| With the development of information technologies, the problem of computer crime is become more and more severity, it directly endangers the normal order of politics, economy, and culture. Currently, the network security study is more focus on guarding against intrusion; there is little study for the intrusion forensics. However, computer forensics technology can pursue intrusion, repair the leak of security, consummate the security structure, but also can consummate the law correspond to computer crime.This paper study the computer forensics, it include six chapters, chapter 1 introduces the background and meaning of the project, and introduces the domestic and overseas research status.Chapter 2 explains the concept, characteristics and the source of digital evidence. And then introduces the principle and the specific steps of the computer forensics.Chapter 3 expatiates on the mechanisms and realization of the network packet capturing on Windows platform. Analysis and compare the advantage and disadvantage of capturing the packet at user-mode and kernel-mode, and introduce NDIS and Winpcap.Chapter 4 introduces Pattern Match and Protocol Analysis to the computer forensics system. Explain three pattern matching algorithm: BF, KMP and BM algorithm, and explain the structure of TCP/IP protocol detailed.Chapter 5 brings forward a design model to the computer forensics system, and gives detail design to the modules. Include design the packet capturing program with Winpcap to capture the network packet; use SSL protocol to realize the digital evidence's security communication; bring forward a scheme to save digital evidence security, that is use hash algorithm to validate the integrality of the evidence, use digital signature to validate the identity of the evidence and use timestamp to confirm the evidence's collection time; give a method, which is protocol analysis firstly and secondly design the associating analysis machine with the pattern matching method on... |
PDF Full Text Request