| With the development and popularization of computer network, the use of computercrime has become a new trend of social crime. Through the" computer forensics"obtain evidence of the crime be detected these high-tech crime case key. Computerforensics technology with the network technology and the increase of the crime to thedevelopment direction of the following:(1) forensics tools to diversification,specialization and automation direction;(2) the integration of other theories andtechniques;(3) the computer forensics tools and process standardization. From theactual situation in our country, the construction of information security and thepopularity of the level are still at the starting stage. Improved forensics work shouldalso and strengthen and improve information security audit together.The current computer forensics tools mainly for postmortem forensic analysis work,"zhonghuajian information audit system" in view of the current computer forensicswork situation and put forward a set of daily behavior auditing and the subsequentforensics system as a whole, the system will computer crime events as a process,through the information audit module on unit daily network access and terminaloperation behavior record audit, in order to find problems when the event tracking, oreven realize event playback process, in the event of a preliminary confirmation,through a variety of evidence function of the realization of the suspicious target depthof the forensic work, combined with a variety of audit information module, for eventcorrelation analysis, and feedback from the entire course of events, for lawenforcement personnel and management staff of the unit to provide morecomprehensive data evidence, as well as enterprises and institutions and governmentagencies to provide technical support to the daily review unit. The system adopts andforeign product synchronization of advanced technology development, almost deeplyinto the national production of various industries, especially for China’s defenseindustry, finance, public security and other industries or sectors of the informationsecurity construction has an important role in promoting.I am responsible for the sensitive information detection and destruction of module ismainly used for the target object depth forensics analysis process, to achieve the goalof disk exists on the sensitive information are the depth of search, including existingfiles, a file that has been deleted and disk cluster information contained on the disk, inthe presence of IE browsing history and USB interface access history carries on thecomprehensive analysis of evidence. In addition, in order to meet the needs ofdifferent users, the module design of data destruction function, to achieve theinformation completely removed, preventing information leakage.The paper through to the system demand analysis, overall design, function moduleand the specific implementation and so on are described, also applied to the system is the main technology and the main technology are analyzed, and a detailed descriptionof the sensitive information detection module design and realization. |
PDF Full Text Request