to generate an executable binary program of the GOIP.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed, performs the forensics method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111295770.XA CN113986806B (en) | 2021-11-03 | 2021-11-03 | GOIP high-speed evidence obtaining method and system based on serial port and network port and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111295770.XA CN113986806B (en) | 2021-11-03 | 2021-11-03 | GOIP high-speed evidence obtaining method and system based on serial port and network port and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113986806A CN113986806A (en) | 2022-01-28 |
| CN113986806B true CN113986806B (en) | 2022-08-02 |
Family
ID=79746248
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111295770.XA Active CN113986806B (en) | 2021-11-03 | 2021-11-03 | GOIP high-speed evidence obtaining method and system based on serial port and network port and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113986806B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2681237Y (en) * | 2003-09-18 | 2005-02-23 | 滕达 | A special machine for computer crime investigation and evidence obtaining |
| CN104750591A (en) * | 2013-12-30 | 2015-07-01 | 上海威亿实业有限公司 | Evidence-taking device and method for computer |
| CN105824669A (en) * | 2016-03-16 | 2016-08-03 | 广东欧珀移动通信有限公司 | Debugging log obtaining method, debugging log obtaining device and terminal equipment |
| CN208141451U (en) * | 2018-04-25 | 2018-11-23 | 甘肃政法学院 | A kind of electronic evidence-collecting device based on electronic equipment |
| CN110191176A (en) * | 2019-05-28 | 2019-08-30 | 辽宁瑞思科技有限公司 | A kind of swift electron evidence collecting method and system |
| CN110232645A (en) * | 2019-06-14 | 2019-09-13 | 山东省计算中心(国家超级计算济南中心) | The electronic evidence of evidence obtaining and block chain is fixed and network forensics method and system based on memory |
| CN111737178A (en) * | 2020-06-18 | 2020-10-02 | 济南互信软件有限公司 | Computer memory forensics method and equipment and memory forensics analysis system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7644138B2 (en) * | 2005-12-06 | 2010-01-05 | David Sun | Forensics tool for examination and recovery and computer data |
| US7899882B2 (en) * | 2007-03-29 | 2011-03-01 | Agile Risk Management Llc | System and method for providing remote forensics capability |
| WO2008151234A2 (en) * | 2007-06-04 | 2008-12-11 | Purdue Research Foundation | Method and apparatus for obtaining forensic evidence from personal digital technologies |
| US8014976B2 (en) * | 2007-10-24 | 2011-09-06 | Microsoft Corporation | Secure digital forensics |
-
2021
- 2021-11-03 CN CN202111295770.XA patent/CN113986806B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2681237Y (en) * | 2003-09-18 | 2005-02-23 | 滕达 | A special machine for computer crime investigation and evidence obtaining |
| CN104750591A (en) * | 2013-12-30 | 2015-07-01 | 上海威亿实业有限公司 | Evidence-taking device and method for computer |
| CN105824669A (en) * | 2016-03-16 | 2016-08-03 | 广东欧珀移动通信有限公司 | Debugging log obtaining method, debugging log obtaining device and terminal equipment |
| CN208141451U (en) * | 2018-04-25 | 2018-11-23 | 甘肃政法学院 | A kind of electronic evidence-collecting device based on electronic equipment |
| CN110191176A (en) * | 2019-05-28 | 2019-08-30 | 辽宁瑞思科技有限公司 | A kind of swift electron evidence collecting method and system |
| CN110232645A (en) * | 2019-06-14 | 2019-09-13 | 山东省计算中心(国家超级计算济南中心) | The electronic evidence of evidence obtaining and block chain is fixed and network forensics method and system based on memory |
| CN111737178A (en) * | 2020-06-18 | 2020-10-02 | 济南互信软件有限公司 | Computer memory forensics method and equipment and memory forensics analysis system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113986806A (en) | 2022-01-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| ES2276863T3 (en) | APPLICATION OF DYNAMIC SERVICE, IN A MOBILE COMMUNICATION DEVICE OR A SIM CARD, TO RECEIVE AND EXECUTE DYNAMIC SERVICE SCREENS OF SHORT TEXT MESSAGE, BY SMS EXAMPLE. | |
| CN110531962B (en) | Development processing method and device for applet and computer readable storage medium | |
| CN110377462B (en) | Interface testing method and device and terminal equipment | |
| CN112559354A (en) | Front-end code specification detection method and device, computer equipment and storage medium | |
| WO2019085290A1 (en) | Test preparation method and apparatus, terminal device, and storage medium | |
| CN114116364A (en) | Chip debugging method, storage medium, related device and system | |
| CN113553257B (en) | Test method, device, storage medium and electronic equipment | |
| CN115098186A (en) | Project processing method and device, computer equipment and storage medium | |
| CN104914745A (en) | Method for controlling oscilloscope and system for controlling oscilloscope | |
| CN110221840B (en) | Function implementation method and device of application program, equipment and storage medium | |
| CN105389180B (en) | A kind of USB port configurableization method based on Android platform | |
| KR101626382B1 (en) | Testing language conversion apparatus and its method | |
| CN113986806B (en) | GOIP high-speed evidence obtaining method and system based on serial port and network port and storage medium | |
| US20130031339A1 (en) | Systems, methods, and apparatus for utility meter configuration | |
| CN111104276B (en) | Chip testing system and method | |
| CN107368557B (en) | Page editing method and device | |
| CN109408057A (en) | Method, apparatus, medium and the calculating equipment of automatic code generating | |
| CN115543460A (en) | Initialization method and device of server mainboard | |
| CN112905464B (en) | Application running environment data processing method and device | |
| CN109558375B (en) | Optimized file storage method, storage medium, equipment and system | |
| CN114565472A (en) | Medical insurance platform interaction method, system and medium based on B/S framework | |
| CN102662716A (en) | Method for realizing startup guiding control in computer system by using interface access | |
| KR102368826B1 (en) | Cloud Server And Method of Thereof | |
| CN111833873A (en) | Method and device for acquiring equipment information of large-screen equipment | |
| CN108196853A (en) | For disposing the method for Android system SDK, storage medium, equipment and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |