The Design And Implementation Of Network Forensics System Based On Remote Control Technology

With the development of computer network technology, people pay more and more attention to the network security problem caused by cyber crime behaviors. In order to solve the paradox of the simplification of network attack and the complexity of network defense, network security study begins to be changed from passive defense to initiative defense. The law is one kind of the initiative defense that appeals to the network criminal. The research of forensic of the criminal is the core of the crime lawsuit of the network offence. Only when the problem of collecting evidence is solved can the regulation of the network be completed and implemented, can the network criminals be attacked and frightened, and can the networks ecurity be ensured fundamentally .Firstly, this thesis develops a thorough exploration on computer forensics through the study of related technology, the current state and the development of computer forensics. By analyzing the technology, the tools and modes of computer forensics and incorporating the author’s work experience involving computer forensics, a system of network forensics utilizing remote control technology was designed in a way that it can gradually monitor the target initiatively and movably on the basis of the comparison of the different ways of evidence-obtaining.Secondly, this thesis demonstrates the concept of remote control and its similarities as well as differences with Troy Horse. It also discusses general technologies on remote control. Thirdly, it implements a logic mode design on the network forensics system, including need analysis, structure design and working flow design. The system is comprised of a controlling module and a controlled module.Fourthly, key technologies such as file hiding, process hiding, communication hiding, and data acquiring adopted by the controlled module are intensively studied in the thesis.Fifthly, by applying the Win32 Assembly program to designing technology, the system was implemented. The compiler used in our experiment is Visual C++ 6.0, MASM32 and the OS platform of the system running is Ms Windows XP .Finally, the research result based on remote control technologies provides a new solution for monitor and forensics purposes and points out possible space for improvement.