The Design And Realization Of The Information Monitoring And Forensicing System

The evolution of computing and network technology provides a more advanced means for information to acquire, transfer, process, use, and so on. Meanwhile it also provides chances for curiosers and intruders to make the computers and information systems unsecure. In this thesis a technique is proposed to monitor the information on computer in realtime so it can response it in time when hicker is going to steal the information, and plant a Trojian horse program secretely into the hicker's computer for government to get evidences to prosecute the hicker. Based on the research of Windows'programming technology and TCP/IP protocol, in this thesis the C/S model and remote control technology are analyzed. After the study some critical techniques of design and implimentation of remote control system are proposed, a prototype system realized and tested. The design thoughtway of this system is based on ample satisfaction of the functional needs of this system, so as to make the operation of this system stable, concealed and consistent, and assure that the system can automatically recover when destroyed. On the basis of DLL module, the implementing approach of this system independs on the guide procedure from the main procedure in order to assure the concealed operation of the system, meanwhile a back door procedure is installed to guarantee that the system can recover automatically when destroyed. The rebound port mechanism and communication through the third party are adopted which are based on C/S model, in order to ensure the stable and consistent operation of the system. In the process to realize functional module, varied methods are adopted to achieve automatic start-up, concealed communication and concise code of the system. Through the comprehensive utilization of the above-mentioned methods, the final purpose of tracing secret stealer and getting proof is achieved. Evidently, only technological methods alone are far from enough to guarantee the safety of information, many other means from all the aspects of social-engineering should be widely adopted.