Design And Implementation Of An Automatic Computer Forensics System Based On Trace Analysis

At present,with the popularity of computer intelligent devices,computer forensics technology also began to develop.But encase,xways,FTK as the representative of the computer forensics software focuse on the contents of the file system.The result of evidence analysis basically rely on the professional konwledge and experience of invertigator,the results of investigation is vary widely by different investigators.Due to the consistence of the positioning of traces which the computer software and user interaction generated in the same operating system.In this paper,based on the analysis of use-traces of Windows and Mac OS system extensive and in-depth analysis,as much as possible to complete the analysis of the project,so that as much as possible to complete the analysis project,so that the automated processing of forensic software results meet the expectations of most forensic staff.Making the results of computer forensics in general to produce consistency,the evidence of their own professional experience to minimize the impact.First of all,the paper studies the extraction technology of Windows system using trace.The registry contains a wealth of use traces,is one of the key research.Secondly,the paper studies the use of traces of another important component of web browser history.Finally,a brief introduction to the Windows event log,print information,Windows application program use traces,etc..Secondly,this paper mainly studies the in Mac OS system using trace extraction technology related to user data storage location analysis,browser history,key ring analysis,event logs,etc.related to the core technology,and analyzes the key ring,Property List attribute list of files,SQLite database of information related to trace the structure and field defined in,and then focuses on analyzing the web browser history record store location and database table structure.At the end of this paper,the basic goal of the system,mainly function module and system development environment.Secondly,the relationship among system architecture,business model,static structure,process and some trace analysis modules are analyzed.At last,the test used the comparative analysis of the experimental method to test the function of automatic forensic to each function module and flow chart.Test results show that the results obtained from the computer automated Forensics System Based on the use of trace analysis are in complete agreement withthe results obtained by manual analysis.Suitable for all levels of investigation and evidence collection personnel use it.At present,the forensic system has been widely equipped to judicial practice units,the majority of investigators have been well received.