| As the construction of information penetrates into our military more and more deeply, various information systems on the flat roof of the computer increase continuously. They improve the efficiency and create the benefits, but at the same time, they make the battles between stealing and anti-stealing the secret, forensic and anti-forensic more and more intensely. Therefore, it has been urgent to solve the problem how to guarantee the security of the correlative department's work contents and environments, prevent the sensitive information from leaking in any way and the attackers from obtaining the relating information through the traces left through operating the computer, and construct the barrier of the information security in our military. So, it has crucial meaning to develop the system of cleaning computer operating traces. The technology of cleaning the traces is researched in the dissertation, and the main works are as follows:1) The characteristics and origins of the computer operating traces are analyzed, and the policy to clean computer operating traces is proposed.2) The technology of capturing the data is researched. The system structure and working principle of operating system are analyzed, and the dynamic data capturing model based on the file monitoring and register monitoring is proposed. On the basis of the research on the model, the method to capture data based on the file monitoring and register monitoring is proposed. The design and implementation technology of the two monitoring engine is researched deeply.3) The technology of traces analysis is researched. On the basis of analyzing the algorithm BM, QS, FS, an improved algorithm of multi-pattern matching is proposed, which adaptes to the requirement of pattern matching between the strings mixed with the Chinese and English characters. The algorithm of multi-pattern matching possesses both of the advantages of BM and QS. It is able to match the strings mixed with Chinese and English characters, so that it improves the function efficiency of the algorithm. Aiming at the difficulties to detect the text copying, a method of detection and analysis based on the content is proposed, which improve the calculation of the similarity of the text in literature [43], and the precision of calculating the similarity. The rule to describe the traces is defined, and the method to analyze and extract the computer operating traces based on the rules matching is proposed.4) The technology of deleting in security is researched. On the basis of the analysis of the file system FAT 32 and NTFS, the principle to delete the files is analyzed, and the policy to delete the files in security is proposed. The design and implementation technology to delete the files in security is researched deeply.5) On the basis of the research on the data capturing technology, traces analyzing... |
PDF Full Text Request