Shanghai Stars Digital Forensic Center, Information and Network Security Lab,
The Third Research Institute of Ministry of Public Security, Shanghai 201204, China
According to the characteristic of MongoDB, an approach of electronic evidence acquisition is proposed. The structure of MongoDB and GirdFS is introduced; the file which MongoDB stores data in is analyzed; and the procedure to recover deleted data in MongoDB is put forward. The experiment shows that the approach can acquire electronic evidence from MongoDB effectively.