| With the development of network technology, the computer network security hasbecome a more and more experts and scholars at home and abroad the hot issues. Aboutnetwork security research, most of the scholars proposed based on intrusion detectionsystem, virus defense system solutions, but these studies are based on passive defensenetwork security protection system, network forensics is about the research is relativelyless. In the network forensics in the course of the study, most of the studies are based onthe invasion of host and collect evidence, this kind of passive evidence way obviousdrawbacks.Based on the theories of network forensics is discussed, and then reviewed theadvantages and disadvantages of existing network forensics based on the proposedbased on active network forensics software design scheme and the software designprinciple and design process model detailed description. On this basis, the networkdigital information acquisition module, evidence analysis module function module carryon the detailed analysis and implementation, completion of this topic research content.This topic mainly use of the software development life cycle development method,the use of network communication data message interception way to analysis thebehavior of the network host, then the behavior of the warning and processing, toprevent further damage network intrusion behavior. At the same time, to the invasion ofdata message effectively record, form not detailed modified forensics evidence. Toachieve the purpose of network intrusion detection. Hope that through this study tomake up for other network computer forensics software is insufficient, enhance theauthority of network forensics is evidence used for reference and reference value. |
PDF Full Text Request