| Comparing with the traditional digital forensics,digital forensics that in cloud computing environment has its unique characteristics and the cloud forensics process involves more investigators than traditional digital evidence,while the interaction is more complex.Evidence information provided by the cloud service provider is not entirely reliable.The characteristics of cloud computing make the traditional digital forensics framework and forensics tools not apply.It is necessary to research forensics technology specifically for cloud computing environments.With the rapid development of container technology,cloud services combined with Docker container technology has gradually become popular.Correspondingly,the safety problem should also be concerned.Therefore,discussing the security of application deployed in Docker and researching the forensics methods aiming at application in Docker container can help investigators obtain reliable evidence information in time and improve the efficiency of forensics.In this thesis,the main research contents and contributions are as follows:Firstly,this thesis analyzes the traditional digital forensics methods,mainly studies and summarizes digital forensics methods and tools for cloud computing environment,virtual environment and web server,and puts forward a kind of method for the web application in Docker container according to the traditional forensics methods of web server and cloud environment.On the server side,the method analyzes the application by Docker important commands,exports the container image of application.Then the method accesses the key information from the image.In addition,through the database visualization tools,the application can be derived from the background database table and access the key information.On the client side,the login information of application can be extracted through the browser cache and history.Secondly,this thesis extracts the relevant evidence information respectively from the server and the client.Then does the similarity analysis of evidence information on both ends.The similarity between the server and the client is obtained through the analysis and calculation,and then the similarity is used to prove the authenticity and reliability of the information.Lastly,this thesis designs a prototype tool.This tool can automatically extract the evidence information on server and client about the application and realize the similarity calculation between the evidence.An information management system website is deployed in Docker.It is used to conduct experiments by simulating illegal websites to verify the forensics methods.The experimental results show that the forensics methods are feasible. |
PDF Full Text Request