CN114063927A - Evidence obtaining method and system for electronic data - Google Patents
Evidence obtaining method and system for electronic dataDownload PDFInfo
- Publication number
- CN114063927A CN114063927ACN202111396793.XACN202111396793ACN114063927ACN 114063927 ACN114063927 ACN 114063927ACN 202111396793 ACN202111396793 ACN 202111396793ACN 114063927 ACN114063927 ACN 114063927A
- Authority
- CN
- China
- Prior art keywords
- channel
- forensic
- information
- channels
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0623—Securing storage systems in relation to content
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0643—Management of files
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0674—Disk device
- G06F3/0676—Magnetic disk device
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Human Computer Interaction (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
Technical Field
The invention relates to the technical field of electronic data forensics, in particular to a forensics method and a forensics system for electronic data.
Background
With the rapid development of internet technology and computer technology, crimes related to the computer field are also increasingly expanded, so that the technical application of electronic data forensics is also continuously updated, such as portable electronic data forensics equipment, laboratory-dedicated fixed forensics equipment and the like.
In the field of electronic data forensics, hard disk data acquisition is an important means in site investigation, but with the increase of the hard disk capacity and data storage of a forensics object host, the forensics time is long, the required storage space is large, and high requirements are provided for forensics equipment, while portable forensics equipment is often small in size, the capacity of the storage space of the portable forensics equipment is not large, and the forensics speed is not high enough, so that how to efficiently improve the forensics speed and meet the large capacity becomes necessary to be considered.
Disclosure of Invention
In order to solve the technical problems of long forensics time and large required storage space in the prior art, the invention provides a forensics method and a forensics system for electronic data, so as to solve the technical problems.
According to one aspect of the present invention, there is provided a method for forensics of electronic data, the method comprising:
s1: connecting a plurality of channels of the evidence obtaining equipment with a host one by one, acquiring interface mark information corresponding to the conversion module of each channel, and writing the interface mark information into the corresponding interface conversion module;
s2: connecting any one of the channels with the host again, initializing the historical setting information of the current channel, writing the interface mark information into the guide sector of the disk of the current channel, and setting the current channel as the main channel;
s3: copying the evidence obtaining application to a disk space of a main channel, connecting a plurality of channels with a host, and opening the evidence obtaining application after the host identifies the plurality of channels; and
s4: the forensic application partitions the data of the host into a plurality of image files, while maintaining the plurality of image files in a plurality of channels.
In some specific embodiments, step S2 further includes performing initialization history setting information on channels other than the master channel, writing the interface flag information into the boot sector of the disk corresponding to the channel, and setting the interface flag information as the slave channel.
In some specific embodiments, the forensic application operates to read information of the disk drive through a system api function, after determining the master and slave channels, respectively read information of a preset disk boot sector, and in response to matching of the information with the preset information, use a storage space of the master and slave channels as a storage space of forensic data.
In some specific embodiments, the disk drive information includes drive number, drive string information, and drive type.
In some specific embodiments, step S4 specifically includes the forensic application taking the disk data of the host to be forensic as the whole image, dividing the whole image into a plurality of small image files, saving the first image from the primary channel, and saving the second image in sequence from the secondary channel. At the moment, the total storage space for evidence collection is the sum of the storage space of the main channel 1 and the storage space of the channel 2, so that the storage space for evidence collection is enlarged
In some specific embodiments, the forensics application automatically selects an idle channel to continue to store new split image files according to the completion sequence of each channel image file. By means of the setting, the overall evidence obtaining speed can be improved to the maximum efficiency.
According to a second aspect of the present invention, there is provided a forensics system for electronic data, the system comprising:
the interface mark information acquisition and input unit is configured to connect a plurality of channels of the evidence obtaining equipment with the host one by one, acquire interface mark information corresponding to the conversion module of each channel, and write the interface mark information into the corresponding interface conversion module;
a channel initialization unit configured to connect any one of the plurality of channels with the host again, initialize history setting information of the current channel, write interface flag information into a boot sector of a disk of the current channel, and set the current channel as a main channel;
a preparation unit: configuring a disk space for copying the evidence obtaining application to a main channel, connecting a plurality of channels with a host, and opening the evidence obtaining application after the host identifies the plurality of channels;
a evidence obtaining unit: the configuration is used for the application of collecting evidence to cut apart the data of host computer into a plurality of mirror image files, keeps a plurality of mirror image files at a plurality of channels simultaneously.
In some specific embodiments, the channel initialization unit further includes initialization history setting information for channels other than the master channel, writes the interface flag information into a boot sector of the disk of the corresponding channel, and sets the interface flag information as a slave channel.
In some specific embodiments, the forensics application operates to read information of the disk drives through a system api function, after a master channel and a slave channel are judged, information of preset disk boot sectors is read respectively, and in response to matching of the information and the preset information, a storage space of the master channel and the slave channel is used as a forensics data storage space, wherein the disk drive information includes the number of drives, drive character string information and the types of the drives.
In some specific embodiments, the forensic application takes disk data of a host to be forensic as a whole image, divides the whole image into a plurality of small image files, and saves a first image from a main channel and sequentially saves a second image from a secondary channel. At this time, the total storage space for evidence collection is the sum of the storage space of the main channel 1 and the storage space of the channel 2, so that the storage space for evidence collection is enlarged.
In some specific embodiments, the forensics application automatically selects an idle channel to continue to store new split image files according to the completion sequence of each channel image file. By means of the setting, the overall evidence obtaining speed can be improved to the maximum efficiency.
The invention provides a method and a system for obtaining evidence of electronic data, which can automatically expand the storage space of a main channel and a slave channel into a total storage space for storing evidence obtaining data when a computer obtains the evidence of data, and the total speed is the sum of the evidence obtaining speeds of the two channels. In the evidence obtaining process, evidence obtaining software can complete the evidence obtaining according to the image files of all the channels, the evidence obtaining software automatically selects the idle channel to continuously store the new split image files, and the reading speeds of the two channel disks are different, so that the time for completing each image is different, and the overall evidence obtaining speed can be improved to the maximum efficiency.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments and together with the description serve to explain the principles of the invention. Other embodiments and many of the intended advantages of embodiments will be readily appreciated as they become better understood by reference to the following detailed description. Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is a flow diagram of a forensics method for electronic data according to one embodiment of the present application;
FIG. 2 is a block diagram of a forensics system for electronic data according to an embodiment of the present application;
fig. 3 is a block diagram of a portable forensics device framework according to an embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
FIG. 1 shows a flow diagram of a forensics method for electronic data according to an embodiment of the application. As shown in fig. 1, the method includes:
s101: and connecting a plurality of channels of the evidence obtaining equipment with the host one by one, acquiring interface mark information corresponding to the conversion module of each channel, and writing the interface mark information into the corresponding interface conversion module.
In a specific embodiment, by taking the dual-channel forensic device shown in fig. 3 as an example, after the external interface of thechannel 310 is connected to thePC host 330, interface mark information corresponding to the conversion module of thechannel 310, also referred to as device interface description, is displayed on the disk drive of thePC host 330 after the external interface is turned on. This interface flag information is written in advance to the interface conversion module by the configuration tool of theCPU controller module 312 in the forensics device: the designated channel interface flag information is written in the configuration file, and then the conversion module channel interface flag of thechannel 310 is set to the HDD1 through the configuration tool of the CPU controller of theconverter module 314, respectively, and the conversion module channel interface flag of thechannel 320 is set to the HDD2 in the same manner. When the portable device is connected to thePC host 330 after the setup is completed (at this time, both thechannel 310 and thechannel 320 are connected to the PC host 330), the descriptions of the corresponding interfaces on the disk drive of the PC host are shown as HDD1 and HDD2, respectively.
S102: connecting any channel of the plurality of channels with the host again, initializing the history setting information of the current channel, writing the interface mark information into the guide sector of the disk of the current channel, and setting the current channel as the main channel.
In a specific embodiment, after interface flag information of two channels is set, one of the channels is accessed to thePC host 330 again, an equipment initialization software tool stored in thePC host 330 is opened, and a channel of a corresponding disk is determined according to the description of the accessed hardware interface, if the interface is described as HDD1, the history setting information of the channel is cleared first by the initialization tool, and then the interface flag information HDD1 is written into a boot sector of the disk of the channel, and a drive identifier of the disk is set as a main channel; and accessing another channel, and similarly writing the interface description information HDD2 of the other channel into the boot sector of the disk, and setting the disk identifier of the channel as a slave channel.
S103: and copying the evidence obtaining application to the disk space of the main channel, connecting the plurality of channels with the host, and opening the evidence obtaining application after the host identifies the plurality of channels.
In a specific embodiment, both channels of the portable evidence obtaining device are connected to the target PC host 330, data evidence is obtained for the target PC host 330, after the target PC host 330 recognizes the two channels of the portable evidence obtaining device, the evidence obtaining software system stored in the main channel 310 is opened, the evidence obtaining task management function is opened, the disk information to be obtained and the disk information of the portable device are respectively recognized, when the evidence obtaining software is operated, the evidence obtaining software reads the disk drive information through an api function of an operating system, the information includes the number of drives, the character string information of the drives, the types of the drives, etc., and is used for judging which disk drive interfaces are described as HDD1 and HDD2, after the channel information is recognized, the information preset in a disk guide sector is respectively read, if the corresponding read information also meets the preset, the evidence obtaining software automatically takes the storage space of the main channel 310 and the channel 320 of the portable device as the evidence obtaining data storage space, that is, the forensic system software may read the disk information of the disk drive and determine that HDD1 is the forensic software system disk and data storage space based on the new flag, and HDD1 is the scalable data storage space.
S104: the forensic application partitions the data of the host into a plurality of image files, while maintaining the plurality of image files in a plurality of channels.
In a specific embodiment, when performing the forensic task, the forensic software will use the entire disk data of thePC host 330 or data of a certain disk partition to be forensic as an image, and the forensic software will split the entire image into a plurality of small image files, and store the first image from themain channel 310 and the second image from thechannel 320, so that the total storage space is the sum of the storage space of themain channel 310 and the storage space of thechannel 320 during the forensic process. In the evidence obtaining process, evidence obtaining software can complete the sequence according to the mirror image files of all the channels, the evidence obtaining software automatically selects the idle channel to continuously store the new split mirror image files, and the reading speeds of the two channel disks are different, so that the time for completing each mirror image is different. This provides the greatest efficiency in improving the overall forensic speed, which is therefore the sum of the forensic speed of themain channel 310 and the forensic speed of thechannel 320.
Although the above embodiment only shows the technical solution of performing forensics by using two channels, it should be appreciated that a multichannel forensics mode with more than two channels may also be adopted, and the technical effects of the present invention may also be obtained.
With continued reference to FIG. 2, FIG. 2 illustrates a block diagram of a forensics system for electronic data, according to an embodiment of the invention. The system specifically comprises an interface mark information acquisition andentry unit 201, achannel initialization unit 202, apreparation unit 203 and aforensics unit 204, wherein the interface mark information acquisition andentry unit 201 is configured to connect a plurality of channels of forensics equipment with a host one by one, acquire interface mark information corresponding to a conversion module of each channel, and write the interface mark information into the corresponding interface conversion module; thechannel initialization unit 202 is configured to connect any one of the plurality of channels with the host again, initialize the history setting information of the current channel, write the interface flag information into the boot sector of the disk of the current channel, and set the current channel as the main channel; thepreparation unit 203 is configured to copy the forensic application to a disk space of a main channel, connect the multiple channels with a host, and open and run the forensic application after the host recognizes the multiple channels; theforensics unit 204 is configured to divide the data of the host into a plurality of image files by the forensics application, and simultaneously store the plurality of image files in a plurality of channels.
Fig. 3 shows a frame structure diagram of a portable evidence obtaining device according to an embodiment of the present application, as shown in fig. 3, the portable device is divided into amain channel 310 module and achannel 320 module, preferably, a silk screen is used as a visual distinction between the two channels on the device housing, the two channels are independent modules in hardware, and there is no association in hardware. Themain channel 310 module comprises 1data storage module 313, 1 electronic data forensics software system module, 1interface conversion module 314, aCPU control module 312, 1power supply module 311 and the like; thechannel 320 module includes 1 channeldata storage module 321, 1interface conversion module 322,CPU control module 324, 1power supply module 323, etc.; in the portable device, themain channel 310 is used as a main channel, which is a storage place of the forensic system and is also a forensic data storage space, and thechannel 320 is an expandable storage space. When data forensics is performed on a computer, the method can automatically expand the storage space of the main channel 301 and thechannel 320 into a total storage space for storing forensics data, and the total speed is the sum of the forensics speeds of the two channels. In each channel, the data storage module is connected with the interface conversion module, the interface conversion module is connected with the CPU control module, and the power supply module provides stable power supply for each module. When the portable device is used, the other port (USB3.1 port) of the interface conversion module is connected to the PC host to be forensics, wherein themain channel 310 and thechannel 320 are respectively connected to thePC host 330 to be forensics, and data in the storage module of thePC host 330 to be forensics is the forensics object. The device is small in size, portable and convenient, and can be used for effectively solving the problems of small data storage space and low speed of evidence obtaining equipment when a specific department performs data acquisition on a target computer.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (11)
1. A method for forensics of electronic data, comprising:
s1: connecting a plurality of channels of the evidence obtaining equipment with a host one by one, acquiring interface mark information corresponding to a conversion module of each channel, and writing the interface mark information into a corresponding interface conversion module;
s2: connecting any one of the channels with the host again, initializing historical setting information of the current channel, writing the interface mark information into a guide sector of a disk of the current channel, and setting the current channel as a main channel;
s3: copying a forensics application to a disk space of the main channel, connecting the plurality of channels with the host, and opening and running the forensics application after the host identifies the plurality of channels; and
s4: the forensics application divides data of the host into a plurality of image files, and simultaneously saves the image files in the channels.
2. A forensic method for electronic data according to claim 1 wherein said step S2 further comprises performing initialization history setting information for channels other than said master channel, writing said interface flag information to a boot sector of a disk of the corresponding channel, and setting as a slave channel.
3. A forensic method for electronic data according to claim 1 in which the forensic application operates to read disk drive information via a system api function, after determining a master and slave channel, to read information of a predetermined disk boot sector, respectively, and in response to the information matching the predetermined information, to use the storage space of the master and slave channel as a storage space for forensic data.
4. A forensics method for electronic data according to claim 3, wherein the disk drive information includes drive number, drive string information, and drive type.
5. A forensic method for electronic data according to claim 2, characterised in that the step S4 specifically comprises the forensic application taking the disk data of the host being forensic as a whole image, splitting the whole image into several small image files, saving a first image starting from the master channel while saving a second image in sequence starting from the slave channel.
6. A forensic method for electronic data according to claim 5 in which the forensic application automatically selects an idle channel to continue to save a new split image file in accordance with the order in which the respective channel image files are completed.
7. A forensic system for electronic data, the system comprising:
the interface mark information acquisition and input unit is configured to connect a plurality of channels of the evidence obtaining equipment with the host one by one, acquire interface mark information corresponding to the conversion module of each channel, and write the interface mark information into the corresponding interface conversion module;
a channel initialization unit configured to connect any one of the plurality of channels with the host again, initialize history setting information of a current channel, write the interface flag information into a boot sector of a disk of the current channel, and set the current channel as a main channel;
a preparation unit: the method comprises the steps that a magnetic disk space used for copying a forensic application to a main channel is configured, the channels are connected with a host, and the host is opened to run the forensic application after recognizing the channels;
a evidence obtaining unit: the forensic application is configured to partition data of the host into a plurality of image files while maintaining the plurality of image files in the plurality of channels.
8. The forensic system for electronic data according to claim 7 in which the channel initialization unit further comprises initialization history setting information for channels other than the master channel, writes the interface flag information to a boot sector of a disk of the corresponding channel, and sets as a slave channel.
9. The system of claim 7, wherein the forensic application runs a system api function to read disk drive information, determines a master-slave channel, reads information of a predetermined disk boot sector, and in response to matching of the information with the predetermined information, takes a storage space of the master-slave channel as a forensic data storage space, wherein the disk drive information includes a number of drives, drive string information, and a drive type.
10. A forensic system for electronic data according to claim 8 in which the forensic application takes the disk data of the host being forensic as a whole image, divides the whole image into a number of small image files, saves a first image starting from the master channel whilst saving a second image in sequence starting from the slave channel.
11. A forensic system for electronic data according to claim 10 in which the forensic application automatically selects a free channel to continue to save a new split image file in accordance with the order in which the respective channel image files are completed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111396793.XACN114063927B (en) | 2021-11-23 | 2021-11-23 | Evidence obtaining method and system for electronic data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111396793.XACN114063927B (en) | 2021-11-23 | 2021-11-23 | Evidence obtaining method and system for electronic data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114063927Atrue CN114063927A (en) | 2022-02-18 |
| CN114063927B CN114063927B (en) | 2024-03-26 |
Family
ID=80275605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111396793.XAActiveCN114063927B (en) | 2021-11-23 | 2021-11-23 | Evidence obtaining method and system for electronic data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114063927B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005125084A1 (en)* | 2004-06-21 | 2005-12-29 | Echoworx Corporation | Method, system and computer program for protecting user credentials against security attacks |
| CN102681790A (en)* | 2012-03-02 | 2012-09-19 | 南京拓界信息技术有限公司 | Data dump device and method and system for data dump by same |
| US20140244699A1 (en)* | 2013-02-26 | 2014-08-28 | Jonathan Grier | Apparatus and Methods for Selective Location and Duplication of Relevant Data |
| CN107967118A (en)* | 2016-10-19 | 2018-04-27 | 南京拓界信息技术有限公司 | A kind of method and apparatus realized hard disc data high speed dump and checked |
| CN112333015A (en)* | 2020-10-28 | 2021-02-05 | 重庆紫光华山智安科技有限公司 | Media data storage method, device, system, electronic equipment and storage medium |
- 2021
- 2021-11-23CNCN202111396793.XApatent/CN114063927B/enactiveActive
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005125084A1 (en)* | 2004-06-21 | 2005-12-29 | Echoworx Corporation | Method, system and computer program for protecting user credentials against security attacks |
| CN102681790A (en)* | 2012-03-02 | 2012-09-19 | 南京拓界信息技术有限公司 | Data dump device and method and system for data dump by same |
| US20140244699A1 (en)* | 2013-02-26 | 2014-08-28 | Jonathan Grier | Apparatus and Methods for Selective Location and Duplication of Relevant Data |
| CN107967118A (en)* | 2016-10-19 | 2018-04-27 | 南京拓界信息技术有限公司 | A kind of method and apparatus realized hard disc data high speed dump and checked |
| CN112333015A (en)* | 2020-10-28 | 2021-02-05 | 重庆紫光华山智安科技有限公司 | Media data storage method, device, system, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114063927B (en) | 2024-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1650665B1 (en) | File management method and information processing device | |
| CA2630282C (en) | Method and system for carrying multiple suspended runtime images | |
| CN101650660B (en) | boot computer system from central storage | |
| CN1716204A (en) | Systems and methods for development of emulated devices in a virtual machine environment | |
| JP2000222179A (en) | Computer system and method for operating computer system | |
| US20040128443A1 (en) | Data storage system, data storage apparatus, computers and programs | |
| CN105389190A (en) | Operating system starting method, apparatus and system | |
| US6526493B1 (en) | Method and apparatus for partitioning and formatting a storage media without rebooting by creating a logical device control block (DCB) on-the-fly | |
| TW201504937A (en) | Virtual storage devices formed by selected partitions of a physical storage device | |
| US10795687B2 (en) | Information processing system for setting hardware, method for setting hardware and non-transitory computer-readable storage medium recording program for setting hardware | |
| CN101893999A (en) | System for virtually partitioning storage device into multiple devices | |
| CN114063927B (en) | Evidence obtaining method and system for electronic data | |
| US20060164743A1 (en) | Method for copying source data from a source hard disk to multiple target hard disks | |
| US8452820B2 (en) | Logical partition configuration data file creation | |
| US9354911B2 (en) | Method and system for logging into a virtual environment executing on a host | |
| US20080004857A1 (en) | Restoring base configuration on software testing computer | |
| JP4854973B2 (en) | Storage control program, storage control method, storage control device, and storage control system | |
| CN101493844B (en) | Method and apparatus for implementing multiple main interfaces for embedded memory | |
| US8468298B2 (en) | Management device and management method | |
| CN102375696A (en) | Data storage system and data access method using virtual disk | |
| CN104298469A (en) | Storage device configuration device and storage device configuration method | |
| JP2005316624A (en) | Database reorganization program, database reorganization method, and database reorganization apparatus | |
| US20050234962A1 (en) | Apparatus and method to update code in an information storage and retrieval system while that system remains in normal operation | |
| CN113688064A (en) | A method and apparatus for allocating storage addresses for data in a memory | |
| TWI870753B (en) | Method and related equipment for drive management of storage controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |