| Today is an information explosion society, the network as a major route of information dissemination, had been widely used and dependence. With the rise of the tide network, there are more and more network attacks, and technologies and means of attack are ever-changing, from ARP spoofing, scripting attacks, Trojan injection to the super worms, covert attacks and so on, this makes network security issues become increasingly prominent. Traditional network security products, such as firewalls, intrusion detection systems and other applications are mostly a passive defense, can not effectively combat malicious attackers, so computer forensics technology become very important.We can define the computer forensics, the social reality of crime scene transferred to the computer, offenders may do the computer invasion of criminals, destruction, fraud, attacks and other acts, administers make use of computer hardware and software technology, in accordance with the legal norms, and it is a process of digital evidence identification, preservation, analysis and presentation.In this paper, the content and the main work are, There are different characteristics of the file properties in computer systems, such as creation time, last modified time and last access time, and we analyzed the feasibility of timestamp forensic; we used improved fuzzy kernel clustering algorithm to analyze data, the sample data were mapped to a high dimensional feature space by nuclear function, in the feature space the data were analyzed by fuzzy clustering, and dynamically generate the number of clusters; Finally, we finished a model experiment that analyzed system files feature attribute, the experiment can extract the suspect's invasion, to achieve the desired goal. |
PDF Full Text Request