基于网络动态取证系统的设计与实现

基于网络动态取证系统的设计与实现

于志宏¹, 刘喆², 赵阔¹, 努尔布力¹, 史光坤¹, 胡亮¹

1. 吉林大学计算机科学与技术学院, 长春 130012; 2. 吉林省经济管理干部学院，长春 130012

收稿日期:2008-01-24 修回日期:1900-01-01 出版日期:2008-07-26 发布日期:2008-07-26
通讯作者: 胡亮

Design and Implementation of Dynamic Computer Forensics System Based on Network

YU Zhihong¹, LIU Zhe², ZHAO Kuo¹, Nuerbuli¹, SHI Guangkun¹, HU Liang¹

1. College of Computer Science and Technology, Jilin University, Changchun 130012, China;2. Jilin Province Economics and Management Cadres College, Changchun 130012, China

Received:2008-01-24 Revised:1900-01-01 Online:2008-07-26 Published:2008-07-26
Contact: HU Liang

摘要/Abstract

摘要： 提出并实现一个基于网络的动态计算机取证系统. 该系统不同于传统的取证工具, 它将取证工作提前至犯罪行为发生前与进行中, 避免了由于取证不及时而导致的证据链缺失，有效地提高了取证工作的效率, 增强了数据证据的完整性和时效性.

关键词: 计算机取证, 电子证据, 日志, 协议分析

Abstract: In order to solve the problems existed in static forensics technology, this paper presents the design and implementation of a dynamic computer forensics system based on network. Compared with the traditional tools of the system, it performs the work of gathering evidence in advance before criminal action has occurred or in the process of crime so as to avoid the evidence chain lost caused by evidence not scout timely. It can improve the efficiency of the work of gathering evidence; enhance data integrity and timeliness of evidence. This paper describes the architecture, function and work flow, and the implementation of main functions of the core module technology.

Key words: computer forensics, electronic evidence, log, protocol analysis

中图分类号:

TP309

于志宏, 刘喆, 赵阔, 努尔布力, 史光坤, 胡亮. 基于网络动态取证系统的设计与实现[J]. J4, 2008, 46(04): 716-720.

YU Zhihong, LIU Zhe, ZHAO Kuo, Nuerbuli, SHI Guangkun, HU Liang. Design and Implementation of Dynamic Computer Forensics System Based on Network[J]. J4, 2008, 46(04): 716-720.