| The computer forensics is an important tool in battling with the computer crime. In view of the weakness of computer static forensics, a distributed dynamic forensics system based on multi-agent was designed. With the intrusion detection technology, the system can monitor the users behavior and the network flow in the protected net , so it can obtain the intrusion evidences in time and achieve dynamic forensics.In the paper, the three important aspects of computer dynamic forensics such as evidence collection,evidence analysis,evidence preservation were also deeply studied. In evidence analysis, an intrusion detection model fusing misuse detection, anomaly detection and file integrity detection was adopted, an intrusion detection agent fusing multi-detection technique was also designed. To distinguish between a crime evidence and an invasion evidence , an improved intrusion detection model was designed with the crime features database applying. In evidence preservation, the chain of computer crime evidence was studied,to guarantee the legal effect of digital evidence, an evidence-securing methodology that unite message digest, digital signature with timestamp technique was brought forward.The research about computer dynamic forensics in our country is in the initial stage now,so the principal achievements of this paper are helpful to the exploration of computer forensic methods and to the construction of useful computer forensic system. |
PDF Full Text Request