系统日志在计算机取证中的研究和应用

为了重塑犯罪现场,寻找作案线索,最终将犯罪嫌疑人绳之以法,对系统日志文件的分析便显得十分重要.对计算机取证和系统日志文件进行了介绍,探讨了系统日志文件的提取、保存、鉴定和分析的方法.     

计算机取证技术研究

从计算机取证发展的背景出发,对计算机取证的定义、原则和步骤、涉及的工具和技术、发展现状和面临的问题进行了分析探讨.运用取证软件TCT,对取证的过程和结果进行研究,并从技术上给出“反取证”的应对方法.     

系统日志在计算机取证中的研究和应用

为了重塑犯罪现场，寻找作案线索，最终将犯罪嫌疑人绳之以法，对系统日志文件的分析便显得十分重要．对计算机取证和系统日志文件进行了介绍，探讨了系统日志文件的提取、保存、鉴定和分析的方法．     

基于改进的ECDSA电子证据保护方案

为了有效提高电子证据保护的效率,将改进的椭圆曲线数字签名算法(Elliptic Curve Digital Signature Algorithm,ECDSA)应用于电子证据的保护。使用改进的椭圆曲线数字签名算法可以在签名阶段避免求逆运算。与传统的椭圆曲线数字签名算法相比,改进算法能有效提高执行效率。对算法的实验比较和安全性分析表明,改进的椭圆曲线数字签名算法适用于电子证据的数字签名和验证,能够提高电子证据保护的速度。     

计算机安全取证技术研究

计算机安全取证技术是法学和计算机科学的交叉学科,必须把握这一特殊性对其进行研究。在这一领域把法律和技术分离就会导致法律认定上的错误和技术上的无序性。必须将法律和计算机技术相结合才能对计算机取证进行研究。本文阐明了计算机取证的相关法律问题,重点说明了计算机取证的过程、方法和工具,并给出了一个计算机取证实验的例子,提出了目前此领域相关法律法规和计算机取证技术的不足,指出了今后法律法规的进一步健全、计算机取证工作的规范化和计算机取证技术的发展趋势。     

Fractional Order ［Proportional Integral］ Controllers Parameters Algorithm Based on the Vector Method

In forensic investigations,it is vital that the authenticity of digital evidence should be ensured. In addition,technical means should be provided to ensure that digital evidence collected cannot be misused for the purpose of perjury. In this paper,we present a method to ensure both authenticity and non-misuse of data extracted from wireless mobile devices. In the method,the device ID and a timestamp become a part of the original data and the Hash function is used to bind the data together. Encryption is applied to the data,which includes the digital evidence,the device ID and the timestamp. Both symmetric and asymmetric encryption systems are employed in the proposed method where a random session key is used to encrypt the data while the public key of the forensic server is used to encrypt the session key to ensure security and efficiency. With the several security mechanisms that we show are supported or can be implemented in wireless mobile devices such as the Android,we can ensure the authenticity and non-misuse of data evidence in digital forensics.     

Applying of Switch Strong Tracking UKF in Spacecraft Autonomous Celestial Navigation

Star & Horizon sensor based autonomous navigation methods play an increasingly important role in spacecraft celestial navigation. However,the measurements of star sensors and horizon sensor are frequently affected by uncertain noises from space environment. To improve the estimation precision,a state estimation algorithm named Switch Strong Tracking Unscented Kalman Filter( SSTUKF) is presented. Firstly,the adaptive fading factor is deduced through the adoption of unknown instrumental diagonal matrixes to real time rectify the measurement covariance matrix. Secondly,according to the deduction of Chebyshev law of large numbers,innovation criterion is introduced during estimation to decrease the unnecessary calculation. Finally,SSTUKF is suggested through the adoption of adaptive fading factor and innovation criterion. The filter can switch between the normal filter mode and adaptive filter mode. As the calculation of innovation criterion is less than the adaptive fading factor,SSTUKF improves the estimation efficiency. To demonstrate the effectiveness,SSTUKF is applied to Star & Horizon sensor based autonomous navigation system with uncertain measurement noises. The simulation results verify the proposed algorithm.     

Forensic Readiness: Emerging Discipline for Creating Reliable and Secure Digital Evidence

Traditional approaches to digital forensics reconstruct events within digital systems that often are not built for the creation of evidence; however,there is an emerging discipline of forensic readiness that examines what it takes to build systems and devices that produce digital data records for which admissibility is a requirement. This paper reviews the motivation behind research in this area,a generic technical solution that uses hardware-based security to bind digital records to a particular state of a device and proposed applications of this solution in concrete,practical scenarios. Research history in this area,the notion of secure digital evidence and a technical solution are discussed. A solution to creating hardware-based security in devices producing digital evidence was proposed in 2012. Additionally,this paper revises the proposal and discusses three distinct scenarios where forensic readiness of devices and secure digital evidence are relevant. It shows,how the different requirements of the three scenarios can be realized using a hardware-based solution. The scenarios are:lawful interception of voice communication,automotive black box,precise farming. These three scenarios come from very distinctive application domains. Nevertheless,they share a common set of security requirements for processes to be documented and data records to be stored.     

实时通信软件的计算机取证系统研究

提出了一种基于Multi-Agent的针对实时通信软件的计算机取证模型,给出了系统的总体结构、主要模块的设计,以及采用的关键技术.该系统采用分布式技术,能够准确地对实时通信软件的通信记录进行全面恢复、收集和分析,形成取证报告.     

Computer Forensics Under Cloud Computing Environment

Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.     

35kV变电站电压互感器故障分析及处理

分析了某35 kV变电站电压互感器烧毁的原因,并提出具体改进措施和建议。     

Primary Exploration of Reliability Evaluation of Computer Live Forensics Model on Physical Memory Analysis

The integrity and fidelity of digital evidence are very important in live forensics. Previous studies have focused the uncertainty of live forensics based on different memory snapshots. However, this kind of method is not effective in practice. In fact, memory images are usually acquired by using forensics tools instead of using snapshots. Therefore, the integrity and fidelity of live evidence should be evaluated during the acquisition process. In this paper, we study the problem in a novel viewpoint. Firstly, several definitions about memory acquisition measure error are introduced to describe the trusty. Then, we analyze the experimental error and propose some suggestions on how to reduce it. A novel method is also developed to calculate the system error in detail. The results of a case study on Windows 7 and VMware virtual machine show that the experimental error has good accuracy and precision, which demonstrate the efficacy of the proposed reducing methods. The system error is also evaluated, that is, it accounts for the whole error from 30％ to 50％.     

基于人工免疫的网络入侵动态取证

为有效提取证据,保证证据的原始性和有效性,建立了基于动态克隆选择原理的入侵监控细胞以及动态取证细胞的模型,给出了自体、非自体、抗原、检测细胞以及证据的定义。监控细胞实现对网络入侵的实时监控,并及时启动取证细胞,完成对网络入侵证据的实时提取。实验表明,该模型能有效地对多种攻击进行实时证据的提取,具有自适应性、分布性、实时性等优点,是动态计算机取证的一个较好解决方案。     

数学与计算机艺术

计算机艺术是数字化的艺术 ,而数字化过程 ,其根基在于数学科学 ,因而思考计算机、数学与艺术的联系是有益的 .本文以漫谈的形式讨论了数学与计算机艺术的某些问题 .     

现代信息条件下的计算机网络安全管理

随着计算机信息网络技术的高速发展和互联网的广泛应用,网络信息和数据的安全性变得日益重要.介绍了计算机网络在当代所面临的威胁,以及面对这样的威胁我们应该采取的安全防范措施.     

单片机在便携式安检仪中的应用

主要介绍一个小型数据采集系统硬件及软件设计。该系统以８０３１单片机为核心，利用ＩＣＬ７１０９和ＡＣ０８３２构成模入模出通道，实现对瓦斯浓度、通风速度、绝对压力、相对压力、温度、流量６个参量进行测量与显示。     

防区警卫系统的计算机控制技术

针对警卫防区计算机控制系统的特点，提出了一种计算机视频监视的前后台服务器模式和上、下两组的网络通信结构，给出了系统总体设计思想和哨位机子系统的设计要点，并讨论了如何运用视频数采和数据库技术取代传统视频监控系统的具体方法。     

个人计算机系统信息安全问题与对策

个人计算机用户从未接入网络和接入网络两种情况来分析,计算机系统信息均可能面临的安全隐患,应当分别采取安装防火墙;经常升级杀毒软件,做好计算机系统维护及数据备份等具体有效的安全防范措施,为自己提供安全保障。     

基于操作系统安全的计算机病毒防御策略

获得执行机会和具有对其它客体的修改权限是计算机病毒得以传播和实施破坏的前提。提出基于白名单和特征码检验的代码执行审查策略以防止病毒代码被执行，基于安全备份的代码完整性保护策略以防止病毒的传播，以及基于最小特权原则的进程权限控制策略以降低病毒的传播速度并限制其破坏范围。     

基于数据挖掘的Multi-Agent动态取证系统研究

研究了计算机动态取证的相关技术,提出了一个计算机动态取证系统模型并对相关模块进行设计。根据动态取证的特点,将数据挖掘技术和多智能代理技术结合起来应用于动态取证系统中,系统在体系结构上使用基于智能代理的分布式结构,采用数据挖掘技术进行动态取证的海量数据分析,针对基本挖掘算法在取证分析实际应用中可能存在的不足,提出了相应的改进方法,通过实验分析,证明了改进算法在动态取证应用中的有效性。