CN100511257C - Electronic evidence-obtaining auditing system - Google Patents

Electronic evidence-obtaining auditing system Download PDF

Info

Publication number
CN100511257C
CN100511257C CNB2007100929592A CN200710092959A CN100511257C CN 100511257 C CN100511257 C CN 100511257C CN B2007100929592 A CNB2007100929592 A CN B2007100929592A CN 200710092959 A CN200710092959 A CN 200710092959A CN 100511257 C CN100511257 C CN 100511257C
Authority
CN
China
Prior art keywords
audit
data
source tray
test value
proof test
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2007100929592A
Other languages
Chinese (zh)
Other versions
CN101149771A (en
Inventor
杜江
曾勤
杜子兵
刘红兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHONGQING AISI WANG'AN INFORMATION TECHNOLOGY Co Ltd
Original Assignee
CHONGQING AISI WANG'AN INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHONGQING AISI WANG'AN INFORMATION TECHNOLOGY Co Ltd filed Critical CHONGQING AISI WANG'AN INFORMATION TECHNOLOGY Co Ltd
Priority to CNB2007100929592A priority Critical patent/CN100511257C/en
Publication of CN101149771A publication Critical patent/CN101149771A/en
Application granted granted Critical
Publication of CN100511257C publication Critical patent/CN100511257C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

An electronic evidence prove and audit system, characterized in that: it is composed by CPU controller and audit card seat, CPU controller was set with audit card interface in order to connect with CPU interface of audit card seat, the referred CPU controller was also equipped with copy interface. The potential effect is: in the process of electronic evidence collection, extraction, fixing, preservation and testification, can accurately prove if the data changes in the testification when it was copyed from the source disk to the target disk.. At the same time record every step of operating instruction of evidence system, just as use 'electronic camera' to real-time record the whole process of evidence prove, supervise and audit copy process, can be automatically recur the process of electronic evidence prove according to the audit record.

Description

A kind of electronic evidence-obtaining auditing system
Technical field
The present invention relates to a kind of copy device of electronic data information, be specifically related to a kind of electronic evidence-obtaining auditing system that hard disc data is duplicated and monitors.
Background technology
In recent years, fast development and widespread use along with information network, at more and more with all kinds of illegal activities that utilize information network to implement, computer crime is a kind of novel high-tech crime, it has characteristics such as intelligent, disguised, strange land property, simultaneously to the collection of electronic evidence, extraction, fixing, preserve and put to the proof and also face some technical matterss and legal issue.The research of China's relevant calculation machine evidence obtaining and practice are still in the starting stage, the technical computer forensics instrument that also lacks independent intellectual property right, existing domestic and international similar evidence obtaining instrument all lacks the checking and the audit of collect evidence integrity, authenticity and uniqueness, this not only has influence on, and electronic data has also produced restriction to computer crime legislation simultaneously as the credible of evidence and notarization property in the judicial process.
Hard disk is the important content of obtaining of computer forensics technology as the topmost information storage medium of computing machine, also is the main direction of present various computer forensics instruments.At present on the domestic and international market, it is more to be used for the specialty products that disk copy, data obtain, but all be development of U.S. manufacturer and production basically, domestic like product has just carried out necessary Chinesizing to external product, does not still grasp the electronic data evidence obtaining core technology.
Current, the means of electronic data acquisition mainly contain two kinds.The one, by external medium collections such as floppy disk, hard disk, external hard drive, USB memory devices; The 2nd, directly seal suspect's computing machine up for safekeeping.Wherein external medium harvester mainly comprises logic controller and CPU, logic controller is provided with cpu i/f and CPU carries out two-way steering order transmission, logic controller is provided with source tray data-interface and destination disk data-interface, the source tray data-interface is connected with source tray, the destination disk data-interface is connected with destination disk, CPU steering logic controller reads the data message in the source tray, and copy carries out the transmission of data message to destination disk.But, to the collection of electronic evidence, extraction, fixing, preserve and put to the proof and also face some technical matterss and legal issue.The research of computer forensics and practice are still in the starting stage, the technical computer forensics instrument that also lacks independent intellectual property right, the breakthrough point that the development need of electronic data evidence obtaining technology obtains mainly is supervision and the audit to the evidence obtaining process, to guarantee judicial notarization.At present, domestic public security organ also lacks effective technical means in this respect, and this not only has influence on, and electronic data has also produced restriction to computer crime legislation simultaneously as the credible of evidence and notarization property in the judicial process.
The shortcoming of prior art is: do not prevent that logic controller from writing the function of data to source tray, can't stop in copy procedure the influence because of maloperation or undesired signal, the source tray data are caused damage or distort.In to the collection of electronic evidence, extraction, fixing, preservation and proof process, also lack supervision, when the destination disk copies data, do not have a kind of effective technical means that copy procedure is exercised supervision and audits from source tray.
Summary of the invention
The object of the present invention is to provide a kind of electronic evidence-obtaining auditing system, can prevent that logic controller from writing data to source tray, in copy procedure, guarantee that the source tray data can not be damaged, and during to the destination disk copies data, can exercise supervision and audit copy procedure from source tray.
For achieving the above object, the present invention is a kind of electronic evidence-obtaining auditing system, comprise information acquisition card, source tray connector and destination disk connector, wherein information acquisition card is provided with the source tray interface and is connected with described source tray connector, being provided with the destination disk interface is connected with described destination disk connector, information acquisition card is obtained data information from the source tray connector, sends data information through the destination disk connector again, it is characterized in that: also comprise cpu controller and audit deck; Wherein cpu controller is connected with described information acquisition card is two-way, cpu controller control information capture card work, and obtain the job information of information acquisition card, described cpu controller with audit that deck is two-way to be connected data interchange between the two.
Described cpu controller also is provided with the copy interface, and this copy interface is set side by side with address bus end A0~A16, status signal end ST0~ST13, ARM read signal end ARM_READ and ARM write signal end ARM_WRITE and information acquisition card connection.Described audit deck and cpu controller all are set side by side with;
Number bus end D0~D15: the data double-way between cpu controller and the audit deck is transmitted;
CF interrupt request singal end CF_INTRQ: the audit deck sends interrupt request to cpu controller;
ARM read signal end ARM_READ and ARM write signal end ARM_WRITE:CPU controller send to the audit deck and read steering order and write steering order;
CF reset terminal R_CF:CPU controller sends reset instruction to the audit deck; Described cpu controller also is set side by side with:
Status signal end ST0~ST13 and described information acquisition card connection;
Address line end A0~A16 and described information acquisition card connection.
Described cpu controller also is provided with the first control end TXD and the second control end RXD, and the described first control end TXD is connected with output terminal R20UT with the input end T2IN of interface chip respectively with the second control end RXD, and described interface chip is provided with the computing machine socket.
Existing copy harvester is to be connected between source tray and the destination disk as capture card, and capture card sends to destination disk from the source tray image data.Copy interface and information acquisition card connection with cpu controller among the present invention.
After information acquisition card is whenever duplicated one group of source tray data, just adopt data bit contraposition Bit-to-bit technology, data are write destination disk, simultaneously, generate a copy data value a and send to cpu controller, cpu controller adopts the MD5Hash algorithm that copy data value a is added up computing, after the source tray data have been gathered, cpu controller draws and duplicates proof test value A, and sends to the auditing card seat and preserved.
Remove source tray, the destination disk that duplicates after finishing is linked into the source tray position, cpu controller control information capture card only reads the destination disk data, utilizes the Bit-to-bit technology equally, whenever reads one group of destination disk data, just generate an Audit data value b, and issue careful cpu controller, cpu controller adopts the MD5Hash algorithm that Audit data value b is added up computing, after the source tray data have been gathered, cpu controller draws audit proof test value B, and sends to the auditing card seat and preserved.
Cpu controller extracts A and B from the audit deck, and the two is compared, and is in full accord when the two, just can assert that the source tray data have been duplicated into destination disk intactly.If undesired signal or other information in copy procedure, occur, will cause between A and the B difference to occur, need copy again.
The concrete working mechanism of cpu controller is:
Be provided with in the described cpu controller:
The device that is used to begin;
The device that is used for hardware detection; When hardware detection is qualified, cpu controller begins whether to duplicate in the search audit deck proof test value A and audit proof test value B;
Be used to judge whether to duplicate the device of proof test value A, at first proof test value A is duplicated in search;
If do not duplicate proof test value A, then enter the generation system that is used to duplicate proof test value A; Generate A by this generation system;
If duplicate proof test value A, then enter the device that is used to judge whether copy command; This copy command is by manually intervening by host computer;
If copy command is arranged, then enter the device that is used to duplicate proof test value A and audit proof test value B zero clearing;
Enter the described generation system that is used to duplicate proof test value A again;
If there is not copy command, then enter the device that is used to judge whether audit proof test value B; Whether audit proof test value B is arranged in the search audit deck again;
If do not audit proof test value B, then enter the generation system of the proof test value B that is used to audit; Generate B by this generation system;
If audit proof test value B is arranged, then enters the device that is used to judge whether the audit order;
If audit order being arranged, then enter the device of the proof test value B zero clearing that is used to audit;
Enter the generation system of the described proof test value B that is used to audit again;
If not audit order then enters the device that is used to export auditing result; Duplicate proof test value A and audit proof test value B by interface chip to computing machine output, and the comparative result of the two, print by computing machine demonstration or driving;
Enter the device that is used to finish again;
Be used to duplicate the device of source tray data; Cpu controller control capture card duplicates the source tray data, and data are write destination disk;
Be used to obtain the device of copy data value a; Whenever after duplicating one group of source tray data, capture card just adopts data bit contraposition Bit-to-bit technology, and data are write destination disk, simultaneously, generates a copy data value a, and cpu controller obtains this copy data value a,
The device that is used for accumulative total copy data value a; Cpu controller adopts the MD5Hash algorithm that copy data value a is added up computing;
Be used to judge whether the source tray data duplicate the device of finishing;
Be used to preserve the device that duplicates proof test value A, wherein, when being used to judge that whether the source tray data are duplicated the device judgement source tray data of finishing and duplicated imperfect tense, then return the described device that is used to duplicate the source tray data; Be used to preserve the device that duplicates proof test value A when judging that the source tray data duplicate when finishing, then entering, and then enter the device that is used to finish;
Be provided with in the generation system of described audit proof test value B:
The device of source tray data is used to audit; Cpu controller control capture card adopts read-only mode audit source tray data;
Be used to obtain the device of Audit data value b; After one group of source tray data of every audit, capture card just adopts data bit contraposition Bit-to-bit technology, generates an Audit data value b, and cpu controller obtains this Audit data value b,
The device that is used for accumulative total Audit data value b; Cpu controller adopts the MD5Hash algorithm that Audit data value b is added up computing;
Be used to judge whether Audit data duplicates the device of finishing;
If the source tray Data Audit is not finished, then return the device of the described source tray data that are used to audit;
If the source tray Data Audit is finished, then enter the device that is used to preserve audit proof test value B; The source tray Data Audit is finished, and the automatic standard of Audit data value b is changed to audit proof test value B, and is sent into capture card by cpu controller and preserved;
Whether with audit proof test value B equal, the device that draws auditing result and preserve if being used for relatively duplicating proof test value A; Cpu controller takes out from capture card and relatively duplicates proof test value A and audit proof test value B, and the two is compared, and comparative result deposits capture card in, and is in full accord when the two, just can assert that the source tray data have been duplicated into destination disk intactly.If undesired signal or other information in copy procedure, occur, will cause between A and the B difference to occur.
Enter the device that is used to finish again.
Be provided with in the described information acquisition card:
The device that is used to begin;
Be used to wait for the device of instruction, the command information that information acquisition card waiting for CPU controller provides, after cpu controller provided command information, information acquisition card judged that this instruction is Copy Info or audit information;
Be used to judge whether to duplicate the device of source tray data command; At first judge whether to duplicating the information of source tray data command;
Be used to duplicate the system of source tray data, wherein, judge when the described device that is used to judge whether to duplicate the source tray data command then to enter the system that this is used to duplicate the source tray data when duplicate instructions is arranged; Be used to judge whether the device of audit source tray data command, wherein, judge when the described device that is used to judge whether to duplicate the source tray data command then to enter the device that this is used to judge whether audit source tray data command when not having duplicate instructions; Judge whether information and then into audit source tray data command;
Be used to the to audit system of source tray data wherein, is judged when the audit instruction being arranged when the described device that is used to judge whether audit source tray data command, then enters the system of the source tray data that are used to audit; When the described device that is used to judge whether audit source tray data command is judged audit instruction, then return the described device that is used to wait for instruction;
Be provided with in the described system that is used to duplicate the source tray data:
Be used to read the device of source tray data;
Be used for writing the device of data to destination disk;
Be used to generate the device of copy data value a; Adopt data bit contraposition Bit-to-bit technology, data are write destination disk, simultaneously, generate a copy data value a;
Be used to export the device of copy data value a; Information acquisition card is to cpu controller output copy data value a;
Be used to judge that whether source tray also has the not device of copy data, wherein, when this is used to judge whether source tray also has the device of copy data to judge copy data is not arranged, then return the described device that is used to read the source tray data; When this is used to judge whether source tray also has the device of copy data to judge not have copy data, then return the described device that is used to wait for instruction;
Data are duplicated and are finished, and information acquisition card returns to waiting status, wait cpu controller next instruction or etc. to be shut down;
Be provided with in the system of the described source tray data that are used to audit:
Be used to read the device of source tray data;
Be used to generate the device of Audit data value b; Adopt data bit contraposition Bit-to-bit technology, data are write destination disk, simultaneously, generate an Audit data value b;
Be used to export the device of Audit data value b; Information acquisition card is to cpu controller output Audit data value b;
Be used to judge that whether source tray also has the not device of copy data, wherein, when this is used to judge whether source tray also has the device of copy data to judge copy data is not arranged, then return the described device that is used to read the source tray data;
When this is used to judge whether source tray also has the device of copy data to judge not have copy data, then return the described device that is used to wait for instruction; Data Audit is finished, and information acquisition card returns to waiting status, wait cpu controller next instruction or etc. to be shut down.
Also be provided with the capture card configuring chip, configured port TDI, TDO, TCK and the TMS that is provided with on the described information acquisition card is connected on this capture card configuring chip.
Bit-to-bit technology and MD5Hash algorithm also can adopt other algorithms to audit and verification for existing mature technology, only need by cpu controller is fired again into new operational method.
Beneficial effect is: a kind of electronic evidence-obtaining auditing system is provided, can prevent that logic controller from writing data to source tray, in copy procedure, guarantee that the source tray data can not be damaged, and from source tray during to the destination disk copies data, can exercise supervision and audit copy procedure, as the omnidistance real time record evidence obtaining of " electro-photographic " mode of use process, the process that can also reappear electronic evidence-collecting according to record of the audit automatically.
Description of drawings
Below with reference to accompanying drawing embodiments of the invention are further described.
Fig. 1 is a system chart of the present invention
Fig. 2 is the circuit theory diagrams of information acquisition card, source tray connector and destination disk connector;
Fig. 3 is the circuit theory diagrams of information acquisition card;
Fig. 4 is the circuit theory diagrams of source tray connector;
Fig. 5 is the circuit theory diagrams of destination disk connector;
Fig. 6 is the circuit theory diagrams of cpu controller, audit deck and interface chip;
Fig. 7 is the circuit theory diagrams of cpu controller;
Fig. 8 is the circuit theory diagrams of audit deck;
Fig. 9 is the circuit theory diagrams of interface chip;
Figure 10 is the workflow diagram of cpu controller;
Figure 11 is the workflow diagram of information acquisition card.
Embodiment
As shown in Figure 1, the present invention is a kind of electronic evidence-obtaining auditing system, comprise information acquisition card 1, source tray connector IDE1 and destination disk connector IDE2, wherein information acquisition card 1 is provided with source tray interface J1 and is connected with described source tray connector IDE1, being provided with destination disk interface J2 is connected with described destination disk connector IDE2, information acquisition card 1 is obtained data information from source tray connector IDE1, send data information through destination disk connector IDE2 again, it is characterized in that: also comprise cpu controller 2 and audit deck 3; Wherein cpu controller 2 and described 1 two-way connection of information acquisition card, cpu controller 2 control information capture cards 1 work, and obtain the job information of information acquisition card 1, described cpu controller 2 with audit 3 two-way connections of deck data interchange between the two.
Described cpu controller 2 also is provided with the copy interface, and this copy interface is set side by side with address bus end A0~A16, status signal end ST0~ST13, and ARM read signal end ARM_READ is connected with information acquisition card 1 with ARM write signal end ARM_WRITE.Described audit deck 3 and cpu controller 2 all are set side by side with;
Number bus end D0~D15: the data double-way between cpu controller 2 and the audit deck 3 is transmitted;
CF interrupt request singal end CF_INTRQ: audit deck 3 sends interrupt request to cpu controller 2;
ARM read signal end ARM_READ and ARM write signal end ARM_WRITE:CPU controller 2 send to audit deck 3 and read steering order and write steering order;
CF reset terminal R_CF:CPU controller sends reset instruction to audit deck 3; Described cpu controller 2 also is set side by side with:
Status signal end ST0~ST13 is connected with described information acquisition card 1;
Address line end A0~A16 is connected with described information acquisition card 1.
Described cpu controller 2 also is provided with the first control end TXD and the second control end RXD, and the described first control end TXD is connected with output terminal R20UT with the input end T2IN of interface chip 4 respectively with the second control end RXD, and described interface chip 4 is provided with the computing machine socket.
Cpu controller 2 provides information by host computer to the operator, and receives the command information that host computer provides.
The concrete working mechanism of cpu controller 2 is:
Be provided with in the described cpu controller 2:
The device that is used to begin;
The device that is used for hardware detection; When hardware detection is qualified, cpu controller 2 begins whether to duplicate in the search audit deck 3 proof test value A and audit proof test value B;
Be used to judge whether to duplicate the device of proof test value A, at first proof test value A is duplicated in search;
Be used to duplicate the generation system of proof test value A, wherein judge then to enter the generation system that this is used to duplicate proof test value A when not duplicating proof test value A when the described device that is used to judge whether to duplicate proof test value A; Generate A by this generation system;
Be used to judge whether the device of copy command, wherein judge then to enter the device that this is used to judge whether copy command when duplicating proof test value A when the described device that is used to judge whether to duplicate proof test value A; This copy command is by manually intervening by host computer;
Be used to duplicate the device of proof test value A and audit proof test value B zero clearing, wherein judge then to enter the device that this is used to duplicate proof test value A and audit proof test value B zero clearing when copy command is arranged when the described device that is used to judge whether copy command;
Enter the described generation system that is used to duplicate proof test value A again;
Be used to judge whether the device of audit proof test value B, wherein judge then to enter the device that this is used to judge whether audit proof test value B when not having copy command when the described device that is used to judge whether copy command; Whether audit proof test value B is arranged in the search audit deck 3 again;
Be used to the to audit generation system of proof test value B ought describedly be used to wherein judge whether that the device of audit proof test value B judges the proof test value B that do not audit, and then enters the generation system of this proof test value B that is used to audit; Generate B by this generation system;
Be used to judge whether the device of audit order, ought describedly be used to wherein judge whether that the device judgement of audit proof test value B has audit proof test value B, then enter the device that this is used to judge whether the audit order;
Be used to the to audit device of proof test value B zero clearing ought describedly be used to wherein judge whether that the device of audit order judges that the audit order being arranged, and then enters the device of this proof test value B zero clearing that is used to audit;
Enter the generation system of the described proof test value B that is used to audit again;
Be used to export the device of auditing result, wherein ought describedly be used to judge whether the audit order of device judgement of audit order, then enter the device that this is used to export auditing result; Duplicate proof test value A and audit proof test value B by interface chip 4 to computing machine output, and the comparative result of the two, print by computing machine demonstration or driving;
Enter the device that is used to finish again;
Be used to duplicate the device of source tray data; Cpu controller 2 control capture cards duplicate the source tray data, and data are write destination disk;
Be used to obtain the device of copy data value a; Whenever after duplicating one group of source tray data, capture card just adopts data bit contraposition Bit-to-bit technology, and data are write destination disk, simultaneously, generates a copy data value a, and cpu controller 2 obtains this copy data value a,
The device that is used for accumulative total copy data value a; Cpu controller 2 adopts the MD5Hash algorithm that copy data value a is added up computing;
Be used to judge whether the source tray data duplicate the device of finishing;
If the source tray data are duplicated do not finish, then return the described device that is used to duplicate the source tray data;
If the source tray data are duplicated finish, then enter and be used to preserve the device that duplicates proof test value A; The source tray data are duplicated and are finished, and the automatic standard of copy data value a is changed to duplicates proof test value A, and is sent into capture card by cpu controller 2 and preserved;
Enter the device that is used to finish again;
Be provided with in the generation system of the described proof test value B that is used to audit:
The device of source tray data is used to audit; Cpu controller 2 control capture cards adopt read-only mode audit source tray data;
Be used to obtain the device of Audit data value b; After one group of source tray data of every audit, capture card just adopts data bit contraposition Bit-to-bit technology, generates an Audit data value b, and cpu controller 2 obtains this Audit data value b,
The device that is used for accumulative total Audit data value b; Cpu controller 2 adopts the MD5Hash algorithm that Audit data value b is added up computing;
Be used to judge whether Audit data duplicates the device of finishing; Ought describedly be used to wherein to judge whether Audit data duplicates the device of finishing and judge that the source tray Data Audit do not finish, then return the device of the described source tray data that are used to audit;
Be used to preserve the device of audit proof test value B, ought describedly be used to wherein judge whether Audit data duplicates the device judgement source tray Data Audit of finishing and finish, and then enters the device that this is used to preserve audit proof test value B; The source tray Data Audit is finished, and the automatic standard of Audit data value b is changed to audit proof test value B, and is sent into capture card by cpu controller 2 and preserved;
Whether with audit proof test value B equal, the device that draws auditing result and preserve if being used for relatively duplicating proof test value A; Cpu controller 2 takes out from capture card and relatively duplicates proof test value A and audit proof test value B, and the two is compared, and comparative result deposits capture card in, and is in full accord when the two, just can assert that the source tray data have been duplicated into destination disk intactly.If undesired signal or other information in copy procedure, occur, will cause between A and the B difference to occur.
Enter the device that is used to finish again.
Be provided with in the described information acquisition card 1:
The device that is used to begin;
Be used to wait for the device of instruction, the command information that information acquisition card 1 waiting for CPU controller 2 provides, after cpu controller 2 provided command information, information acquisition card 1 judged that this instruction is Copy Info or audit information;
Be used to judge whether to duplicate the device of source tray data command; At first judge whether to duplicating the information of source tray data command;
Be used to duplicate the system of source tray data, wherein, judge when the described device that is used to judge whether to duplicate the source tray data command then to enter the system that this is used to duplicate the source tray data when duplicate instructions is arranged; Be used to judge whether the device of audit source tray data command, wherein, judge when the described device that is used to judge whether to duplicate the source tray data command then to enter the device that this is used to judge whether audit source tray data command when not having duplicate instructions; Judge whether information and then into audit source tray data command;
Be used to the to audit system of source tray data wherein, is judged when the audit instruction being arranged when the described device that is used to judge whether audit source tray data command, then enters the system of the source tray data that are used to audit; When the described device that is used to judge whether audit source tray data command is judged audit instruction, then return the described device that is used to wait for instruction; Be provided with in the described system that is used to duplicate the source tray data:
Be used to read the device of source tray data;
Be used for writing the device of data to destination disk;
Be used to generate the device of copy data value a; Adopt data bit contraposition Bit-to-bit technology, data are write destination disk, simultaneously, generate a copy data value a;
Be used to export the device of copy data value a; Information acquisition card 1 is to cpu controller 2 output copy data value a;
Be used to judge that whether source tray also has the not device of copy data, wherein, when this is used to judge whether source tray also has the device of copy data to judge copy data is not arranged, then return the described device that is used to read the source tray data;
When this is used to judge whether source tray also has the device of copy data to judge not have copy data, then return the described device that is used to wait for instruction;
Data are duplicated and are finished, and information acquisition card 1 returns to waiting status, wait cpu controller 2 next instruction or etc. to be shut down;
Be provided with in the system of the described source tray data that are used to audit:
Be used to read the device of source tray data;
Be used to generate the device of Audit data value b; Adopt data bit contraposition Bit-to-bit technology, data are write destination disk, simultaneously, generate an Audit data value b;
Be used to export the device of Audit data value b; Information acquisition card 1 is to cpu controller 2 output Audit data value b;
Be used to judge that whether source tray also has the not device of Audit data, wherein, when this is used to judge whether source tray also has the device of Audit data to judge Audit data is not arranged, then return the device of the described source tray data that are used to audit; When this is used to judge whether source tray also has the device of Audit data to judge not have Audit data, then return the described device that is used to wait for instruction.Data Audit is finished, and information acquisition card 1 returns to waiting status, wait cpu controller 2 next instruction or etc. to be shut down.
Described information acquisition card 1 is a fpga chip, and cpu controller 2 is the ARM chip, and described interface chip 4 is 232 serial port chip, and described audit deck 3 is the CF auditing card.
Also be provided with capture card configuring chip 6, configured port TDI, the TDO, TCK and the TMS that are provided with on the described information acquisition card 1 are connected on this capture card configuring chip 6.Capture card configuring chip 6 is used to fire the pin definitions in the capture card configuring chip 6.
Bit-to-bit technology and MD5Hash algorithm also can adopt other algorithms to audit and verification for existing mature technology, only need by cpu controller 2 is fired again into new operational method.
Its principle of work is:
Information acquisition card 1 is to be connected between source tray and the destination disk, and information acquisition card 1 sends to destination disk from the source tray image data.The copy interface of cpu controller among the present invention 2 is connected with capture card.
After capture card whenever duplicates one group of source tray data, just adopt data bit contraposition Bit-to-bit technology, data are write destination disk, simultaneously, generate a copy data value a and send to cpu controller 2, cpu controller 2 adopts the MD5Hash algorithm that copy data value a is added up computing, after the source tray data have been gathered, cpu controller 2 draws and duplicates proof test value A, and sends to auditing card seat 3 and preserved.
Remove source tray, the destination disk that duplicates after finishing is linked into the source tray position, 1 of cpu controller 2 control information capture card read the destination disk data, utilize the Bit-to-bit technology equally, whenever read one group of destination disk data, just generate an Audit data value b, and issue and examine cpu controller 2, cpu controller 2 adopts the MD5Hash algorithm that Audit data value b is added up computing, after the source tray data have been gathered, cpu controller 2 draws audit proof test value B, and sends to auditing card seat 3 and preserved.
Cpu controller 2 is A and B relatively, and is in full accord when the two, just can assert that the source tray data have been duplicated into destination disk intactly.If undesired signal or other information in copy procedure, occur, will cause between A and the B difference to occur, need duplicate again.

Claims (6)

1. electronic evidence-obtaining auditing system, comprise information acquisition card (1), source tray connector (IDE1) and destination disk connector (IDE2), wherein the last source tray interface (J1) that is provided with of information acquisition card (1) is connected with described source tray connector (IDE1), the destination disk interface (J2) that is provided with is connected with described destination disk connector (IDE2), information acquisition card (1) is obtained data information from source tray connector (IDE1), send data information through destination disk connector (IDE2) again, it is characterized in that: also comprise cpu controller (2) and audit deck (3); Wherein cpu controller (2) and two-way connection of described information acquisition card (1), cpu controller (2) control information capture card (1) work, and obtain the job information of information acquisition card (1), described cpu controller (2) and audit two-way connection of deck (3), data interchange between the two;
Described information acquisition card is provided with in (1):
The device that is used to begin;
Be used to wait for the device of instruction;
Be used to judge whether to duplicate the device of source tray data command;
Be used to duplicate the system of source tray data, wherein, judge when the described device that is used to judge whether to duplicate the source tray data command then to enter the system that this is used to duplicate the source tray data when duplicate instructions is arranged; Be used to judge whether the device of audit source tray data command, wherein, judge when the described device that is used to judge whether to duplicate the source tray data command then to enter the device that this is used to judge whether audit source tray data command when not having duplicate instructions;
Be used to the to audit system of source tray data wherein, is judged when the audit instruction being arranged when the described device that is used to judge whether audit source tray data command, then enters the system of the source tray data that are used to audit; When the described device that is used to judge whether audit source tray data command is judged audit instruction, then return the described device that is used to wait for instruction;
Be provided with in the described system that is used to duplicate the source tray data:
Be used to read the device of source tray data;
Be used for writing the device of data to destination disk;
Be used to generate the device of copy data value a;
Be used to export the device of copy data value a;
Be used to judge that whether source tray also has the not device of copy data, wherein, when this is used to judge whether source tray also has the device of copy data to judge copy data is not arranged, then return the described device that is used to read the source tray data; When this is used to judge whether source tray also has the device of copy data to judge not have copy data, then return the described device that is used to wait for instruction;
Be provided with in the system of the described source tray data that are used to audit:
Be used to read the device of source tray data;
Be used to generate the device of Audit data value b;
Be used to export the device of Audit data value b;
Be used to judge that whether source tray also has the not device of Audit data, wherein, when this is used to judge whether source tray also has the device of Audit data to judge Audit data is not arranged, then return the device of the described source tray data that are used to audit; When this is used to judge whether source tray also has the device of Audit data to judge not have Audit data, then return the described device that is used to wait for instruction.
2, a kind of electronic evidence-obtaining auditing system according to claim 1 is characterized in that: all be set side by side with on described audit deck (3) and cpu controller (2):
Number bus end D0~D15: the data double-way between cpu controller (2) and the audit deck (3) is transmitted;
CF interrupt request singal end CF_INTRQ: audit deck (3) sends interrupt request to cpu controller (2);
ARM read signal end ARM_READ and ARM write signal end ARM_WRITE:CPU controller (2) send to audit deck (3) and read steering order and write steering order;
CF reset terminal R_CF:CPU controller sends reset instruction to audit deck (3); Described cpu controller (2) also is set side by side with:
Status signal end ST0~ST13 is connected with described information acquisition card (1);
Address line end A0~A16 is connected with described information acquisition card (1).
3, a kind of electronic evidence-obtaining auditing system according to claim 1, it is characterized in that: described cpu controller (2) also is provided with the first control end TXD and the second control end RXD, the described first control end TXD is connected with output terminal R20UT with the input end T2IN of interface chip (4) respectively with the second control end RXD, and described interface chip (4) is provided with the computing machine socket.
4, a kind of electronic evidence-obtaining auditing system according to claim 1 is characterized in that: described cpu controller is provided with in (2):
The device that is used to begin;
The device that is used for hardware detection;
Be used to judge whether to duplicate the device of proof test value A;
Be used to duplicate the generation system of proof test value A, wherein judge then to enter the generation system that this is used to duplicate proof test value A when not duplicating proof test value A when the described device that is used to judge whether to duplicate proof test value A;
Be used to judge whether the device of copy command, wherein judge then to enter the device that this is used to judge whether copy command when duplicating proof test value A when the described device that is used to judge whether to duplicate proof test value A;
Be used to duplicate the device of proof test value A and audit proof test value B zero clearing, wherein judge when copy command is arranged when the described device that is used to judge whether copy command, then enter the device that this is used to duplicate proof test value A and audit proof test value B zero clearing, then, enter the described generation system that duplicates proof test value A again;
Be used to judge whether the device of audit proof test value B, wherein judge then to enter the device that this is used to judge whether audit proof test value B when not having copy command when the described device that is used to judge whether copy command;
Be used to the to audit generation system of proof test value B ought describedly be used to wherein judge whether that the device of audit proof test value B judges the proof test value B that do not audit, and then enters the generation system of this audit proof test value B;
Be used to judge whether the device of audit order, ought describedly be used to wherein judge whether that the device judgement of audit proof test value B has audit proof test value B, then enter the device that this is used to judge whether the audit order;
Be used to the to audit device of proof test value B zero clearing ought describedly be used to wherein judge whether that the device of audit order judges that the audit order being arranged, and then enters the device of this proof test value B zero clearing that is used to audit, and then, enters the generation system of described audit proof test value B again;
Be used to export the device of auditing result, wherein ought describedly be used to judge whether the audit order of device judgement of audit order, then enter the device that this is used to export auditing result, then, enter the device that is used to finish again; Be provided with in the described generation system that duplicates proof test value A:
Be used to duplicate the device of source tray data;
Be used to obtain the device of copy data value a;
The device that is used for accumulative total copy data value a;
Be used to judge whether the source tray data duplicate the device of finishing;
Be used to preserve the device that duplicates proof test value A, wherein, when being used to judge that whether the source tray data are duplicated the device judgement source tray data of finishing and duplicated imperfect tense, then return the described device that is used to duplicate the source tray data; Be used to preserve the device that duplicates proof test value A when judging that the source tray data duplicate when finishing, then entering, and then enter the device that is used to finish;
Be provided with in the generation system of described audit proof test value B:
The device of source tray data is used to audit;
Be used to obtain the device of Audit data value b;
The device that is used for accumulative total Audit data value b;
Be used to judge whether Audit data duplicates the device of finishing; Ought describedly be used to wherein to judge whether Audit data duplicates the device of finishing and judge that the source tray Data Audit do not finish, then return the device of the described source tray data that are used to audit;
Be used to preserve the device of audit proof test value B, ought describedly be used to wherein judge whether Audit data duplicates the device judgement source tray Data Audit of finishing and finish, and then enters the device that this is used to preserve audit proof test value B;
Whether with audit proof test value B equal, the device that draws auditing result and preserve then, enters the device that is used to finish again if being used for relatively duplicating proof test value A.
5, a kind of electronic evidence-obtaining auditing system according to claim 1, it is characterized in that: also be provided with capture card configuring chip (6), described information acquisition card (1) goes up the configured port first programming pin TDI, the second programming pin TDO, the 3rd programming pin TCK and the 4th programming pin TMS that are provided with and is connected on this capture card configuring chip (6).
CNB2007100929592A 2007-11-09 2007-11-09 Electronic evidence-obtaining auditing system Expired - Fee Related CN100511257C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2007100929592A CN100511257C (en) 2007-11-09 2007-11-09 Electronic evidence-obtaining auditing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2007100929592A CN100511257C (en) 2007-11-09 2007-11-09 Electronic evidence-obtaining auditing system

Publications (2)

Publication Number Publication Date
CN101149771A CN101149771A (en) 2008-03-26
CN100511257C true CN100511257C (en) 2009-07-08

Family

ID=39250295

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2007100929592A Expired - Fee Related CN100511257C (en) 2007-11-09 2007-11-09 Electronic evidence-obtaining auditing system

Country Status (1)

Country Link
CN (1) CN100511257C (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108985107A (en) * 2018-07-13 2018-12-11 重庆爱思网安信息技术有限公司 A kind of encrypted electronic evidence-obtaining auditing system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5689243A (en) * 1991-03-22 1997-11-18 Hughes Aircraft Company System and method for tamper detection
CN1361490A (en) * 2000-12-24 2002-07-31 冯振周 Safety techn for E-business system
CN1645382A (en) * 2004-06-22 2005-07-27 上海金诺网络安全技术发展股份有限公司 Computer long-distance electronic evidence obtaining method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5689243A (en) * 1991-03-22 1997-11-18 Hughes Aircraft Company System and method for tamper detection
CN1361490A (en) * 2000-12-24 2002-07-31 冯振周 Safety techn for E-business system
CN1645382A (en) * 2004-06-22 2005-07-27 上海金诺网络安全技术发展股份有限公司 Computer long-distance electronic evidence obtaining method and system

Also Published As

Publication number Publication date
CN101149771A (en) 2008-03-26

Similar Documents

Publication Publication Date Title
CN103443727B (en) Abnormality detection system and method for detecting abnormality
CN105589776B (en) A kind of Fault Locating Method and server
KR20190131445A (en) Traffic capture and debugging tools for identifying root causes of device failure during automated testing
CN106027528B (en) A kind of method and device of the horizontal permission automatic identification of WEB
CN103473162A (en) Reliability evaluation system design method based on software fault injection
CN105223889A (en) A kind of method being applicable to the automatic monitoring PMC RAID card daily record of producing line
CN108345787B (en) Determine the method, detection device and system of processor security
CN108958649A (en) A kind of security isolation method and device for storage system
JP2007323467A (en) Dma circuit and data transfer method
CN106326167A (en) PCIE sub-card-based hot plugging method and apparatus
CN109462495A (en) A kind of ship hardware and communication system detection system and method
CN107809349A (en) A kind of device and method of monitoring server signal waveform
CN106649020A (en) Detecting method and device for storage case burn information
CN112631848A (en) Intelligent diagnosis method and system for mechanical hard disk faults
CN101118505A (en) Process for monitoring affair in chip system and monitor of chip system
CN106326046A (en) Verification environment platform of storage controller
CN100511257C (en) Electronic evidence-obtaining auditing system
CN106405383A (en) Embedded board card automatic test system based on visual detection technology and embedded board card automatic test method thereof
CN106850342A (en) The method and device of test interchanger compatibility and stability
CN101158933B (en) Copy auditing card
CN203324251U (en) Anti-cheating motor vehicle tail gas detection data collection system
CN107885613A (en) A kind of method for writing data based on RAID5, device and medium
CN101299206A (en) Method and apparatus for realizing interrupt acquisition
CN201111033Y (en) Copy auditing card
CN205507744U (en) Polymerization facility suspends based on FPGA

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090708

Termination date: 20151109

EXPY Termination of patent right or utility model