Technology Of Discovery And Analysis For Evidence On Network Invasion And Attack

With the popular application and rapid progress of networks and information technology, the cyber-crime forensics is more and more concerned by all of the world which is being issue that needs to be resolved urgently. This work is supported by the grant from the National Key Technologies R&D Program of China during the 10th Five-Year Plan Period (No. 2001BA802B) . With the help of team members, and emphasized on log forensics of computer and cyber crime, the discovery and analysis on network invasion and attack is researched, and the achievement is also integrated into the log analysis subsystem. The technology framework, workflow and security are also researched and improved. Finally the log forensics platform is realized and experiment is successfully completed .The main work of author is as follows:1) To optimize and perfect the framework and workflow of cyber-crime log analysis subsystem, based on laboratorial work. The standard workflow is vital for the cyber crime forensic, and in this dissertation it is propounded. The technology framework is also supposed on the base of workflow.2) To design and implement some modules of the subsystem. The modules that designed and implemented by author include task import module, log file parser module, log file analysis module and report module.3) To broaden the knowledge database to support the subsystem perfectly and improve the veracity of log analysis and warning module. The maturity and veracity of expert knowledge in knowledge database will directly affect the result of log analysis. The existent expert knowledge should be complemented and revised frequently. Some necessary knowledge but not included in knowledge database should also be appended.4) To accomplish academic research, system implementation and experimental test with other team members.The practice indicates that the workflow and technology framework of log analysis subsystem proposed by the author are feasible and operative.