| With the wide application of internet and rapid development of informationtechnologies, people are enjoying a much more convenient life, and meanwhile, facing asignificant serious network security situation. Computer crime and insecure internetenvironment greatly affect the development of economy and politics. Computer crime isa kind of high-tech crime, it is intelligent and hidden and the traditional internet securitytechnologies cannot be survived with. Therefore, relevant laws and regulations need tobe establishing and people’s security awareness should be enhance as soon as possible.This is how computer forensics comes is born. Computer forensics is a combination oftechnologies including obtaining, conserving, analyzing and presenting the electronicevidence. The main goal is to excavate and collect electronic evidences. Research oncomputer forensics will surely be helpful with preventing computer crime and issignificant for internet security.By researching the status of computer forensics development, this paper firstlyintroduced some relevant concepts about computer forensics. And then, it comparedtraditional static forensics and dynamic forensics. Based on the comparison, the idea ofDistributed Dynamic Forensics System (DDFS) will be brought out. DDFS owns bothadvantages of static forensics and dynamic forensics. With the help of Rootkit, realizethe hide and protection of evidence agency and relevant supervision. Utilization ofDDFS can afford various options to against illegal activities according to resourceallocation. It will enhance the capability of evidence collection and ensure the electricevidence is accurate, complete and safe. After the in-depth analysis of designrequirements of DDFS, summarized its overall framework and its workflow. Emphasiswill be put on the design of the following five main functions: evidence collectionmanagement station, evidence data base, transition center, evidence collection point,and evidence collection agency.More in-depth study of the key technologies involved in DDFS and focus on therealization of the most important function---evidence collection agency. Withutilization of Rootkit, the realization methods of self-hiding, real-time supervision and evidence collection can satisfy the actual requirements. At the same time, the realizationmethods and workflow of the other four functions are also discussed. By testing, DDFScan effectively complete the supervision of target host computer, collect electricevidence and safely transfer target data. The original design goal is realized. |
PDF Full Text Request