Research On The Evidence Validity Of Data Capturing By Honeypot

Nowadays, along with the rapid development of computer and network, a variety of computer crimes abound. However, because of its own characteristics, traditional means of investigation and forensics cannot be applied to computer network crimies, therefore, new techniques are needed to make up for the vacency.As a trap system, the honeypot system, raised in the late 1980 s. After 20 years’ development, from the initial concept to a system which has gradually developed into a mature, reliable and easy to manage and maintain, the honeypot system is applied to enterprise network protection and scientific research.The honeypot system which is deceptive, trap, and facilitate the timely data capture and other characteristics, adapting to the current case of computer crime forensics means required demand, is a supplement and improvement to the traditional means of evidence. This paper will study the effect of electronic data capture based on evidence of honeypot technology.This paper will start from the three elements of the legitimacy of evidence, through legal argumentation and experimental demonstration of dual mode to prove the honeypot forensics data capture, objectivity and relevance, and creatively proposedthe establishment of certification system of honeypot system, by the use of honeypot forensics system data capture technique for authentication, ensure the honeypot Forensics technology to capture data is consistent with the program provisions. First, this paper will analyze the disadvantages of traditional forensics and advantages of initiative forensics in the current computer forensics background. Then introduce the development of honeypot system, thus leads to three ways of electronic data capture for honeypot system, namely the firewall of honeynet gateway, sniffer, and system kernel tool.The third chapter will analyze the legality of the honeypot system forensics. The first part discusses the legitimacy of honeypot forensics. Because honeypot system has fraudulence and seduction, in some respects, it has common with temptation investigation. The legality of temptation investigation is unknown, the applicable scope is different all over the world. This paper will give a detailed analysis of the relationship between temptation investigation and police entrapment, and the relationship between honeypot forensics and temptation investigation, to derive a legality standard and applicable scope of Honeypot forensics. The second part of the establishment of a small honeypot system, through the experiment to prove the objectivity of honeypot forensics data capture. The third part will be through the simulation experiment to demonstrate the relevance of the intrusion honeypot forensics data capture, and summary of the two experiment.The fourth chapter will attempt to discuss other legal issues that honeypot forensics may involve. For example, this part will discuss how honeypot forensics protect personal private data, and some potential issues during the protection process. Try to set up a honeypot capture the procedural rules of evidence and the exclusionary rules of illegal evidence, put forward the certification system of honeypot system. Finally summarize the paper and make an assumption for the further development of honeypot forensics.