Research On Keyboard-event-extraction-based Computer Dynamic Forensics Technology

With rapid popularization of computers and networks, information society has quietly approach to our ordinary people. While people enjoying the facilitated office and the high-speed communication that bringing by computer and network, the increasingly phenomenon of computer crime became prominent. Computer Forensics who playing a positive role in solving computer crime attracted more and more people's attention. Technology of computer forensics in finding accurate, reliable, electronic evidences is moving on. At the same time, it raised hot topics in every fields of our daily life.Description of information security's importance, research status of computer crime has been made at first part of the text. By researching present knowledge of computer forensics technology, exposed problems of computer forensics technology have been summarized which would bring facilities to CF's future study. In the paper, methods of program auto-launch have been re-classified as well as current download patterns have been compared. They benefit to future following jobs. After deeply study of the commonly used computer forensics model and forensic techniques, an optimized and rebuilt computer dynamic forensics model which based on law enforcement process model has been formed. Then, a study model built by 3 roles whose main task are keyboard-event-extraction and main roles are gathering server, evidence server, gathering client has been built. Dynamic mainly reflected in the whole process, from keyboard event's generation to being attracted. Program recording the keyboard events has been added in the gathering server before keyboard events emerge,when there were keyboard events, the messages have been send to the evidence server real-time and a keyboard events recording file would be formed there.In the dissertation,data transfer among evidence server and the other two ends has been realized. Meanwhile, extraction of keyboard event and resume broken transfer have been completed. Computer dynamic forensics model based on keyboard event's extraction proposed in this issue would play a positive significance part in acquiring the total process of other events in future.