计算机取证技术研究及系统设计与实现

【作者】 夏琦；

【导师】 周明天；

【作者基本信息】 电子科技大学 ， 计算机软件与理论， 2006， 硕士

【摘要】 随着信息技术不断发展，计算机犯罪问题日趋严重，它直接危害国家的政治、经济、文化等各个方面的正常秩序。现有的网络安全方面的研究多着眼于防犯入侵，而对入侵取证的问题研究较少。因而，计算机取证技术的研究对于打击计算机犯罪、追踪入侵、修补安全漏洞、完善计算机网络安全体系具有重要意义。在检测到非法入侵或恶意行为时利用入侵检测系统收集电子证据是IDS新的应用方向。论文重点研究了IDS与协议分析技术，并依照IDS的体系结构，结合协议分析和模式匹配技术，设计了一种网络入侵取证系统结构模型，在入侵检测分析的同时收集目标系统的全部网络数据作为证据以支持计算机取证，实现在线入侵检测、离线取证分析。论文阐述了模型的体系结构，讨论了模型的特点及存在问题。论文详细介绍了系统数据采集、数据预处理、入侵检测和分析查询四个模块的实现。测试证明系统是可行的，能够满足入侵取证系统的要求。更多还原

【Abstract】 With the development of information technologies, the problem of computer crime is become more and more severity, it directly endangers the normal order of politics, economy, and culture. Currently, the network security study is more focus on guarding against intrusion; there is little study for the intrusion forensics. However, computer forensics technology can pursue intrusion, repair the leak of security, consummate the security structure, but also can consummate the law correspond to computer crime.It is one of the hot research fields in IDS and new applying way that use IDS collecting electronic evidence while illegal intrusion and malicious behaviour was detected. This paper put emphasis on the reaserch of IDS and protocol analysis tcchnology. Based On the architecture of IDS and combined with protocol analysis and pattern matching technology, this paper also designed a model of protocol analysis based NIDS and computer forensics system, which used in online intrusion detection and offiine forensics. This paper introduced the architecture of the model, discussed characteristic and unresolved problems. The paper introduced the realization of various modules of the system, including data collection module, data pretreating module, intrusion detection module, analyzing and finding module. It proved to be a feasible system and can fulfil the needs of IDS and forensics system.更多还原