| As the development of information technology, computer and network technology develop rapidly and is applied in a wide range of fields. It not only promotes the progression of society and economy, but also greatly improves the way of people'work and life. But the computer network technology is a double-edged sword, and its development also provides a new criminal spaces and means. At present the number of criminal cases that apply computers and networks or make them as the object is increasing, the harmful effects also become more serious. Therefore the social and legal power must be exerted to deal with the computer crime. The computer forensics technology emerges and develops in this situation. The main purpose of computer forensics technology is collecting the evidence in electronic data and reconstructing the crime scene, in order to provide reliable and effective litigation evidence. The core element is that extracting and analyzing all kinds of data information in network, which may be used as the criminal evidence.In this paper, author study and explore further the computer forensics technology, design and implement the forensic analysis system which is based on B/S/S (Browser/Web Server/Data Server) platform. It mainly extracts and analyzes the log files, e-mail, instant messaging software and the registry information. Log is an important document that computer system produces and retains, which records a large number of "trace" of criminal offenders who use computers to break law. So it is very important clues and sources of evidence to combat computer crime. Therefore, extracting the log file that computer generates, and analyzing the correlation of different log files is of importance. In the field of e-mail, not only extract and analyze the e-mail header information, but also distinguish the author identification in the e-mail's content, so that the accuracy of the evidence is promoted. As far as instant messaging software is concerned, the log file that instant messaging software generates is the main thing, which is a special kind of log files. It not only extracts the information of time and place, but also extracts and analyzes the content. In similar projects, correlation analysis method is used, while in different projects, applying the method of correlation analysis is more important. It associates and analyzes comprehensively the logs, e-mail, and the information that is generated by instant messaging software, improving the integrity of forensics information. By scanning and analyzing the registry information, the non-real evidence information may be found out and marked. Finally, by using all of the information, the crime scene is reconstructed and the evidence of criminal process will be formatted, which may be submitted to the judiciary. |
PDF Full Text Request