| With the development of computer technology and the popularity of information, computer has becoming more and more important in our life, but the events of computer crime occur more and more frequently too. In this case, digital Evidence, a new form of evidence, has becoming more and more significant in the information world. Digital evidences exist inside computers or peripheral equipments. Different from traditional evidence, it has some special characters, for example, it can be overwrite or delete or modified very easily. So, how to acquire, store, transport and analyze digital evidence efficiently and perfectly is a problem.According the author's practice for detective work of computer crime, and study of computer forensics, in this paper, we present the design and implementation of dynamic digital evidence collection system. Dynamic digital evidence collection system was designed to consist of four modules: incident produce module, incident analysis module, security prewarning model, incident respond and control module. The incident produce module has adopted more high-efficient NetFlow technology. And carry on the rational filtration association to the initial data that are gathered, more useful data will be stored in the database. Incident analysis module is designed to layers. Firstly, using the traditional statistical analysis method, the initial data is analyzed cursorily at first time, and store the data result into database, then, use data mining method, establish data warehouse, create Multidimensional data tables and OLAP. Security prewarning model receive analysis results, establish normal value, set up an anomaly detection model. Incidents respond and control module takes the effective measure to deal with the intrusion incident. The system has realized data collection, washing, change, store, setting-up multidimensional data tables, analysis data, creating rules, building the model and responding. |
PDF Full Text Request