| With the rapid development of computer technology, informatizationhas become an inevitable trend and covered every aspect of people’s liveswith a lot of convenience. But at the same time, crimes related to computerare increasing day by day and have brought a lot of harm to society. In thiscontext, computer forensics is particularly important.However, traditional computer forensic technology has the followinglimitations:1) the evidence is collected after the crime happens, so only thelast state of computers can be obtained. In this way, it is difficult toaccurately restore the process of computer crime. Moreover, if attackers useanti-forensic tools to erase the crime traces, it is unable to get importantevidence;2) evidence extraction is based on one single computer and nomeaningful cross examinations across multiple computers are used;3)forensic analysts need to gather evidence facing physical machines. In thismode, it is inconvenient and inefficient to make batch forensic analysisacross multiple computersTo solve these problems, a cloud-based proactive forensic system isresearched and implemented in this paper. This system is able to record thestate information across a set of targeted computers and periodically uploadthe information to the servers in the cloud, which avoids tampering theevidence and ineffective forensic analysis. With the help of cloud computingplatforms, this system is also able to collect forensic information on largeamount of clients with high availability. With forensic information collectedfrom different clients, it is able to perform cross-reference forensic analysis.In the final part of this paper, we conducted several experiments and verified the feasibility of large-scale proactive forensic systems. |
PDF Full Text Request