System and method for preventing destruction of digital forensic information by malicious software

摘要

Problem to be solved: to provide a method and system for preventing an act by suspicious objects obstructing digital forensic investigation.In the method 300, a suspicious object is identified from a plurality of objects in the computing device 302, and the operation performed by the suspicious object is monitored.The first command by the suspicious object to create and / or modify the digital artifact is intercepted 306 to intercept 308 the second command by the suspect object.The second command then deletes the created / modified digital artifacts or deletes 310 or suspicious objects themselves or blocks 314 of the second command in accordance with the determination of A suspicious object and a digital artifact are stored in a digital repository 316.Diagram