| The fast development of computer and Internet technology has brought enormous convenience to people's work and life. As people get more and more reling on computer, computer crimes which take computers as targets or tools are getting more and more rampant. Computer crimes do serious harm to people's privacy and benefits , as well as society's development. In order to strike a blow to computer crimes, computer forensics– as the cross study of computer science and legal– has come into existence. The process of computer forensics include computer evidence gaining, preserving, analyzing and pigeonholing. The process of computer evidence analysis means discovering data which have intrusion suspision from the magnanimous data, it is an important step to obtain crime evidences. But the computer evidences have different origins, and different form, including system log, invasion residuum, swap area, and so on.This article mainly discussed the design and implecation of intrusion forensics system via log analyzing under Linux environment. The article first introduced the background of the appearance of computer forensics, followed by the brief introduction to the background knowledge, including the current study status inland and and overseas, and introduced some elementary knowledge which will be refered to in the article. Then according to the goal of computer forenciss, discussed the methodology in detail. After that, the article described the design and implementation of intrusion forensics system module by module. In the end, this article summarized the main barrier in the research of intrusion forences system, and set a goal for further study.The intrusion forencis system designed in this article mainly includes three functions modules: log collection module, log analysis module, and user interactive module. The log collection module's main function is to collect logs from the computer system, and direct the logs collected into database; the log analysis module is responsible for the discovering of suspicious logs, which may be intrusion evidences, in the data base; and the user interactive module then works as the interface between users and the intrusion forensics system.In the log analysis part, the author used some relative knowledge of data mining and fuzzy mathematics, discussed the log analyzing algorithm. Hope that this article can offer a few ordinary introductory remarks to others who are studying computer forensics,... |
PDF Full Text Request