中文摘要：

封存原始硬盘与业务系统服务的连续性是计算机取证中面临的一对矛盾。在独立硬盘环境中,问题的解决并不困难,但在磁盘阵列（RAID）环境下,目前还缺乏有效的解决办法。为此,为RAID环境下的取证目标系统的重构提出一套解决方案,并设计实现其中关键任务的处理软件。实验表明,该方法可适用于不同RAID等级、不同操作系统下的系统重构,使得用户感受不到重构得到的系统与原系统有任何差异。与数据同步方法相比,该方法可以有效地减少重构的时间开销,且不会破坏原始证据硬盘上的数据。

英文摘要：

Sealing up original disks and the continuity of business system service are two conflicting requirements in computer forensic investigation.It＇s easy to tackle this problem in independent disk environments.But there is still not effective solution to this problem in RAID environments at present.We propose a set of solutions for the reconstruction of forensic target system in RAID environments,design and implement software to deal with the key tasks.Experiment shows that our approach fits the system reconstructions well under different RAID levels and different OSes.And it guarantees that the user will not sense any difference between the reconstructed system and the original one.Compared with data synchronisation methods,our approach reduces the reconstruction time cost significantly and keeps data on original disks unchanged.