| For the growing computer crime, the paper do some research on the theory and methodology of computer forensics. The main work is as follow:First, it summarize theory and methodology of computer forensics. As the theory of computer forensics in China is still imperfect and immature, the product in practical application is not a lot. Therefore, the paper sum up international and domestic theories about computer forensics. Concepts, principles, steps and tools related to computer forensics are mentioned in detail. The characters of digital evidence are summing up, some rules about computer in law are introduced also.Second, the Honeypot Forensics is introduced. HoneyPot is a network trap or deceiving system, which can tempt the attacker who will spend a lot of time and resources in attacking on HoneyPot, and protect the system from attack. It can monitor and track the attacker, collect information of attacker, in order to analyze the threat to system, to learn the tools, strategies and motivation from attacker. The concept, the role and methods of HoneyPot are introduced, the key technologies and several construction methods of HoneyPot system are discussed briefly.Third, using intrusion detection technology, the paper detailed the major techniques and classification of intrusion detection. When the crimes were committed or system in the attack, from by intrusion detection to system detection, are necessary to computer forensics.Fourth, a model of computer forensics is designed. A dynamic model of computer forensics is put forward based on analysis of the design ideas with regard to IDS and the computer dynamic forensics system, each module is also designed in system. |
PDF Full Text Request