| With the development of the computer and network technology, people paid close attention the network security. The attack become to easier and easier, on the other hand defense turns to more and more complicate. Network security study begins to be changed from the simple passive defense to the initiative defense. The law is one kind of the initiative defense to appeal to the network criminal. The research of forensic of the criminal is a core of the crime lawsuit of the network offence. Only when the problem of collect evidence is solved, the regulation of the network can be sound and carrying out, could it attack and frighten the network criminal, ensure the security of the network fundamentally.This paper do a deep research on network forensic. We Attempt to solve the network forensic problem in terms of technology, offer the help on technology for the fact that the network forensic is realized legally. The reach include the following work and fruit1. This paper introduce the overview of the present network security technology at first, analyze the problem existing among them, point out that only through the legal means could we solve the rampant computer network crime.2. Review the research of computer forensic technology; introduce development of computer forensic,domestic and international research situation. Analyze the deficiency of forensic from forensic model and forensic technology. From these two questions we propose a third party sign network forensic process model which offered a comparatively clear network forensic process frame. This model has provided basic principle and basic step that should be followed in the course of network forensic. This process model has the following characteristics: Has expand the range of Pre-incident Preparation guaranteed the integrality of the evidence effectively; Propose the concept of the third party signs and implement the mechanism, guarantee the integrality of the supervise chain making the electronic evidence to be believed; Regarding time as the clue, the structure is clear, every stage task is clear, the effectiveness is strong..3. Introduce the implement of network forensic system under guidance of this model. The network forensic system is consist of forensic server, forensic agent and electronic evidence analysis&replay system. By the means of encrypting, authentication, signing, etc. it assurance the authenticity, integrality, anti-deny, solve the problem that exist in collecting electronic evidence, such as easy to disappear, resist the denying, the integrality and authenticity are difficult to reach. And give an example with system .Finally we did the summary of network technology and have a look into the future. |
PDF Full Text Request