Research Of Computer Forensic Based On Log Analysis

With the explosive growth of Internet, the behavior of network attack occurs more and more times. Moreover, with the reinforcement of security and defense measures, the means of attack is changing. The technologies utilized by evil hackers have not only ARP deception, scripting attack, Trojan injection and so on, but the advance technology such as super worms, convert attacks is beginning to emerge, which makes network security become a prominent problem. During the study of network security, a series of security products appears such as firewalls, IDS, VPN. While, the application of security products is mostly only a passive defense, which can't effectively combat malicious attacker. Therefore computer forensics becomes very important, which can obtain the conduct of illegal attack and achieve complete reconstruction through it. These can be accurate and effective fight against evil hackers.Computer forensics is being able to accept by the court, and sufficiently reliable and persuasive, exists in computers and related peripherals in the electronic evidence to identify, collect, protect, analyze, archive, and presented in court process. Based on log analysis computer forensics is to carry out the process of analysis and forensics on large amount of log files, it mainly by the evidence collection machine, is collected evidence the analyzer and the database three parts is composed.As the log files easy to change and perishable nature of the need for the log files on the computer to make timely protection and preservation, fully guaranteed the reliability of computer forensics to make it more convincing, in this paper used a DSA digital signature on the log file for protection. Throughout the evidence during the course of the log analysis is a critical step, the main use of nuclear clustering algorithm to the log analysis, to better identify suspicious invasion of the log. Analysis in the log before the log files need to pre-treatment mainly includes: the log cleaning, log integration, log transformation and log reduction. Finally, based on log analysis for computer forensics has done a model experiment, through the experiments show that the log can be extracted from the suspect's invasion reached the intended purpose.