| In recent years with the increasing of the Internet, more and more computers on the Internet have been attacked by hackers and it brings huge economic losses to the computer users. There are many kinds of attacking methods, common ones such as DDOS attacks, Trojan attacks and so on. Among them Trojan attacks' consequences is particularly the most serious one. The system will be controlled by hackers after the invasion, and then they can steal important information of the computer users, or pretend to be the users to do something illegal. Therefore, the research of computer crime forensics and finding evidence of the invaded computers become meaningful.Finding invading IP, Trojan and attacking sequences is an important premise to hit the computer crime. Based on the analysis of traditional computer crime forensics methods, it contains important technique of finding the attacker's IP and the Trojan the attacker used in the main-memory's data and log attacking sequence analysis technique, and it implements both of these two analysis methods.In the analysis of memory's data, it conducts computer crime forensics to the mass memory data. With the help of the rudimental memory's analysis, it can find the attacker's IP address and the Trojan the attacker used. In the analysis of log attacking sequence, it conducts statistics to the log sequence and form a normal sequence. It implements the extraction of log attacking sequence which is different from normal sequence.Based on the research over the above techniques, evidence collection and other computer crime forensics methods, this paper designs and implements a computer crime forensics platform. It can find invading IP, attacking sequences, and examine the directory, files, logs and distorted file information of the invaded computer. The practical results of its operation validate the effectiveness of the computer crime forensics system in this paper. |
PDF Full Text Request