A Study On Forensics And Evidence Management Model Under Cloud Environment

This paper is aimed at solving the existing problems in current digital forensics under cloud environment,such as difficulties in acquiring data,ineffective storage of massive network data,nonstandard data management and flawed credibility of electronic evidence in the process of forensics.It proposes a basic data management model for cloud forensics,a hybrid-network forensic model under cloud environment by improving the existing cloud forensics,a cloud storage scheme based on path encryption,and a forensics trust evaluation scheme using cloud model.Moreover,this paper improves the copy scheduling mechanism of genetic algorithm.The main contents of this work are as follows.1.Evidence management platform model and related technology researchAccording to the basic characteristic of the electronic evidence in the existing electronic data forensics and cloud computing environment,to forensics cloud in the process of electronic data management,establish a new management model,mainly according to the amount of data in the environment of electronic evidence is large,diversity,easy to be destroyed,to realize the electronic data gathering process is reliable and secure storage,reasonable management requirements.Follow up on the management model of the related technologies involved in the analysis,to provide theoretical support for the design of the platform.2.A hybrid-network forensic model under cloud environmentHence,a proactive cloud-based forensics system is designed and implemented.This system is able to upload the forensic information from the target computer to cloud servers on a regular basis,which help to prevent the forensic information on the target computer from being tampered and thus avoid the disruption of forensic tasks it may cause.Moreover,by taking advantage of cloud computing platform,this system,while ensuring system availability,can collect the forensic information on massive clients and perform cross forensics according to information collected from different clients.Experiments have proved the feasibility of this proactive forensic system designed for massive clients.3.Study of cloud storage scheme based on path encryptionSecure storage of electronic evidence,as one of the hottest topic in the judicial sector,has a direct bearing on whether cloud computing can be widely applied in the legal world.This paper proposes a data storage and access sche me based on path mapping encryption.In this scheme,the electronic evidence obtained by different forensic workers is divided into a number of logically related storage blocks,which are then submitted to the cloud index service platform and stored in the form of multiple backups in storage media provided by different cloud service providers.On this basis,the holder of electronic evidence encrypts the mapping path of confidential data.When storing electronic evidence,the proposed scheme adopts a redundant backup mechanism among different cloud providers,which guarantee the reliability of the storage of electronic evidence.Meanwhile,the scheme encrypts only the storage path of the electronic evidence so as to avoid the encryption and decryption operat ions on the whole data.Analysis and experimental results have verified the security,effectiveness and feasibility of the scheme.4.Study of the mechanis m of dynamic cloud copy selection based on genetic algorithmIn order to optimize the copy selection process in the current load sharing technologies concerning evidence management,this paper analyzes the pros and cons of the copy selection strategies in genetic algorithm and ant algorithm,and proposes a copy selection strategy based on fusion algorithm.It uses the fitness function in genetic algorithm to initialize the pheromone distribution in ant algorithm and adopts the ant algorithm to select the optimal copy,which have solved the low efficiency of genetic algorithm and the shortage of initial pheromone in ant algorithm.Through the analysis and comparison of simulation results,it is found that the copy selection strategy based on fusion algorithm is able to significantly reduce the run time of operation in the whole electronic evidence storage environment,accelerate copy selection,and boost the overall efficiency.5.A trust evaluation scheme for forensics using cloud modelForensics in a complex network environment is subject to the influence of various uncertainties,such as randomness,fuzziness and unpredictability,which would adversely affect the electronic evidence.However,in the process of forensics,the credibility of electronic data holds the key for judicial justice because it decides on whether the data can be used as evidence in court.By taking complex network environment as the research background,this paper studies trust,mechanism of trust,and subjective and objective factors influencing trust,and introduces the cloud model theory.It also presents a trust evaluation scheme using cloud model to realize the qualitative and quantitative transformation of trust and reflect the randomness,fuzziness and unpredictability of trust in an objective manner.The trust evaluation scheme will effectively prevent criminals who are adept at exploiting loopholes in the law from denying their crimes by taking advantage of the incredibility of evidence.Experiments show that the proposed trust evaluation method is able to achieve a reasonable evaluation of the trust of evidence obtained in complex network environment.The feasibility and rationality of the trust evaluation scheme using cloud model are also further verified in experiments,which provides fresh and valuable thoughts for research concerning validity evaluation of evidence in digital forensics.