| With the development of computer technology and the prevalent network, people are exposed to frequent occurrence of crimes committed by or aimed at computers. However, the politics and law institutions lack such necessary high-tech support to attain the most extensive electronic evidence of the computer-related crimes to penalize the offenders. In order to enhance the abilities of attacking computer-related offences, we need to conduct a profound study on the field of computer forensics, which is related to the computer forensics technology in question and requires not only the development of effective forensics tools, but also the research on its definition, standards, proceedings and some other basic theories. Computer forensics is a newly emerged interdisciplinary study encompassing subjects such as computer science, legal science and criminal scientific technology.Based on a relatively thorough literature review, this paper concludes the emergence, development, status quo and the prospective research of computer forensics. It also makes a comprehensive introduction of the basic concepts, relevant technology and theories, basic principles and practical tools, etc relating to the field of computer. It designs and develops a computer synthetical forensics system based on the previous research made both at home and abroad. The system is divided into static electronic evidence collection and dynamic electronic evidence collection systems as regards the different timing of attaining the electronic evidence. The static electronic evidence collection system integrates a variety of forensics technology and it thoroughly extracts the disc information including the deleted files and the system information. The dynamic electronic evidence collection system applies the honeypot technology to the dynamic evidence collection and realizes the reappearance of the attacking process. Currently the research has completed the development of static electronic evidence collection system and is developing the dynamic electronic evidence collection system. In view of the massive and scatted electronic data extracted, how to correlate or locate the evidently directive, persuasive and legally approved ones, i.e., the"electronic evidence", is a spotlight as well as a difficult point of computer forensics. By summarizing the current analyzing technology of electronic evidence, chapter 5 compares the strengths and weaknesses of different methods. It put forward some strategy for improvement and at last presents a new forensics method,"suspect characteristic- computer activity information database". This method points out a new direction for analyzing massive data, narrowing analyzing scope and seeking electronic evidence. It also introduces a new way to correlate the words in"text correlation analysis", which is on the basis of data mining. |
PDF Full Text Request