1[1]Eoghan Casey. Digital evidence and computer crime [M]. London: Academic Press, 2000.
2[2]M G Noblett, et al. Recovering and examining computer forensic evidence [EB/OL]. http://www.fbi.gov/hq/lab/fsc/backissu/computer. html, 2000~10/2000~02.
3[3]SWGDE and IOCE. Digital evidence: standards and principles[EB/OL]. http://www.fbi.gov/hq/lab/fsc/backissu/swgde. html, 2000~04/2000~02.
4[4]United state secret service. Best practices for seizing electronic evidence [EB/OL]. http://www.secretservice.gov/electronic - evidence. shtml.
5[5]National institute of justice. Electronic crime scene investigation:a guide for first responders [DB/OC]. http://www.ncjrs.org/ pdffiles1/nij/187736.pdf, 2001~07.
6[6]National institute of justice. Electronic crime needs assessment for state and local law enforcement [EB/OL]. http://www.ncjrs. org/pdffiles1/nij/186276.pdf, 2001~03.
5CARVEY H. Windows forensic analysis[ M]. 2nd ed. Waltham: Syngress, 2007: 157.
6[美]EILAME.逆向工程揭秘[M].韩琪,译.北京:电子工业出版社,2007:4-16.
7COHEN M, GARFINKEL S, SCHATZ B. Extending the advanced forensic format to accommodate multiple data sources, logical evi- dence, arbitrary information and forensic workflow[ EB/OL]. [ 2011 -01 -O1 ]. www. pyflag, net/papers/dfrws 2009. pdf.
8FREDERIC B, SOLAL J. Digital forensics framework[ EB/OL]. [ 2010 - 01 - 08]. http://www, digital-forensic, org.
9SZEWCZYK P, BRAND M. Malware detection and removal: An ex- amination of personal anti-virus software [ EB/OL]. [ 2008 - 05 - 09]. http://scissec, scis. ecu. edu. au/proceedings/2008/foren- sics/Szewczyk% 20% 20Malware% 20detection. pdf.
