云计算支持下的协作式数字取证技术

为解决网络环境下电子证据分散、取证分析效率低、协作难度大等问题,在分析计算机犯罪特点以及当前数字取证所面临的相关问题基础上,针对数字取证与分析的协同需求,设计了一种具有正循环反馈机制的云计算支持下的协作式数字取证模型,并详细论述了其设计思想和体系架构.最后,研究了模型的系统实现方法、电子证据云存储调度策略、基于封锁机制的并发分析任务调度.实验表明,协作式数字取证技术可有效提高数字取证工作效率和分析结果的准确性.     

数字取证技术及其发展趋势

数字取证技术已经成为信息安全领域研究热点之一。本文首先分析了数字取证的定义以及数字证据的特性。然后从取证过程模型、取证分析技术以及取证产品、标准和法规方面重点阐述了数字取证技术的研究现状,讨论了数字取证分析技术的分类方法以及文件雕刻取证分析技术。分析了数字取证领域中存在的难点问题,探讨了数字取证技术研究的发展趋势。     

物联网取证综述

物联网时代的到来为人们带来极大的便利,但也使得网络攻击的范围更广,带来了新的网络空间安全威胁.海量的物联网设备保留了丰富的数字痕迹,可以洞悉人们在家中和其他场所的各种行为,这对于数字取证具有重要意义.针对物联网取证展开深入讨论,从物联网取证的兴起、发展和研究现状入手,进一步探讨数字取证模型、1-2-3区域方法模型、并行...     

对微云的网络取证研究

云存储应用是目前使用最广泛的云计算服务之一,然而云存储为用户提供随时存取数据的便捷服务的同时,通过云存储传播敏感文件,导致泄密的风险也大大增加。而云计算环境给传统的数字取证带来诸多挑战。为此面向云存储的取证已经成为取证技术研究热点。文章在传统数字取证模型的基础上,提出一种基于网络取证的云存储取证模型,通过协议分析对微云进行取证,证实了云存储网络取证的可行性。最后为云存储取证的下一步工作提出方法和思路。     

基于安全操作系统的电子证据获取与存储

基于实时取证的思想,提出了一种安全可取证操作系统(security forensics operating system,简称SeFOS)的概念和实现思路.提出了其总体结构,建立了该系统的取证行为模型,对其取证服务和取证机制进行了分析并作了有关形式化描述,阐述了证据数据的采集和安全保护方法,提出把取证机制置于内核,基于进程、系统调用、内核资源分配和网络数据等获取证据的方法,并通过模拟实验验证了SeFOS的可取证性.可取证操作系统的研究对于进一步研究可取证数据库管理系统(forensic database management system,简称FDBMS)和可取证网络系统(forensic network,简称FNetWork)具有重要意义.     

云计算取证模型

针对云取证面临的主要挑战,分析云计算特性,提出了一种云取证模型。提出了持续性取证准备服务的部署、基于“迭代”的多轮次证据识别策略和分布式文件系统的多层级数据定位方法、基于“数据隔离”和“按需收集”策略的证据收集方法、基于云计算资源的综合性证据分析平台的建立。最后,结合云环境下的取证场景,分析了该模型的有效性。     

网络取证系统的研究与实现

目前在网络应用中黑客攻击现象越来越多,如何在网络被攻击后,取得有效的数字证据来裁定网络犯罪,成为迫在眉睫的问题。本文围绕”计算机网络取证系统的研究与实现”,讨论了计算机取证和网络取证的相关理论和模型,介绍了一种网络主动型取证工具--蜜罐,并以实例说明构建一个中小型蜜罐的过程。     

计算机取证模型研究

在计算机犯罪发生后对现场信息进行事后的收集,难以确保证据的真实性和及时性。提出了一个基于动态采集理念的计算机取证模型,介绍了该模型的功能模块,将模糊C均值聚类算法引入到数据分析阶段,采用XML技术表示取证结果,实现了基于该模型的计算机取证原型系统。实验证明,原型系统能采集到准确、有效的电子证据。     

基于手机的取证调查模型研究

给出了手机取证的概念,并与计算机取证进行了比较,分析了手机取证和计算机取证的差异。结合手机取证的特点和难点,提出了基于手机的取证调查模型,分析了模型中各个阶段的具体活动。该模型对取证人员具有一定的指导意义。     

基于可信概率的电子数据取证有效性模型

针对当前证据有效性不足的缺点,结合概率论,提出了基于可信概率的电子数据取证有效性模型.以Petri网为基础,将取证后经形式化处理的数据抽象为Petri网中的库所,操作行为和取证方法抽象为变迁,后一节点为运用该操作方法对前一节点进行某种变换所形成.给出了取证过程中的基本定义和形式化处理方法,研究了概率计算的相关算法,描述...     

Forensic Investigation Through Data Remnants on Hadoop Big Data Storage System

Forensic examiners are in an uninterrupted battle with criminals in the use of Big Data technology. The underlying storage system is the main scene to trace the criminal activities. Big Data Storage System is identified as an emerging challenge to digital forensics. Thus, it requires the development of a sound methodology to investigate Big Data Storage System. Since the use of Hadoop as Big Data Storage System continues to grow rapidly, investigation process model for forensic analysis on Hadoop Storage and attached client devices is compulsory. Moreover, forensic analysis on Hadoop Big Data Storage System may take additional time without knowing where the data remnants can reside. In this paper, a new forensic investigation process model for Hadoop Big Data Storage System is proposed and discovered data remnants are presented. By conducting forensic research on Hadoop Big Data Storage System, the resulting data remnants assist the forensics examiners and practitioners for generating the evidences.     

基于瀑布模型的可信取证方法

给出＂人＋工具＋证明＂的取证模式,提出可信取证理念。从电子数据的静态属性可信性和取证方法动态行为的可信性两个方面对可信取证体系进行研究,以便最终形成可信的电子证据结果。建立基于瀑布模型的电子取证模型,从可信表达、可信分析、可信提取、可信固定以及可信发现等方面加以分析。     

Detecting criminal organizations in mobile phone networks

The study of criminal networks using traces from heterogeneous communication media is acquiring increasing importance in nowadays society. The usage of communication media such as mobile phones and online social networks leaves digital traces in the form of metadata that can be used for this type of analysis. The goal of this work is twofold: first we provide a theoretical framework for the problem of detecting and characterizing criminal organizations in networks reconstructed from phone call records. Then, we introduce an expert system to support law enforcement agencies in the task of unveiling the underlying structure of criminal networks hidden in communication data. This platform allows for statistical network analysis, community detection and visual exploration of mobile phone network data. It enables forensic investigators to deeply understand hierarchies within criminal organizations, discovering members who play central role and provide connection among sub-groups. Our work concludes illustrating the adoption of our computational framework for a real-word criminal investigation.     

电子证据取证流程监管系统研究与实现

电子证据作为一种新的证据形式,逐渐成为新的诉讼证据之一。电子数据取证技术（Digital Forensic Technologies）的研究主要集中在证据查找、恢复及数据分析等方面,而对取证过程本身的合法性、真实性、完整性没有得到监控。本文在对取证步骤和过程研究基础上,模拟社会审计工作,设计了一个电子数据取证鉴定流程监管系统,以解决电子证据在获取、传输、保存、分析过程中证据连续性（chain of custody）问题。     

电子证据取证流程监管系统研究与实现

电子证据作为一种新的证据形式,逐渐成为新的诉讼证据之一.电子数据取证技术(Digital Forensic Technologies)的研究主要集中在证据查找、恢复及数据分析等方面,而对取证过程本身的合法性、真实性、完整性没有得到监控.本文在对取证步骤和过程研究基础上,模拟社会审计工作,设计了一个电子数据取证鉴定流程监管系统,以解决电子证据在获取、传输、保存、分析过程中证据连续性(chain of custody)问题.     

基于移动介质的免拆机取证技术

鉴于实际取证工作中存在的不允许拆卸计算机硬盘的情况,基于移动介质的免拆机取证技术应运而生。然而目前使用的免拆机取证技术存在着种种缺陷,本文就如何提高硬盘复制速度、提高取证效率、保证证据的司法有效性、增强无痕取证等问题,提出相应的解决方案,让取证工作更快速、更准确。     

Computer forensic analysis model for the reconstruction of chain of evidence of volatile memory data

Digital forensic data from volatile system memory possesses the following distinctive features: volatility, transience, phased stability, complexity, relevance of collected data, and phased behavior predictability. We present a computer forensic analysis model (CERM) for the reconstruction of a chain of evidence of volatile memory data. CERM frees analysts from being confined to the traditional analysis approach of digital forensic data that requires single evidence-oriented analysis. In CERM, they can focus on higher abstract levels involving the relationships of independent pieces of evidence and analyze patterns to construct a chain of evidence from the perspective of Evidence Law. In addition to CERM, we have designed a correlation analysis algorithm based on time series. Experimental tests have been conducted to verify the established model and designed algorithm. The experimental result shows that CERM is feasible and efficient, thus providing a new analysis perspective for digital forensic data from volatile system memory.     

Emotional and aesthetic attachment to digital artefacts

We report a pair of repertory grid studies that explore the attachment people have for digital and non-digital artefacts. In the first study we found no clear distinctions between emotional attachment to digital and non-digital artefacts: people are attached to their mobile phones in much the same way as to a childhood teddy bear. There was also evidence that attachment and the physical availability or proximity of the artefact were associated. In the second study we examined the aesthetics of attachment to digital and non-digital artefacts. Again the proximity or availability of the artefacts appeared to be important. Items that were carried about or worn, such as wristwatches and laptops, were closely associated, while TVs and games consoles were not. In all, there does not appear to be any qualitative difference between the attachment people have for digital and non-digital artefacts. Nor do aesthetics appear to play a part in this attachment. However, the physical proximity of these artefacts is strongly associated with our (inward) feelings of attachment to them, while we can also recognise the importance of this relationship to how we (outwardly) present ourselves to the world and others.     

Using decision fusion of feature selection in digital forensics for camera source model identification

Digital forensics, which identifies the characteristics and origin of a digital device, has become a new field of research. If digital content will serve as evidence in court, similar to its non-digital counterparts, digital forensics can play a crucial role in identifying the source model or device. To achieve this goal, the relationship between an image and its camera model will be explored. Various image-related and hardware-related features are utilized in the proposed model by a support vector machine approach along with decision fusion techniques. Furthermore, the optimum feature subset to achieve the highest accuracy rate is also explored.     

一种基于企业网格的网格安全模型

针对企业网格分布式、多层、多用户的特点,提出了一种基于企业网格的网格安全模型.该模型对用户采用混合式账户管理方式,具有高效、安全的特点;通过基于PKI体系的数字证书进行用户认证,根据网格用户种类的区别提供不同的单点登录方案;另外文中综合使用RBAC与ACL的访问控制机制,既能保证用户访问资源的安全,又能简化用户授权的管理.