The Research On The System Of Dynamic Obtaining Of Electronic Evidence Based On Remote Control Technology

With the development of computer technology and the popularity of Internet network, computer crimes also occur frequently. How to combat and punish computer crimes and maximally obtain electronic evidence pertaining to computer crimes in order to realize computer forensics, has become the common concern of study in the computer science and law field.Firstly, This thesis develops a thorough study and exploration on the technology, the current state and its development on computer forensics. It analyses the technology, the tools and means of computer forensics. It compares the current two kinds of technology of dynamic obtaining evidence, namely, the IDS and Honeypot (Honeynet). On the basis of the comparison of the different ways of evidence-obtaining, a system of dynamic obtaining of electronic evidence based on remote control technology was designed.Secondly, this thesis studies and designs the architecture of the system. It works on the Client/Server model, which includes three kinds of choices on evidence-obtaining. And it realizes the objectives of using different ways of evidence-obtaining and evidence-controlling for different subjects.Thirdly, according to the function requirement of the system, it designs a logic model which includes forensic proxy module, forensic control module and evidence fixing module. The control module realizes the purpose of system setting, evidence obtaining command control and evidence-obtaining choices; the proxy module is composed of procedures for automatic booting, files hiding, process hiding, authentication, communication hiding and information collecting, which serves the purpose of secretly obtaining evidence.Fourthly, technologies on process hiding and file hiding, register modify and hiding, ports back-bouncing, and data encrypting in the target machine were studied.Fithly, by applying the object oriented program designing technology, the system was implemented. The compiler used in our experiment is Visual C++ 6.0 and the OS platform of the system running is Ms Windows 2000.Sixthly, the experiment result of the system was given. It realizes the active obtaining evidence to the monitored subjects on the Internet by different applications and it demonstrates that this is a new technical thinking in the current computer forensics technology, and thus is very suitable for the active control and evidence obtaining by the network security administration departments such as the public security organs for activecontrol and evidence obtaining. The effectiveness, adjustment and exactness are of great realistic importance to the make-up of current evidence obtaining techniques.Finally, it put forward further suggestions and prospects on the directions of the system design and development.