The Research Of Network Forensics Based On Analyzing Network Protocol And Identifying Network Theft

The 21 st century is the prosperous and prevalent times of Internet, but also the era of information sharing and rapid dissemination. First, Internet as the leading role of times brings a lot of convenience to our work and life. However, events that jeopardized information security frequently occur and bring immeasurable harm and losses to us. Therefore, we should not only protect information security, but also punish computer crimes by low, and network forensic has emerged at this time. Network forensics as a computer technology devotes to collect and analyze electronic evidence to find computer crimes with the way of dynamic defense.In recent years, the events of information theft and document leak endanger commercial and personal property security. Therefore, we should urgently recognize and prevent network theft. For above, we need in-depth study to the recognition of network theft and network forensics. And we propose a research program that timely obtaining effective electronic evidence by analyzing network packets to prevent theft and provide evidence for litigation.In this paper, I propose a study about network forensics based on the analysis of network protocol and the identification of network theft.The principal contents and of this paper are the following aspects:1) Introduce the background and development of network forensics; Compare traditional computer forensics to network forensics; highlight the importance of network forensics; introduce the feature of network electronic evidence; put forward the way to analyze and dispose of network packets.2) Introduce several network forensics technologies and put forward that each has its relative merits; summarize methods and ideas of network forensics; propose the method to differentiate network abnormal behavior from normal behavior; introduce data mining as core technology to distinguish network theft.3) Capture and collect network packets; Analyze and parse the packets to obtain the MAC adderss, IP address, protocol type, port number, time, packet length, direction of data flow and other information based on formative network protocol; take them as key factors to distinguish network theft.4) Introduce the way to recognize and distinguish network theft base on clustering analysis results of network data; because the number of network packets is huge, the paper propose data mining algorithms to analyze network theft; cluster network packets and analysis network theft.5) Introduce forensic system response module; the system will response according to the analysis results. When network theft has been discovered, system will timely block and obtain evidence. The system will dynamically defense, timely take the evidence forensics and save electronic evidence.