Research on the Way of Obtaining Electronic Physical Evidence Based on Python—Take Windows Log Document as an Example

With the popularization of computer technology such as smart phone, cloud computing and so on, high-tech crime is becoming more and more common. However, the number of Internet users in China is large, the number of cybercrime cases is large, the electronic data that need to be collected is many and complex, and the research of electronic data forensics in China is mainly based on technical framework and model establishment, and the hardware development is mainly introduced and cooperated. So that China’s electronic data forensics technology cannot meet the needs. Electronic data evidence and related legal issues, network forensics, mobile intelligent terminal forensics analysis technology, malicious code forensics analysis, cross-platform forensics, data recovery, intelligent association analysis, data depth mining, password cracking and other technical aspects need to be continuously combined. Accordingly, this project aims to carry on the analysis and the application research to the electronic data forensics technology of the network crime case, take the Windows log file as an example, through the reading and analysis of the user system log, we can understand the details of the user computer operating system, the behavior of the application program, the behavior of the user itself and the abnormal events in the system. Then it rebuilds the computer operation scene, monitors the computer system resources, audits the user’s related behavior, carries on the alarm to the suspicious behavior, looks up and determines the scope of the intrusion behavior and so on, provides the evidence source and the key clue for the fight against the computer network crime.