| Computer forensics is an emerging technical discipline, mainly studies how to provide effective, integral and security technical means to obtain and capture electronic evidences of computer crime. New computer forensics is the development and innovation of traditional computer forensics technology under the new forensics circumstance. It includes the new static computer forensics technology, the new computer dynamic forensics technology and the new anti-anti-computer forensics technology. New computer forensics technology which is based on active attacks is characterized by bringing the network attack technology into computer forensics and accomplishing the task of computer forensics to a largest extent. This paper studies the new computer forensics technology and realizes its related application examples.The paper first introduces the theory and technological development of the traditional computer forensics technology. The existing problems of the traditional computer forensics technology are also analyzed and summarized. After the innovation and update of the traditional computer static forensics, toolkits of new computer static forensics based on remote command are designed and implemented.Secondly, the paper introduces the theory of the primitive computer dynamic forensics technology. With the shortcomings and deficiencies of the traditional computer forensics technology, the new computer dynamic forensics technology based on active attack is designed and implemented. According to the different conditions of forensics, the research of the application examples is accomplished by active attack technology of keyboard input information capture, removable storage devices information capture, file monitor, remote control and etc.Finally, through the study of the anti-computer forensics technology, the new anti-anti-computer forensics technology which is closely related to the research of the new computer dynamic forensics technology is mentioned. Three typical application examples of new executable program boot technology, toolkit of digital signature fake and anti-virus software cloud security breakthrough technology are designed and implemented. The conclusion of the paper shows that New Computer Forensics can realize the capture of electronic evidences information through the controlled host itself, the devices around it and internet from all dimensions, multi ways and various angles. It can adapt to the new demands of computer forensics and make up the shortcomings for the traditional forensic technology, and the effect is good. |
PDF Full Text Request