| There is no utter safe network in the world, stand relatively safe network only, even if its network of army known as " Great wall of steel of the country " in the world is no exception. Its relatively safe network environment depends on, on one hand, perfecting continuously system procedure, installing fire wall with a great deal of maturity, building in invade-checkout equipment and strengthen management. On the other hand, it is one important respect that we must dispose appropriate those people who dare to destroy order and make disloyalty behavior at network at the same time. In order to achieve this purpose, there must be analysis on security accident to get the truth of fact, so we have to survey clue among them. In theory, no matter how high level they have and how sophisticated means they take, hackers will always leave their clues in network after security accident happened. But whether investigators could collect them and find out conclusive evidence entirely depend on their ability and method that they took, as well as various kinds of tools they had and system setting at that time. Now the foreign researches are primary based on the network monitoring platform and fire wall. However, the national researches are mostly based on the three major logs of the investigating system. This thesis proposes a method that is set up on the both of them. And meanwhile the method emphasizes particularly on building up judicial expertise system and regards itself as the foundation of the whole system. Farther more, its main function is to collect and excavate the all the clues on the spot and recover all the materials that are deleted and concealed. Firstly, we start to analyze with preparing for collecting all the clues, including preparing material and technology, detecting the abrupt secure affairs, and network monitoring and response's deepening gradually. Secondly we generate investigation strategy and make a copy of judicial expertise. At last we get the truth in the end through the expansion thoroughly which investigate the step of analyzing, contrasting, investigating and verifying, asserting about all known relevant clues etc, draw final conclusion of accident preparing for support disciplinary punishment and criminal or civil action that implemented in the army, Ensure the safe operation of army's network conscientiously. Through comparing with the experiment, we can prove it obvious improvement to collect evidence after confirming the relevant person.
|
PDF Full Text Request