Research And Implementation Of Network Forensics System Based On Detection And Recognition

With the popularization of the network, it has become an inseparable part ofpeople’s daily lives. In recent years, the number of network crimes has beenincreasing year by year, which seriously affects the normal development of socialpolitics, economy and culture. Fighting against network crimes is of great urgency,how to combat network crime and achieve network evidence has become the focus ofattention in network forensic and legal circles.Since anti-forensics technology came into being, criminals could use specialtools or simple commands to format or delete crime data, traditional afterwardsforensics technology has been unable to effectively combat crime, the paperdeveloped a network forensics system based on network detection, which couldanalyze the next step that criminals may take in the network detection period, andstart corresponding forensics system according to the detection features. The systemovercame the weakness of traditional afterwards network forensic techniques, henceeffectively frightened criminals.This paper introduced the network evidence, process of taking the evidence,network detection technology, concepts and principles of network forensicstechnology, and generally discussed their development direction and status, analyzedthe existing network forensics tools, technology and models. At the same time, thepaper studied different kinds of network detection technology, methods of networkforensics technology and network forensics models. Aiming at the fact that singlenetwork forensics method may lead to inaccurate results, the paper proposed to usedifferent forensics methods depending on different detection methods in detectionperiod. On account of the hysteresis of traditional network forensics and the graveconsquences brought about by network crimes, the paper proposed to take evidenceconcurrently and monitor crime scenes.Finally, the paper finished the design and implementation of network forensicssystem whose functions consisted of intrusion detection, service simulation, network tracing and logging, and it was hierarchical-controlled, with a single port dataexchange mechanism. When criminals were detecting a target network, the networkforensics system could automatically recognize the attacking type and invokecorresponding means of evidence-taking, at the same time, the process of commissionof a crime could be monitored and controlled.