The Key Technology Research On Computer Intrusion Forensics

Recently, network crime is rising so rapidly, and it has become an international issue. It is a practicable solution to find out enough electronic testimonies with credibility and legitimacy. This is computer forensics. Today, people attach more and more importance to computer forensics. The research for computer forensics has been an important part of computer security.Computer digital information such as 0 or 1 is easily modified. The weak characteristic results in the difficulty in judging computer testimonies. In this paper the law problems relative to legal computer testimonies are firstly discussed. Then we richly analyze and fully summarize the research productions in the field, according to the two different methods: static way and dynamic way. Based on the analysis and the summarization, a new computer forensics thinking, which should be able to transfer in time the computer crime testimonies to another safety place, is suggested.Then a safety theory model called DT-BLP safety model is discussed. The application of the model to computer forensics is presented. The application can protect in time the computer testimonies against the hacker's destroying, especially in the initial stage of the hacker's intrusion and in the process of the intrusion.The integrality problem of computer testimonies is a difficult one in identifying computer crime. In this paper, an information integrality algorithm is presented. The algorithm can protect the integrality of computer testimonies against the hacker's destroying.The total amount of computer forensics information becomes larger and larger when the computer is running. However, the amount of the crime testimonies reflecting the hacker's intrusion behavior is little. The most normal information should be removed at proper moment. The crime testimonies should be kept as longer as possible. In the paper, we proposed a fuzzy evaluation algorithm dealing with the information risk about computer forensics information. Then according to the evaluation results, the potential crime information reflecting the hacker's intrusion behavior is hold.Finally, we proposed a dynamic computer forensics system based on host computer, and estimate its performance.