| With the computer network been applied widespreadly and digital information grown sharply, network crime increases quickly. Being a new form of evidence, digital evidence has been one of the new litigant evidence. The key way to solving the increasing computer network crime is digital forensics according with the rule of law. In order to attack and deter criminals, it's must to obtain the evidences and bring them to the court.Computer forensics process generally includes three stages: evidence collection, evidence analysis and court demonstration. Collecting and securing evidence is the core content of the computer forensics technology, and it is the research hot spot currently. This dissertation is committed to the study and discuss of computer forensics technology against network intrusion. It uses the dynamic network forensics to solve the problems of current static host forensics. Firstly, the actuality of network crime and its countermeasures were analyzed. The development process, research situation, development trends of the digital forensics technology were summarized, and emphatically the existent problems of current digital forensics were analyzed in the paper. On the base of requirement, combining with the ideas of software engineering, a dynamic network intrusion forensics process model based on evidence competency was explored. With the guidance of the forensics process model, a multi-agent based dynamic network intrusion forensic system was designed and implemented partly. The system uses distributional strategy to collect evidences. Cooperating with each other, many agents can collect evidences real-timely.In the paper, an effective acquring technique of dynamic digital evidence based on intrusion detection is proposed, which incorporates intrusion detection and computer forensics. Considering the correlation of network data, the system uses protocol analysis technology, pattern matching technology and Bayes method to analysize network data and to withdaw intrusion evidences. The key that digital evidence is accepted by courtroom is its validity and integrality. In order to guarantee the force adeffect of digital evidence, an evidence-securing methodology that unite message digest, digital signature with timestamp technique was brought forward. That is use hash algorithm to validate the integrality of the evidence, use digital signature to validate the identity of the evidence and use timestamp to confirm the evidence's collection time. |
PDF Full Text Request