| With the rapid growth in computer and information technology, especially the increasingpopularization of Internet, Internet services such as e-mail, blog, IM has become convenient meansfor information communication. As the network provides convenience to people, it is also used as anew platform for committing the crime, and all kinds of crime occurred in the computer field isdramatically increasing year by year. Although the network security technology to prevent criminalactivity played a role, it does not solve the problem fundamentally in the case of the criminal meansmore and more sophisticated. Only through legal means to bring criminals to justice can we strike anddeter criminals. In this situation, computer forensics science was born at the right moment.Furthermore, as a cross-disciplinary subject of computer science, criminal investigation and law, it hasbecome a hot topic today.The thesis firstly reviews the state of art of computer forensics, and then points out its trend ofthe development; secondly, studies the computer forensics related theory and technology, combinedwith the characteristics of the electronic evidence, then discusses the principles and general procedureof computer forensics; thirdly, analyzes the present dynamic forensics system models commonly used,and points out their some shortages and the challenge that has to be faced. In view of the shortages ofsome dynamic forensics models at present, this thesis designs a dynamic forensics system onWindows platform based on distributed network forensics model, which can realize obtainingevidence on the computers as both crime goals and crime tools. The system design highlights thecharacteristics of real-time obtaining various data sources in high efficiency, forensics processsecretive, forensic analysis algorithm intellective and etc. According to the requirements of the design,this thesis researches the key technologies used in the dynamic forensics system,and gives thespecific technical implementations. Of the evidence acquiring, the ways to real-time acquire datasources of log files, registry, file monitoring, on-site evidence, etc are researched, and a evidenceacquisition strategy based on the IDS rules is designed; Of the forensics process hiding, the solutionsprocees in the ways of process automatically loading, process hidding, files hidding and processanti-killing; Of the the evidence analysis, a fast association rule mining algorithm is applied. Finally,the entire system was implemented and the simulation test and features analysis are executed. Theresult of the test and analysis proves the validity of the computer dynamic forensics system inWindows network. |
PDF Full Text Request