| 一种基于Linux的动态取证策略 |
| |
| 引用本文: | 周敏,付国瑜.一种基于Linux的动态取证策略[J].计算机安全,2010(2):58-60. |
| |
| 作者姓名: | 周敏 付国瑜 |
| |
| 作者单位: | 重庆理工大学,计算机科学与工程学院,重庆,400054 |
| |
| 摘 要: | 计算机动态取证是信息安全领域的研究热点,在简单介绍取证策略的基础上,提出一种基于Linux的计算机动态取证策略。该策略将Linux系统下的待取证数据分为两类,并采用不同的方法来取证:对于易失性的数据,通过分析内核的数据结构来获取证据;对于非易失性的数据,利用取证工具和系统命令来获取证据。在Linux9.0上进行了实验。实验表明,采用该策略能够对Linux系统下的常见入侵进行动态取证。
|
| 关 键 词: | 计算机取证 动态取证 策略 |
A Dynamic Forensics Strategy Based on Linux |
| |
| ZHOU Min,FU Guo-yu.A Dynamic Forensics Strategy Based on Linux[J].Network & Computer Security,2010(2):58-60. |
| |
| Authors: | ZHOU Min FU Guo-yu |
| |
| Affiliation: | School of Computer Science and Engineering;Chongqing University of Technology;Chongqing 400054; |
| |
| Abstract: | Computer dynamic forensics is the research focus in the information security fields. In this paper, the forensics strategy is introduced simply, and then a dynamic forensics strategy based on Linux is proposed. This strategy classifies datas of Linux into two varieties and handles them differently: For volatile data, by analyzing the kernel data structure to obtain the evidence; for non-volatile data, by using the evidence collection tools and system calls to obtain the evidence. The experiments On Linux 9.... |
| |
| Keywords: | computer forensics forensics strategy |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
