| The development of information technology and extensiveapplication profoundly changed people's way of life, production,the construction of China's large number of informationsystems has become the nation's infrastructure. But because ofthe special nature of IT itself, in the course of the entireinformation will also bring tremendous information securityrisks. Computer information systems for the computer crimetargets and the types of tools for criminal activities more andmore new types of crime. Computer crime to the country, societyand individuals inestimable serious consequences and hugeeconomic losses and triggered social problems has becomeincreasingly acute. So to combat computer crime, ensuringinformation security for the country's economic evelopment andsocial stability is of great practical significance.As computer-related crime is a constant over time and theexpansion of high-tech crime, computer crime and the hiddennature and the characteristics of an anonymous, computerrelatedcrime often difficult to leave evidence of a crime,which greatly stimulated the computer in high-tech crime casesfor computer-related crime investigation, gathering evidence,hearing was extremely difficult. In this life, computer systemor network against the criminal activities and the use ofcomputers and computer networks, engaged in various criminal activities to more and more, the resulting economic lossesshocking, the social issues become more and more prominent, onthe community the harm is also growing. Computer crime rapidincrease in the crime rate, so that the computer systems of allcountries, especially networking system faces a serious threatand become a serious social problem. Although a growing numberof computer crime cases, but the actual prosecution of the caseis rather small. One of the reasons is the evidence difficult,because many cases lack of evidence abandon the prosecution.China's courts involving many files to computer-related crimebecause no proof or evidence cited by do not have the force oflaw, together with countries in this area have not made thecorresponding legal interpretation, unable to hear these cases.How will remain in the computer criminals in the crime scene asan effective legal evidence provided to the court, and thiswill be brought to justice, here relates to the key technologyis computer forensics technology, also known as computerforensics, it is the computer fields and fields of a juristscross disciplines. Currently, Computer Forensics (computerforensics) has been more and more concerned about the people.The existing network security research and more focus onguard against invasion, the invasion little evidence on theissue. However, computer forensics technology of the fightagainst computer crime, tracking the invasion, repair security flaws, and improve computer network security system is ofgreat significance.Based on this, this paper ,against computer forensicsresearch and development status quo,I integrate in ChangchunMunicipal Public Security Bureau Network Monitoring Departmenta year of research experience,Exploration how computerforensics technology and network monitoring technology,integrate the use of illegal intrusion detection systemIntrusion Detection activation or malicious acts and evidencesystem, a real-time computer crime evidence collection, lawenforcement agencies provide for a more accurate,complete,legitimate evidence. I presents a IDS-based computercrime evidence dymamic forensics research methods.The article first summed up the computer forensics courseof development of technology, research status, trends, analysisof the existing computer forensics technology existing problems.Against the existing network security technology existingproblems, and pointed out the need to solve the increasinglyrampant crime computer networks, the key is using legal meansas computer forensics. Computer Forensics and the static anddynamic techniques of computer forensics technology wereanalyzed. Using traditional methods of static evidence thenetwork can not access information, because most of theinvaders will cover up after the invasion, delete or tamperwith evidence, so that if the file is restored to restore data also possible that has been modified by the data can not beused as court evidence of another invasion are now the majorityof computer networks to achieve, and thus against networkprotocol for the invasion of powerlessness. Along with thetechnological means of computer-related crime increased, whichmeans the static of evidence has been unable to meet demand.The evidence is dynamic intrusion detection systems, firewallsand other network security technology closely integrated, realtimeaccess to data and a smart analysis technology. Computerevidence is to review the basis for judging the evidence, onlyaccess to the full, effective and proper preservation ofevidence, it may be evidence of the authenticity of materials,and prove the reliability of the analysis, identification andjudgment in order to determine the facts of the case to ensurethat litigation mandate materialize. Because this technology isevidence of the invasion, the real-time, it is evidence ofreal-time and continuity, crime scene reconstruction isextremely beneficial. Therefore, the dynamic electronicevidence is more convincing evidence and legal effect. Thispaper focused on the acquisition of computer evidence keytechnologies were studied.In this paper, the computer-based IDS dynamic Forensicsevidence of a crime, the full text is divided into fivechapters. The first chapter is devoted to the topic of topicsbackground and research significance, and network securityresearch from the status quo, and from product development andapplication of the theory, analysis and comparison of domesticand foreign computer forensics technology of the status quo.Chapter 2 introduces the existing computer forensicstechnology and the characteristics of computer evidence,computer forensics analysis to be followed in the course of theprinciples and Computer Forensics steps. Contrast the staticand dynamic Computer Forensics evidence.Chapter 3 study about Intrusion Detection Technology, andanalyzed in the network intrusion detection system in the areaof application security.Chapter 4 presents a IDS-based computer crime evidencedymamic forensics methods thinking, Analysis of the Firewalland Intrusion Detection the relationship between, and expoundedon the evidence of IDS-based computer crime evidence dynamicmethods of theoretical principle; IDS established based on theevidence of computer crime evidence Dynamic System Model; inthe establishment of a computer-based IDS evidence of criminalevidence system model based on the model of the design modules;Chapter 5 is done to conclude the text and Prospect. |
PDF Full Text Request