The Design And Implementation Of The Cooperated Analysis System For Computer Forensic

The amount of cases involved with investigations on computers such as thedissensions caused by electronic commerce and criminals with computers isincreasing. The contradiction between the increasing investigation affairs forcomputer forensic and the poor efficiency of current analysis mode of computerforensic turns out to be the main contradiction. The paper aims at dealing with thiscontradiction and fulfills the set up, implement and validation of the model ofcooperated analysis system for computer forensic. It confirms that using thecooperated analysis model for computer forensic can efficiently decreases the timecost on the evidence analysis and improve the accuracy of evidence analysis incondition of fast fulfillment of evidence analysis.The paper focuses on researches as below:Firstly, the paper discusses the history and status in quo of computer forensic,works on the characteristic of common analysis tools for computer forensic in currentmarket, and points out the drawback or limitation on the processing speed, I/Obottlenecks, software bugs, audit, deployment and administration of analysis tasks,automation and so on. It brings a new proposal of analysis product for evidenceobtaining with higher efficiency of analysis in computer forensic and increasinglynarrow time spent on the analysis of mass data by the way of cooperated analysiscovering spans of regions and time domains with multi-user.Secondly, the paper studies on the characteristic of file systems and algorithmsof common file systems’ recovery. It puts forward the method of deep data mining infile systems. The paper arranges the methods of data recovery for both file systems ofFAL and NTFS, integrates and arranges technologies of data anti-formatting and filecarving. It gives the method of deep data mining by combining the applications of two new technologies. The algorithm increases the capability of data recovery of theanalysis tools for computer forensic.Thirdly, the paper analyzes on demand of the system and accomplishes thedesigning of the main framework of system. The system designing of C/S multi-layerarchitecture and implement based on C++. The system is composed by modules suchas identity authentication, supervision of analysis behaviors, searching by key words,the administration of evidences, data recovery, bookmarks and report creation. Thesystem also provides extern interfaces for the administration system of cases inexistence.Fourthly, the paper fulfills the cooperated analysis system for computer forensic.It completes the designing and implement of the module of user identification, themodule of administration of analyzing behaviors based on the identity of users as wellas the module of the cooperated analysis system for computer forensic. It fulfills thecooperated analysis module of data recovery supported by the virtual file system,searching by key words, etc. The paper also designs and accomplishes the interfacemodule to the case administration system.Fifthly, the paper validates the function and performance of the system. Itvalidates the maneuverability of cooperated analysis system in the process ofcomputer forensic. It confirms the effect of improving the efficiency of evidenceanalysis and narrowing down the analysis time on evidences by cooperated analysissystem for computer forensic via the time’s comparison in analysis on the sameevidence in different systems.The paper validates the feasibility of the proposal of cooperated analysis oncomputer forensic by means of researches on cooperated analysis system forcomputer forensic. The application of the system can effectively save the time onelectronic evidence analysis and authentication and improve the accuracy of evidenceanalysis.