| The 21st century is an information age due to the rapid development of computer science and technology. While people benefit from the information technology, the crimes involved with computer and network are more and more rampant. Computer and cyber crimes are considered as the most destructive crime type in the 21st century. The distinguishing features of computer and cyber crimes are high-tech, highly intelligent and highly complex.From a legal point of view, the evidence is the key core of cases detecting. Excavation and collection of the electronic evidence of the computer and cyber crimes is the core of computer forensics. Computer forensics focuses on the research of obtaining, conserving, analysising and producing the electronic evidence of computer and cyber crimes. Computer forensics is not only a computer technology but also a legal norm, and it is a powerful weapon to combat and prevent computer crimes.Based on the problems in the actual process of computer forensics,and through searching large amounts of material and technical research,a secret computer dynamic forensics system in Windows platform is proposed.Firstly, the development situation and achievement of computer forensics technology both inside and outside our country is introduced, and then the definition, principles and procedure of computer forensics are discussed in detail. Besides, the definition, features, and legal status of electronic evidence are explained.Secondly, the design and impelementation of a computer dynamic secret forensics system is the key of this paper. The design of this forensics system is based on the function requirements. Obtaining the electronic evidence in the movable astorage devices is the priority requirement, and the features of this forensics system should be undercover, reliable, real-time and automatic. And then, a detailed top-down design of this system is proposed. The key techniques used in this forensics system are researched deeply, these key techniques include program self-starting techniques, process hiding techniques, movable devices mornitorng techniques, files encryption techniques, files hiding techniques and secret communication techniques, etc. Next, the implementation of this forensics system is discussed. The key data structures and function interfaces of this forensics system program are also introduced. Besides, the function test and features analysis are executed. The result of the test and analysis proves that the computer dynamic secret forensics system attains the function and feature requirements.Finally, the further improvement of this forensics system and the direction of research in computer forensics technology are analyzed and summarized from both computer technology and jurisprudence point of view. |
PDF Full Text Request