A Research On Evidence-Collecting Technique Of Network Crime On The Basis Of NIDS

The development of information technology and extensive application profoundly changed people's way of life, production the construction of China's lame number of information systems has become the nation's infrastructure. But because of the special nature of IT itself, in the course of the entire information will also bring tremendous information security risks.Computer information systems for the computer crime targets and the types of tools for criminal activitie smore and more new types of crime.Computer crime to the country, society and individuals inestimable serious consequences and huge economic losses and triggered social problems has become increasingly acute.So to combat computer crime,ensuring information security for the country's economic evelopment and social stability is of great practical significance.As computer-related crime is a constant over time and the expansion of high-tech crime,computer cryme and the hidden nature and the characteristics of an anonymous,coumper-related crime often difficult to leave evidence of acryme, which greatly stimulated the coumpuer in high-tech crime cases for coumpuer-relatedcrime investigation,gathering evidence.hearing was extremely difficult.In this life,coumputer system or network against the creminal activities and the use of coumputers and coumputer networks.engaged in various criminal activities to more and more,the resulting economic losses shocking ,the social issues become more and more prominent,on the community the harmisal so growing.Computer crime rapid increase in the crimerate, so that the computer systems of all countries,especially networking system faces a serious threat and become a serious social problem.Although a growing number of computer crimecases ,but the actual prosecution of the case is rather small.One of the reasons is the evidence difficult,because many cases lack of evidence abandon the prosecution.China's courts involving many files to computer-related crime because no proof or evidence cited by do not have the force of law,together with countries in this area have not made the corresponding legal interpretation,unable to hear these cases.How will remainin the computer criminals in the crime scene as an effective legal evidence provided to the court,and this will be brought to justice,here relates to the key technology is computer forensics technology,also known as computer forensics,it is the computer fields and fields of a jurists crossdisciplines.Currently,coumputer,coumputer,ofForensics(computerforensics) has been more and more concerned about the people.The existing networks ecurity research and more focus on guard against invasion,the invasion little evidence on the issue.However, computer forensics technology of the fight against computer crime, tracking the invasion,repair security flaws, and improve computer network security system is of great significance.Based on this,this paper,against computer forensics research and development status quo,Exploration how computer forensics technology and network monitoring technology, integrate the use of illegal intrusion detection system Intrusion Detection activation or malicious acts and evidence system,a real-time computer cryme evidence collection.law enforcemen agencies provide for a more accurate,complete, legitimate evidence.I presents a NIDS-based computer cryme evidence dymamic forensics research methods.The article first summed up the computer forensics course of development of technology, research status, trends, analysisof the existing computer forensics technology existing problems. Against the existing network security technology existingproblems, and pointed out the need to solve the increasingly rampant crime computer networks, the key is using legal meansas computer forensics. Computer Forensics and the static and dynamic techniques of computer forensics technology were analyzed.Using traditional methods of static evidence the network can not access information,because most of the invaders will cover up after the invasion,delete or tamper with evidence,so that if the file is restored to restore data also possible that has been modified by the data can not be used as court evidence of another invasion are now the majority of computer networks to achieve,and thus against network protocol for the invasion of powerlessness.Along with the technological means of computer-related crime increased,which means the static of evidence has been unable to meet demand.The evidence is dynamic intrusion detection systems,firewalls and other network security technology closely integrated, real-time access to data and a smart analysis technology. Computer evidence is to review the basis for judging the evidence, only access to the full ,effective and proper preservation of evidence,it may be evidence of the authenticity of materials,and prove the reliability of the analysis,identification and judgment in order to determine the facts of the case to ensure that litigation mandate materialize.Because this technology is evidence of the invasion,the real-time,it is evidence ofreal-time and continuity,crime scene reconstruction is extremely beneficial.Therefore,the dynamic electronic evidence is more convincing evidence and legal effect.This paper focused on the acquisition of computer evidence key technologies were studied.In this paper,the computer-based NIDS dynamic Forensics evidence of a cryme,the full text is divided into five chapters.The first chapter is devoted to the topic of topics background and research significance,and network security research from the status quo,and from product development and application of the theory, analysis and comparison of domestic and foreign computer forensics technology of the status quo.Chapter 2 introduces the existing computer forensics technology and the characteristics of computer evidence computer forensics analysis to be followed in the course of the principles and Computer Forensics steps. Contrast the static and dynamic Computer Forensics evidence.Chapter 3 study about Intrusion Detection Technology,and analyzed in the network intrusion detection system in the area of application security.Chapter 4 presents a NIDS-based computer cryme evidence dymamic forensics methods thinking,Analysis of the Firewall and Intrusion Detection the relationship between,and expounded on the evidence of NIDS-based computer crime evidence dynamic methods of theoretical principle;NIDS established based on the evidence of computer crime evidence Dynamic System Model;in the establishment of a computer-based NIDS evidence of criminal evidence system model based on the model of the design modules;Chapter 5 is done to conclude the text and Prospect.