| With the development and popularization of computer and network technology, computer crime is becoming increasingly rampant ,heavily threatening network security and personal privacies, at the same time, the application of computer forensics has been gradually expanded.Log files are very important clues and evidence in fighting against computer crime, in which keeps the record of the computer system occurred during the operation of anomalies. In order to make the computer log as a legitimate electronic evidence available to the court, we must take effective measures to ensure the integrity authenticity and credibility of the log evidence.Firstly in this thesis, the definition, principles, work content, process steps of computer forensics and relevant concepts , characteristics of electronic evidence have been summarized. This thesis also gives an introduction about the concepts of the computer log and some Windows system log files, then the current development status of domestic and international computer forensics and log study have been concluded, meanwhile, the legal basis of the log data as electronic evidence and the feasibility of forensics based log have been demonstrated. In the end,we enumerated relevant technologies based on computer log forensics, designed a computer forensics model based on windows logs.The model is fully integrated with the principles of computer forensics logs, and makes innovative research in integrity protection and authentication of log information with MD5 message digest and RSA digital signature technology; Both to ensure the security and improve the transmission efficiency in secure transmission of log information(based on the SSL protocol) through the combined use of symmetric encryption algorithm (DES) and asymmetric encryption algorithm (RSA) ;To improved the efficiency and accuracy of log analysis by using data mining ;To ensure the integrity,authenticity and credibility of the log evidence by using database to store log information security. |
PDF Full Text Request