| Research regarding digital forensic technology has become more active with the recent increases in illegal accesses to computer system. Key fundamentals in digital forensic technologies are very important for it's progress. Some key fundamental questions on the basic method have been researched in the dissertation. As a result, five principal achievements have been obtained.First, a classification method that divides the progress course of digital forensics into foundation period, primary developing period and basic theory perfecting period is proposed. The originating and developing procedure of the fundamental concepts, technologies and methods of digital forensics is analyzed systematically at the first time. A comprehensive perspective of the evolution process of digital forensics is presented, which lays the ground for the overall knowledge of the state of the art of digital forensics.Second, the most important part in computer key fundamentals is the development of a methodology in digital forensics. This paper explores the development of the digital forensics process, compare and contrast several forensics methodologies, and finally proposes an abstract model of the digital forensic procedure, named, requirement based computer forensics process. This model attempts to address some of the shortcomings of previous methodologies, and provides the following advantages: a consistent and standardized framework for digital forensic tool development; a mechanism for applying the framework to future digital technologies; and, the potential for incorporating non-digital electronic technologies within the abstraction.Third, Digital Evidence is easy to be modified and erased. In order to collect the evidence with integrity and fidelity, digital forensics environment is proposed to maximize an environment's ability to collect credible digital evidence. Digital Evidence Collecting System, which is set in the target system in advance, is conducted for that purpose.Fourth, without considering the security of forensic mechanisms themselves, the digital evidence can't be protected completely. Based on the analysis of relative researches, secure area is proposed to protect forensic mechanisms from attacking. A mechanism called I-LOMAC has been designed and implemented to evaluate this method. The results demonstrate the advantage in protecting the forensic mechanisms.Fifth, of particular importance in digital forensics is the requirement to successfully narrow the potentially large search space often presented to investigators of such crimes and to effectively find out the potential evidence scattered in data entries. A solution is proposed to apply the traditional criminal profiling method to digital evidence analysis research. Based on association rule data mining technique, a method called CB-PIDE was designed. This method can focus on the investigating space and dig out the potential abnormal behavior. Results obtained with CB-PIDE have identified irregularities in CB-PIDE.In summary, the principal achievements of this paper are helpful to the exploration of computer forensic methods and to the construction of useful computer forensic system.
|
PDF Full Text Request