| The rapid development of computer technology has opened a new door for human civilization,when it is creating enormous wealth,at the same time must be accompanied by the occurrence of damage,the computer crime is a network crime that is the most common and the most failure to prohibit. The compute forensics is produced and developed in the situation,its purpose is searching for electronic evidence,restore network crime scene,realize fighting and solving computer crime.The computer logs as a key evidence of forensic work,its security, integrity, and so on all has the vital role.The article based on the Windows logs,mainly research and design the following contents:1.Research and design a model for computer log integrity testing.The model uses Hash function which for computer system log generated a series continuous arrangement log unique identifier,the identifier can detect whether the log is tampered or not,and can find the tampered position quickly, at the same time using the digital signature technology confirm your identity,to prevent being tampered on the way.Model also introduced the trusted third party, on the one hand, can improve the storage performance, on the other hand can improve its storage security. Performance analysis results show that the model can realize computer logs integrity detection fast and efficiently.2. Establish a computer forensics dynamic model.The model based on improved Apriori algorithm,the improved algorithm can effectively reduce the number of generated frequent itemsets, thus increase the search efficiency,at the same time adds a new target logging identification in the Apriori algorithm,which is very important for forensic to find “interested”logs,especially under the conditione which has large amount computer logs and fast update is much better.Through the different minimum support and log for performance analysis, the results show that computer forensics model based on improved Apriori algorithm is faster, more accurate, more targeted. |
PDF Full Text Request