| As a powerful weapon to combat computer crime, computer forensics have been widespread concerned. Due to the increase of the storage capacity, traditional hard drives offline forensics shows some deficiencies. Online forensics has been challenged because of popularity of kernel-level Trojan, which can make obtained online evidence untrue. Thus, computer online forensics of obtaining a complete memory mirroring has become a hot research. Online evidence analysis is a data reasoning process to obtained computer online evidence. Online analytical reasoning usually is a process that evidence experts analyze computer online forensic evidence to get the final conclusion. However, the process is not clear, not easy to understand and often includes experts’ personal bias, which may lead to people’s query about the obtained inference.Because there is no model of evidence analytic reasoning, reasoning process of evidence is not clear. Therefore, this paper proposes a computer evidence online analysis method based on fuzzy cognitive map.In this paper, the main work and innovation is as follows:(1) This paper propose use the fuzzy cognitive map to represent relations of computer online evidences and use numerical reasoning of fuzzy cognitive map to simulate evidence reasoning and draw a conclusion. Through using fuzzy cognitive map to detect Trojan of computer online evidence detection as an example to illustrate the process of intelligent analysis. (2) This paper puts forward a method of computer online evidence for Trojan detection, Through constructing fuzzy cognitive map of physical memory image, Use probability measure instead of the usually definitized causal relationship measure to make the causal relationship more reasonable, Finally use the fuzzy cognitive map to reasoning and judge. Because use information of physical memory mirror as much as possible, synthesizing analysis of abnormal information can improve the accuracy of Trojan detection by physical memory mirror. |
PDF Full Text Request