CN114003845B - Method and system for recovering browser surfing trace fragments - Google Patents
Method and system for recovering browser surfing trace fragments Download PDFInfo
- Publication number
- CN114003845B CN114003845B CN202111295910.3A CN202111295910A CN114003845B CN 114003845 B CN114003845 B CN 114003845B CN 202111295910 A CN202111295910 A CN 202111295910A CN 114003845 B CN114003845 B CN 114003845B
- Authority
- CN
- China
- Prior art keywords
- block
- unallocated
- data
- record
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
Abstract
The invention provides a recovery method for browser online trace fragments, which comprises the steps of loading content data of a browser cache file index. Acquiring an unallocated block list in an allocation bitmap in the content data, acquiring the index position of the unallocated block in the allocation bitmap from the unallocated block list, and reading block data of the unallocated block; and matching the record signature in the block data of the unallocated block, responding to the unmatched signature, searching the URL address in the block data by regular matching, and storing and displaying. The method and the system can recover and recombine a relatively complete internet trace record from the fragment data of the unallocated blocks of the index.
Description
Technical Field
The invention relates to the field of computer networks, in particular to a method and a system for recovering online trace fragments of a browser.
Background
Internet Explorer, IE for short, is a graphical user interface web browser launched by microsoft, and is one of the most common built-in applications for users of the Windows operating system. In the process of accessing web pages of a website, user internet traces such as historical records, cache records, Cookies records, search records and the like can be generated due to mechanisms and reasons such as various software usability, accelerated loading of the web pages and the like, and the IE browser can cache the internet trace information in a specific file or a database. Dat is stored in cache file index.dat mainly by the browsers of the versions IE 5 to IE 9. And the browsers of IE 10 to IE 11 versions mainly store the internet traces in an edab (esedb) database file in ese (extensible Storage Engine) format.
The IE browser index. However, most forensics software has only analytic processing on unallocated blocks of index.
Disclosure of Invention
In order to solve the technical problem that most evidence obtaining software in the prior art possibly has missing internet trace information, the invention provides a method and a system for recovering internet trace fragments of a browser, so as to solve the technical problem.
According to an aspect of the present invention, a method for recovering a browser surfing trace fragment is provided, which includes:
s1: loading content data of a browser cache file index.dat file, and reading a Hash set of normal records;
s2: acquiring an unallocated block list in an allocation bitmap in the content data, acquiring the index position of the unallocated block in the allocation bitmap from the unallocated block list, and reading block data of the unallocated block; and
s3: and matching the record signature in the block data of the unallocated block, responding to the unmatched signature, searching the URL address in the block data by regular matching, and storing and displaying.
In some specific embodiments, the content data includes a header information area and a recording area, and the header information area includes file header information, a cache directory table, an unknown data area, an allocation bitmap, and a recorded Hash table. The cache file can be read to provide a data basis for subsequent processing flows such as signature search, record type judgment, repeatability verification and the like.
In some specific embodiments, step S1, before reading the normal Hash set, further includes reading and verifying the file signature in the header information, and in response to a file signature match, reading the normal Hash set. By means of which the validity of the data can be ensured.
In some specific embodiments, step S2 specifically includes obtaining the index position i of the xth unallocated Block in the allocation bitmap from the unallocated Block list blocks (n), and reading the Block Data Block of the xth unallocated Block, Data [0X400+ i × 128 ]. By means of the step, the block data corresponding to the unallocated blocks can be quickly acquired.
In some specific embodiments, step S3 further includes: and responding to the matched signature, analyzing and checking the integrity of the URL address according to the record data structure of the signature type, calculating the Hash value of the record and checking whether the record is repeated with Hash in a Hash set, and if not, storing and displaying.
In some particular embodiments, the signature types include URL record signatures, REDR record signatures, and LEAK record signatures.
In some specific embodiments, the method further includes repeating steps S2 and S3 until all the unallocated blocks in the unallocated block list are resolved.
According to a second aspect of the invention, a computer-readable storage medium is proposed, on which one or more computer programs are stored, which when executed by a computer processor implement the method of any of the above.
According to a third aspect of the present invention, there is provided a recovery system for fragments of browser surfing traces, the system comprising:
a cache file loading unit: configuring content data for loading a browser cache file index.
Unallocated block data reading unit: the method comprises the steps that a list of unallocated blocks in an allocation bitmap in content data is obtained, the index positions of the unallocated blocks in the allocation bitmap are obtained from the list of the unallocated blocks, and the block data of the unallocated blocks are read;
a recovery unit: the system is configured to match the record signature in the block data of the unallocated block, search the URL address in response to no match of the signature in the block data, and save the presentation.
In some specific embodiments, the content data includes a header information area and a recording area, and the header information area includes file header information, a cache directory table, an unknown data area, an allocation bitmap, and a recorded Hash table. The data base can be provided for subsequent processing flows such as signature search, record type judgment, repeatability check and the like by reading the cache file.
In some specific embodiments, before reading the normal Hash set, the cache file loading unit further reads and verifies a file signature in the file header information, and reads the normal Hash set in response to a file signature match. By means of which the validity of the data can be ensured.
In some specific embodiments, the unallocated Block Data reading unit obtains an index position i of the xth unallocated Block in the allocation bitmap from an unallocated Block list blocks (n), and reads Block Data Block of the xth unallocated Block, Data [0X400+ i × 128 ]. By means of the setting, the block data corresponding to the unallocated block can be quickly acquired.
In some specific embodiments, the recovery unit is further configured to, in response to matching the signature, parse and check the integrity of the URL address according to the record data structure of the signature type, calculate a Hash value of the record and check whether the Hash value is repeated with a Hash in the Hash set, and if not, save the presentation.
In some particular embodiments, the signature types include URL record signatures, REDR record signatures, and LEAK record signatures.
The invention provides a method and a system for recovering a browser internet trace fragment. And through processing procedures such as record signature search, record type judgment, record repeatability check and the like, relatively complete internet trace records can be restored and recombined from fragment data of unallocated blocks of index. The method has the characteristics of high recovery speed and high recovery accuracy.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments and together with the description serve to explain the principles of the invention. Other embodiments and many of the intended advantages of embodiments will be readily appreciated as they become better understood by reference to the following detailed description. Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is a flow diagram of a recovery method for browser cookie debris according to an embodiment of the present application;
dat is a file structure diagram of an index of a specific embodiment of the application;
FIG. 3 is a schematic diagram of a cache directory table according to an embodiment of the present application;
FIG. 4 is a schematic illustration of an allocation bitmap of a specific embodiment of the present application;
FIG. 5 is a flowchart of a recovery method for browser cookie debris according to a specific embodiment of the present application;
FIG. 6 is a block diagram of a recovery system for browser cookie debris in accordance with a specific embodiment of the present application;
FIG. 7 is a block diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 shows a flowchart of a recovery method for a browser surfing trace fragment according to an embodiment of the present application. As shown in fig. 1, the method includes:
s101: and loading the content data of the browser cache file index.
In a specific embodiment, taking IE 9 of Windows7 as an example, the cache file index.dat takes% USERPROFILE% as a root path, and is mainly distributed in the following directories:
through deep research on the user internet trace, important clue information such as daily internet preference, recent behavior trend, partial virtual account password and the like of related users can be preliminarily analyzed, important help is provided for breakthrough progress of events, and the method has extremely important significance for evidence obtaining work.
In a specific embodiment, the file structure of the IE browser index. Wherein, the file header information: dat file basic information is stored, which mainly includes file signature, file size, first Hash table record start offset, total block number, allocated block number and other information. As in the following table:
a cache directory table: the number (4 bytes) of cache directory entries and the specific information of the cache entries (each has 12 bytes in total, the number of files in the directory: 4 bytes + the name of the directory: 8 bytes) are stored, as shown in fig. 3, which is a schematic diagram of a cache directory table according to a specific embodiment of the present application.
Assignment bit map: each bit in the bitmap indicates the allocation status of a 128-byte data block, with 1 indicating allocated and 0 indicating unallocated. The assignment bit map correspondingly indicates a starting offset of the data block of 0x 4000. A schematic diagram of an allocation bitmap according to a specific embodiment of the present application is shown in fig. 4.
Hash table of records: the Hash structure corresponding to each record is saved (8 bytes each, Hash value: 4 bytes + start offset: 4 bytes). As in the following table:
recording: the specific information recorded by the web trace is generally signed by using URL, REDR or LEAK as a record. Taking a record of the URL signature type as an example, the data structure is shown in the following table:
s102: acquiring an unallocated block list in the bitmap in the content data, acquiring the index position of the unallocated block in the allocation bitmap from the unallocated block list, and reading the block data of the unallocated block. And acquiring the index position i of the X-th unallocated Block in the allocation bitmap from an unallocated Block list blocks (n), and reading the Block Data Block of the X-th unallocated Block which is Data [0X400+ i 128 ].
S103: and matching the record signature in the block data of the unallocated block, responding to the unmatched signature, searching the URL address in the block data by regular matching, and storing and displaying. Responding to the matched signature, analyzing and checking the integrity of the URL address according to the record data structure of the signature type, calculating the Hash value of the record and checking whether the record is repeated with Hash in a Hash set, and if not, storing and displaying. Wherein the signature types include a URL record signature, a REDR record signature, and a LEAK record signature.
Aiming at the defects of evidence obtaining analysis of an IE browser, the method carries out detailed and deep research on a data structure of index.dat cache files of the IE browser, if the fragment data of an unallocated block has a last distributed residual internet trace record, the record signature (URL, REDR or LEAK) is searched and matched in the unallocated block, so that recovery and recombination of the fragmented record data are realized. And through processing procedures such as record signature search, record type judgment, record repeatability check and the like, relatively complete internet trace records can be restored and recombined from fragment data of unallocated blocks of index. Has the characteristics of high recovery speed and high recovery accuracy. The problems that valuable internet trace information is not found in time and important clue information is omitted and mined in the prior art are solved.
With continuing reference to fig. 5, fig. 5 is a flowchart illustrating a recovery method for a browser cookie debris according to a specific embodiment of the present application, as shown in fig. 5, including the following steps:
s501: dat, and obtaining a file signature.
S502: and judging whether the file signatures are matched. If the two signals match, the process proceeds to step S503, and if the two signals do not match, the process ends.
S503: HashSet (m) of the normal record is read.
S504: the data is parsed [ allocation bitmap ] to obtain a list of unallocated blocks (blocks) (n).
S505: the x-th unallocated block index position i is obtained. From blocks (n), the index position i of the x-th unallocated block at [ allocation bitmap ].
S506: the Block data Block is read. The Block Data Block of the unallocated Block is read Data [0x4000+ i 128 ].
S507: and judging whether the signatures of the URL, the REDR and the LEAK are matched. In Block, the matching record signature (URL, REDR, LEAK) is looked up. If the signature is matched, the process proceeds to step S508, and if the signature is not matched, the process proceeds to step S511.
S508: the record is parsed by signature type. And resolving according to a record data structure of the signature type and checking the integrity of the URL address.
S509: a record Hash value is calculated.
S510: judging the Hash in HashSet (m). And (3) checking whether the Hash value is repeated with the Hash value in the Hash set (m), if so, indicating that the Hash value is repeated with the Hash value in the Hash set (m), discarding the Hash value, and performing the step S505 again, otherwise, indicating that the Hash value is not repeated with the Hash value in the Hash set (m), and performing the step S512.
S511: and judging whether the URL addresses are matched regularly. If the match is found, the process proceeds to step S512, and if the match is not found, the process returns to step S505.
S512: and (7) recording and warehousing and displaying.
S513: and judging whether x is less than n. If x < n is satisfied, returning to step S505 to continue the analysis until x > n, and completing all the analyses in blocks (n).
With continued reference to FIG. 6, FIG. 6 illustrates a block diagram of a recovery system for browser cookie shards in accordance with an embodiment of the present invention. The system specifically includes a cache file loading unit 601, an unallocated block data reading unit 602, and a restoring unit 603.
In a specific embodiment, the cache file loading unit 601 is configured to load content data of a browser cache file index.dat file, read and check a file signature in file header information, and read a Hash set of a normal record in response to file signature matching; unallocated block data reading unit 602 is configured to acquire an unallocated block list in a bitmap in content data, acquire an index position of an unallocated block in an allocation bitmap from the unallocated block list, and read block data of the unallocated block; the recovery unit 603 is configured to match the recorded signature in the block data of the unassigned block, search for a URL address in the block data by regular matching in response to the signature not being matched, and store and display the URL address; the recovery unit 603 is further configured to, in response to matching the signature, parse and check the integrity of the URL address according to the record data structure of the signature type, calculate a Hash value of the record and check whether the Hash value is repeated with the Hash in the Hash set, and if not, save the presentation.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use in implementing the electronic device of an embodiment of the present application. The electronic device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the system 700 are also stored. The CPU 701, the ROM 702, and the RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Liquid Crystal Display (LCD) and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that the computer program read out therefrom is mounted in the storage section 708 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program, when executed by a Central Processing Unit (CPU)701, performs the above-described functions defined in the method of the present application. It should be noted that the computer readable storage medium of the present application can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable storage medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present application may be implemented by software or hardware.
As another aspect, the present application also provides a computer-readable storage medium, which may be included in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable storage medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: loading content data of a browser cache file index.dat file, and reading a Hash set of normal records; acquiring a list of unallocated blocks in a bitmap in the content data, acquiring an index position of an unallocated block in an allocation bitmap from the list of unallocated blocks, and reading block data of the unallocated block; and matching the record signature in the block data of the unallocated block, responding to the unmatched signature, searching the URL address in the block data by regular matching, and storing and displaying.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (10)
1. A recovery method for fragments of browser surfing traces is characterized by comprising the following steps:
s1: loading content data of a browser cache file index.dat file, and reading a Hash set of normal records;
s2: acquiring an unallocated block list in an allocable bit map in the content data, acquiring an index position of an unallocated block in the allocable bit map from the unallocated block list, and reading block data of the unallocated block; and
s3: matching and recording a signature in the block data of the unallocated block, responding to the unmatched signature, searching a URL address in the block data in a regular matching way, and storing and displaying;
the step S2 specifically includes acquiring the index position i of the xth unallocated Block in the allocated bitmap from the unallocated Block list blocks (n), and reading Block Data Block = Data [0X400+ i × 128] of the xth unallocated Block;
the step S3 further includes: responding to the matched signature, analyzing and checking the integrity of the URL address according to a record data structure of the signature type, calculating a recorded Hash value and checking whether the record Hash value is repeated with Hash in the Hash set, and if not, storing and displaying.
2. The recovery method for browser footmark fragments as claimed in claim 1, wherein the content data includes a header information area and a recording area, the header information area includes file header information, a cache directory table, an unknown data area, an allocation bitmap, and a recorded Hash table.
3. The method as claimed in claim 2, wherein the step S1 further includes reading and verifying the file signature in the header information before reading the normal Hash set, and reading the normal Hash set in response to the file signature matching.
4. The recovery method for browser nettrace fragmentation of claim 1, wherein the signature types comprise URL record signatures, REDR record signatures and LEAK record signatures.
5. The method as claimed in claim 1, further comprising repeating the steps S2 and S3 until all the unallocated blocks in the list of unallocated blocks are resolved.
6. A computer-readable storage medium having one or more computer programs stored thereon, which when executed by a computer processor perform the method of any one of claims 1 to 5.
7. A system for recovering browser surfing trace fragments, the system comprising:
a cache file loading unit: configuring content data for loading a browser cache file index.
Unallocated block data reading unit: the method comprises the steps of configuring and using the data processing device to obtain a list of unallocated blocks in an allocation bitmap in the content data, obtain an index position of an unallocated block in the allocation bitmap from the list of unallocated blocks, and read block data of the unallocated block;
a recovery unit: the system is configured to match and record signatures in the block data of the unallocated blocks, search URL addresses in the block data in a regular matching mode in response to the fact that the signatures are not matched, and store and display the URL addresses;
acquiring an index position i of an X-th unallocated Block in the allocated bit map from the unallocated Block list blocks (n) in the unallocated Block Data reading unit, and reading Block Data Block = Data [0X400+ i × 128] of the X-th unallocated Block;
and the recovery unit is also configured to respond to the matched signature, analyze and check the integrity of the URL address according to the record data structure of the signature type, calculate the Hash value of the record and check whether the record is repeated with the Hash in the Hash set, and if the record is not repeated, store and display the Hash value.
8. The system for recovering browser footmark fragments as claimed in claim 7, wherein the content data includes a header information area and a record area, the header information area includes file header information, a cache directory table, an unknown data area, an allocation bitmap, and a recorded Hash table.
9. The system for recovering browser footmark fragments according to claim 8, wherein the cache file loading unit further comprises a step of reading and verifying a file signature in the file header information before reading the normal Hash set, and the normal Hash set is read in response to matching of the file signature.
10. The recovery system for fragmentation of browser footmarks according to claim 7, wherein the signature types include URL record signatures, REDR record signatures, and LEAK record signatures.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111295910.3A CN114003845B (en) | 2021-11-03 | 2021-11-03 | Method and system for recovering browser surfing trace fragments |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111295910.3A CN114003845B (en) | 2021-11-03 | 2021-11-03 | Method and system for recovering browser surfing trace fragments |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114003845A CN114003845A (en) | 2022-02-01 |
| CN114003845B true CN114003845B (en) | 2022-07-08 |
Family
ID=79926976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111295910.3A Active CN114003845B (en) | 2021-11-03 | 2021-11-03 | Method and system for recovering browser surfing trace fragments |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114003845B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB0302263D0 (en) * | 2003-01-31 | 2003-03-05 | Roke Manor Research | Secure network browsing |
| CN103106196A (en) * | 2011-11-09 | 2013-05-15 | 腾讯科技(深圳)有限公司 | Method and device for restoring browser webpage |
| CN104821907A (en) * | 2015-03-30 | 2015-08-05 | 四川神琥科技有限公司 | Email processing method |
| CN107025229A (en) * | 2016-01-29 | 2017-08-08 | 四川效率源信息安全技术股份有限公司 | The method of off-line file trace detection based on browser client application program |
-
2021
- 2021-11-03 CN CN202111295910.3A patent/CN114003845B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB0302263D0 (en) * | 2003-01-31 | 2003-03-05 | Roke Manor Research | Secure network browsing |
| CN103106196A (en) * | 2011-11-09 | 2013-05-15 | 腾讯科技(深圳)有限公司 | Method and device for restoring browser webpage |
| CN104821907A (en) * | 2015-03-30 | 2015-08-05 | 四川神琥科技有限公司 | Email processing method |
| CN107025229A (en) * | 2016-01-29 | 2017-08-08 | 四川效率源信息安全技术股份有限公司 | The method of off-line file trace detection based on browser client application program |
Non-Patent Citations (1)
| Title |
|---|
| 新型的网络痕迹深度恢复算法;封令宇,杨榆;《软件》;20130831;第34卷(第8期);第58-66页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114003845A (en) | 2022-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8788473B2 (en) | Matching transactions in multi-level records | |
| US9215246B2 (en) | Website scanning device and method | |
| KR100911377B1 (en) | Device and Method for searching data in digital forensic | |
| US9215245B1 (en) | Exploration system and method for analyzing behavior of binary executable programs | |
| CN112765271A (en) | Block chain transaction index storage method and device, computer equipment and medium | |
| CN109766362B (en) | Data processing method and device | |
| WO2019134339A1 (en) | Desensitization method and procedure, application server and computer readable storage medium | |
| JP7157141B2 (en) | A Context-Aware Differencing Algorithm for Genome Files | |
| CN111563257B (en) | Data detection method and device, computer readable medium and terminal equipment | |
| WO2018040270A1 (en) | Method and device for loading linux-system elf file in windows system | |
| CN109815112B (en) | Data debugging method and device based on functional test and terminal equipment | |
| CN115562992A (en) | File detection method and device, electronic equipment and storage medium | |
| CN110659210A (en) | Information acquisition method and device, electronic equipment and storage medium | |
| CN112052120A (en) | Database deleted data recovery method and device | |
| CN114003845B (en) | Method and system for recovering browser surfing trace fragments | |
| US9064042B2 (en) | Instrumenting computer program code by merging template and target code methods | |
| CN113760894A (en) | Data calling method and device, electronic equipment and storage medium | |
| CN110427282B (en) | Method, apparatus and computer readable medium for log fragment recovery | |
| CN108197041B (en) | Method, device and storage medium for determining parent process of child process | |
| CN110753136B (en) | Domain name resolution method, device, equipment and storage medium | |
| CN114090514A (en) | Log retrieval method and device for distributed system | |
| CN111914522A (en) | Invalid hyperlink repairing method and device, electronic equipment and readable storage medium | |
| CN111914531A (en) | Hyperlink state determination method and device, electronic equipment and readable storage medium | |
| CN110825976A (en) | Website page detection method and device, electronic equipment and medium | |
| CN113407375B (en) | Database deleted data recovery method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |