| Recently,the information network has been an important infrastructure of nation.The security of information network has been a grand issue that related to the nation and the public. A new type of criminals based on or oriented on computers is booming, which imperils a nation's development and stability. Striking it and keeping it away has become an urgent work for every government. However, the key is to pick up the "marks" left in the computer by the criminal and offer them to the court as powerful evidence. That is why the techniques about how to pick up the evidence in the computer are studied and paid much attention by people.This thesis suggests new concepts which includes such as the workflow for digital evidence collection,the computer evidence online extraction,the full offline extraction.On-line data analysis and pick-up refers to analyse and pick up the data in the computer running state.Through on-line analysis and pick-up, the system's operation of the computer running state can be comprehensive grasped.Off-line data analysis and pick-up aims at from the cloned hard disk. It is after the series of work, including sufficient on-line pick-ups, original hard disk cloning, data maintaining and recovering . The designation of off-line data analysis and pick-up sub-system is based on the reality and requirement of off-line evidence pick-ups at home and abroad. First, the main structure is built, and then its three sub-systems is developed and achieved by analyzing characteristics and technique difficulties of the main system systematically. The three sub-systems are powerful searching module, hard disk tool module, pattern matching module. At the end of this thesis, an electronic evidence maintenance and verifying scheme based on MD5 arithmetic and digital signature will be proposed.The computer forensics system designed in the thesis is with high usability and reality, and mainly used in security protection and defending department such as justice, banks, and armies. |
PDF Full Text Request