Research On Log-based Computer Forensics Technology, System Design And Implement

Today, computer is revolutionizing our life, making quicker advancement and more convenience possible. However, it also brings unexpected negative impact, say, increasingly rampant computer crime, which is both aided by computer and aimed at computer. Computer crimes also greatly undermine social development and stability and has becomes a thorny problem for law enforcement agencies throughout the world. The key of fighting computer crime is how to catch the criminal trail in computer as valid litigation evidence in court and that is just computer forensics technology's concern.Log is am important file created and preserved by computer system, in which it well keeps the record of e-criminal-trail thus providing crucial clues and evidence sources for computer crime cracking. In order to make good use of logs to implement computer forensics, there are two problems needed to be solved: First, Protecting the log system in time and collecting them to accord the procedure of computer forensics. Second, how to analyse the logs to find out the "trail" of crime, that can be used as valid electronic evidence in court.According to the experience of successful computer crime cracking at home and abroad, the paper first discusses the procedure and steps of computer forensics. Then it provides insights on current situation and existing problems in this area and analyzes various kinds of log files and their formats. Thus a much improved security audit log is put forward to support computer forensics. And with respect to our actual technology state, a set of computer log forensics system has been designed, which can well meet the need of law enforcement agencies.Sparks of this paper are as follows:1) A much improved security audit log is presented, which supports log file in main systems and ensures orginal log files before system intruding happens are protected from being tampered or deleted so that they can be saved completely to be used as investigation clues and evidence souces of great importance;2) A log file base including different kinds of log files is established to support log file collecting and analyzing;3) Correlation analysis is applied to effectively identify latent clues.