HOME   Cart(1)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GA/T 1071-2021 English PDF

US$169.00 ยท In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
GA/T 1071-2021: Forensic sciences - Technical specifications for Windows operating system log examination
Status: Valid

GA/T 1071: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GA/T 1071-2021English169 Add to Cart 3 days [Need to translate] Forensic sciences - Technical specifications for Windows operating system log examination Valid GA/T 1071-2021
GA/T 1071-2013English199 Add to Cart 3 days [Need to translate] Technical specifications for Windows operating system log examination of electronic forensics Obsolete GA/T 1071-2013

PDF similar to GA/T 1071-2021


Standard similar to GA/T 1071-2021

GA/T 424   GA 1210   GA 1051   GA/T 1070   GA/T 1069   GA/T 1073   

Basic data

Standard ID GA/T 1071-2021 (GA/T1071-2021)
Description (Translated English) Forensic sciences - Technical specifications for Windows operating system log examination
Sector / Industry Public Security (Police) Industry Standard (Recommended)
Classification of Chinese Standard A92
Word Count Estimation 7,740
Issuing agency(ies) Ministry of Public Security

GA/T 1071-2021: Forensic sciences - Technical specifications for Windows operating system log examination


---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Forensic sciences - Technical specifications for Windows operating system log examination ICS 13.310 CCSA92 People's Republic of China Public Safety Industry Standards Replaces GA/T 1071-2013 Forensic Science Electronic Evidence Windows Operating System Log Inspection technical specifications Published on 2021-10-14 2022-05-01 Implementation Published by the Ministry of Public Security of the People's Republic of China

foreword

This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents" drafted. This document replaces GA/T 1071-2013 "Technical Specifications for Forensic Science Electronic Evidence Windows Operating System Log Inspection", and Compared with GA/T 1071-2013, except for editorial changes, the main technical changes are as follows. --- Changed the scope and added the operating system type (see Chapter 1, Chapter 1 of the.2013 edition); --- Added normative references (see Chapter 2); --- Changed the hardware device (see 4.1, 3.1 of the.2013 edition); --- Changed the software equipment, and reintegrated the contents of 3.2.1 and 3.2.2 of the.2013 edition into 4.2 (see 4.2, 3.2 of the.2013 edition); --- Changed the inspection object and added samples (see 5.1~5.4, 4.1~4.4 of the.2013 edition); --- Change the hash value to the data integrity check value (see 5.4.3, 4.4.3 of the.2013 edition); --- Changed the log verification steps (see 5.4.4~5.4.8, 4.4.4~4.4.7 of the.2013 edition); --- Changed the preservation method and requirements of the detected data (see 5.5, 4.5 of the.2013 edition); --- Changed the expression of test results (see Chapter 6, Chapter 5 of the.2013 edition); --- Changed the supplementary provisions (see Chapter 7, Chapter 6 of the.2013 edition). Please note that some content of this document may be patented. The issuing agency of this document assumes no responsibility for identifying patents. This document is proposed by the National Criminal Technology Standardization Technical Committee Electronic Evidence Inspection Sub-Technical Committee (SAC/TC179/SC7) and return. This document is drafted by. China Criminal Police Academy, Ministry of Public Security Material Evidence Identification Center, Ministry of Public Security Network Security Bureau. The main drafters of this document. Tang Yanjun, Qin Yuhai, Chu Chuanhong, Guo Lili, Gao Hongtao, Liu Qizhi, Luo Wenhua, Wu Qian, Gao Yang. The previous versions of the documents replaced by this document are as follows. ---GA/T 1071-2013. Forensic Science Electronic Evidence Windows Operating System Log Inspection technical specifications

1 Scope

This document specifies the Windows operating systems for electronic evidence in the field of forensic science, including Windows.2000, Windows XP, 2008/2012/2016 and other log inspection terms and definitions, instruments and equipment, operating procedures, inspection results presentation and supplementary provisions. This document is suitable for the inspection of Windows operating system logs for electronic evidence in the field of forensic science.

2 Normative references

The contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, dated citations documents, only the version corresponding to that date applies to this document; for undated references, the latest edition (including all amendments) applies to this document. GB/T 29360 Electronic material evidence data recovery inspection procedures GB/T 29362 Electronic material evidence data search and inspection procedures

3 Terms and Definitions

The terms and definitions defined in GB/T 29360, GB/T 29362 and the following apply to this document. 3.1 system log systemlog Event records generated by Windows operating system components, mainly including crashes of drivers, system components and application software, as well as data data loss errors, etc. 3.2 A chronologically ordered collection of operations on objects specified by the Windows operating system and their results. including application logs, Security log and system log. 3.3 applicationlog applicationlog Event records generated by the application. 3.4 securitylog securitylog Security-related event logging, including successful and unsuccessful logins or logouts, system resource usage, etc.

4 Instruments and equipment

4.1 Hardware Storage media, security backup equipment, electronic evidence inspection workstation with read-only interface, photographic and video recording equipment.

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GA/T 1071-2021_English be delivered?

Answer: Upon your order, we will start to translate GA/T 1071-2021_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GA/T 1071-2021_English with my colleagues?

Answer: Yes. The purchased PDF of GA/T 1071-2021_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

Question 5: Should I purchase the latest version GA/T 1071-2021?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GA/T 1071-2021 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.