Computer Evidence For Technology Research And Application

Evidence model in the computer existing do not adapt the prevailing requirements of the evidence because of lack basic needs analysis, the evidence of timing constraints, statements of cross-duplication work not clear and so on. So we have designed a practical evidence model in the computer. By the model the evidence model will be divided into five stages, each stage of the evidence model workflow convergence relations. in order to ensure the orderly process Association, in each stage of the work to the stage with the evidence requirements of the evidence attribute restrictive conditions, a computer forensics and evidence of legal work the organic integration truly realized the purpose of obtaining computer forensics. In order to facilitate a clear understanding of the computer evidence activities, we have described the practical evidence model used by the Petri nets.According to the the framework of the practical evidence model in the computer, We have advanced application standards of the evidence tools and optional tools in the computer firstly, provided the e immediate measures to protect the evidence. Then we made for a specific analysis to the demand of the evidence in order to identify the core content of the work with the corresponding methods of operation to ensure the effective access to the evidence phase extraction or evidence found in-depth work of the clues. We have made a thorough study to the contents of some questions, such as restoring files, IP address tracing, and advanced some solution, the contents are help for the practical evidence .Based on the requirements of the evidence analysis ,We have advanced some methods such as Correlation function of the system, relevant functions time correlation, correlation analysis of the methods, and these methods can meet the special requirements of computer evidence. We have defined of the various analysis methods of application object or its scope in order to help Evidences officers destinately use of evidence analysis. In order to deepen the understanding of the methods of evidence analysis, some of the contents in the form of examples to show the evidence to enable more effective use of these tools to explore in depth the work of the evidence or entry point。Finally, given the Computer Forensics workflow diagram, using both the detailed planning process diagram of a computer forensics work, and clear evidence of a specific operation processes, the Computer Evidence work is no longer empty, macro, formal theory.