| Computer forensics refers to the computer system as forensics object, using of advanced technology for retrieval and analysis, to find and affirm criminals and criminal evidence, and then accordingly to institute legal proceedings. Along with the development of anti-forensics, hacker techniques, computer crime has become more specialized and targeted a serious threat to our national security, economic development and social stability. As an effective means to combat computer crime, computer forensics technology is increasingly subject to the attention of national research institutions.This article will discuss the current large-scale information systems in the face of an emergency security incidents often make the kind of reaction, the traditional emergency response strategy What is the risk on the basis of detailed analysis of the advantages and disadvantages of the two types of computer forensics, To address the issue of this series, the paper proposed an active local memory forensics methods and a model based on the emergency response framework for information systems Windows system memory forensics, to take the initiative to find a crime through forensics detection module, and guide the evidence collection module the key information extraction, curing by the evidence preservation and association analysis of XML-based Windows system memory forensic analysis of crime evidence. Finally the combination of these techniques and models to design a Windows system memory forensics platform-oriented information systems, and several key modules of the platform. |
PDF Full Text Request