基于物理內(nèi)存獲取的在線取證的可信性分析
發(fā)布時(shí)間:2019-03-20 12:42
【摘要】:作為打擊計(jì)算機(jī)犯罪案件的主要手段——計(jì)算機(jī)取證技術(shù),在維持社會(huì)穩(wěn)定和保護(hù)良好的上網(wǎng)環(huán)境等方面發(fā)揮著重要作用,是實(shí)現(xiàn)信息安全的重要保障。然而目前計(jì)算機(jī)取證面臨著許多方面的挑戰(zhàn),比如數(shù)據(jù)量爆炸式增長(zhǎng)、計(jì)算機(jī)犯罪技術(shù)水平提高、分析推理結(jié)論的可信性等問(wèn)題日益突出。電子數(shù)據(jù)由于它自身的特性——易變性,使得電子證據(jù)捕獲過(guò)程受到多方面的威脅,包括證據(jù)覆蓋、證據(jù)篡改、證據(jù)刪除、存儲(chǔ)介質(zhì)毀壞等威脅,同時(shí)隨著反取證技術(shù)的進(jìn)一步發(fā)展使得電子證據(jù)獲取工具遇到了更嚴(yán)重的可靠性問(wèn)題,取證獲得的電子證據(jù)在法庭上沒(méi)有說(shuō)服力。 電子取證的可信性是計(jì)算機(jī)取證技術(shù)實(shí)施的首要前提,是進(jìn)行證據(jù)分析研究工作的基礎(chǔ),然而現(xiàn)實(shí)中卻只注重電子證據(jù)的獲取,卻忽略了對(duì)獲取的電子證據(jù)可信性的研究,取證過(guò)程及分析多是手工完成,效率低,操作失誤概率大;谝陨线@些問(wèn)題,本文以可信的計(jì)算機(jī)取證模型作為出發(fā)點(diǎn),詳細(xì)討論了證據(jù)獲取過(guò)程中的電子證據(jù)的發(fā)現(xiàn)、數(shù)據(jù)的固定、電子數(shù)據(jù)的安全獲取、證據(jù)分析技術(shù)等各階段的可靠性問(wèn)題,從磁盤數(shù)據(jù)存儲(chǔ)內(nèi)部結(jié)構(gòu)的角度分析了取證工具和取證方法對(duì)電子證據(jù)的影響,,并結(jié)合概率論知識(shí)給出了定量的評(píng)價(jià)指標(biāo),最后提出帶有時(shí)間約束因素的有限狀態(tài)自動(dòng)機(jī)對(duì)取證過(guò)程進(jìn)行形式化分析,使電子證據(jù)獲取方法進(jìn)一步科學(xué)化、形式化的取證推理方法更加規(guī)范化。 歸納起來(lái),本文的主要研究工作和章節(jié)內(nèi)容安排如下。 (1)了解國(guó)內(nèi)外計(jì)算機(jī)安全取證領(lǐng)域的前沿信息。 (2)分析目前一些較為常見(jiàn)的計(jì)算機(jī)取證模型。 (3)具體的介紹可信的計(jì)算機(jī)取證模型各階段的主要工作。 (4)分析物理內(nèi)存數(shù)據(jù)存儲(chǔ)情況、鏡像文件獲取及分析鏡像文件所用的工具。 (5)了解概率論知識(shí),為計(jì)算機(jī)證據(jù)的數(shù)據(jù)可信性分析做好基礎(chǔ)。 (6)仿真實(shí)驗(yàn)評(píng)估取證工具和內(nèi)存自身變化對(duì)電子證據(jù)可信性的影響概率。 (7)對(duì)計(jì)算機(jī)取證過(guò)程應(yīng)用帶有時(shí)間因素約束的有限狀態(tài)自動(dòng)機(jī)進(jìn)行形式化推理。
[Abstract]:As the main means of cracking down on computer crime cases, computer forensics technology plays an important role in maintaining social stability and protecting good Internet environment. It is also an important guarantee to realize information security. However, at present, computer forensics is faced with many challenges, such as the explosive growth of data, the improvement of computer crime technology, the credibility of analytical and inference conclusions, and so on. Due to its own characteristics-variability, electronic data is threatened by many aspects of the electronic evidence capture process, including evidence coverage, evidence tampering, evidence deletion, destruction of storage media and other threats, such as evidence coverage, evidence tampering, evidence deletion, storage medium destruction, and so on. At the same time, with the further development of anti-forensics technology, the electronic evidence acquisition tools encounter more serious reliability problems, and the electronic evidence obtained by evidence is not convincing in the court. The credibility of electronic forensics is the first prerequisite for the implementation of computer forensics technology and the basis of evidence analysis. However, in reality, it only pays attention to the acquisition of electronic evidence, but neglects the research on the credibility of obtained electronic evidence. The forensic process and analysis are mostly done by hand, with low efficiency and high probability of operation error. Based on the above problems, this paper takes the credible computer forensics model as the starting point, and discusses in detail the discovery of electronic evidence in the process of obtaining evidence, the fixation of data, and the secure acquisition of electronic data. This paper analyzes the influence of forensic tools and methods on electronic evidence from the point of view of internal structure of disk data storage from the point of view of reliability of evidence analysis technology and other stages, and gives a quantitative evaluation index based on the knowledge of probability theory. Finally, the finite state automata with time constraints is proposed to formalize the forensic process, which makes the electronic evidence acquisition method more scientific and the formalized forensic reasoning method more standardized. To sum up, the main research work and chapter contents are arranged as follows. (1) to understand the frontier information in the field of computer security forensics at home and abroad. (2) some common computer forensics models are analyzed. (3) the main work of the credible computer forensics model is introduced in detail. (4) analyze the physical memory data storage, image file acquisition and the tools used to analyze the image file. (5) to understand the knowledge of probability theory, and to lay a good foundation for the data credibility analysis of computer evidence. (6) the probability of the influence of the changes of forensic tools and memory on the credibility of electronic evidence is evaluated by simulation experiments. (7) the finite state automata with time constraints is used to formalize the computer forensics process.
【學(xué)位授予單位】:山東輕工業(yè)學(xué)院
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2012
【分類號(hào)】:TP309;TP333.1
本文編號(hào):2444226
[Abstract]:As the main means of cracking down on computer crime cases, computer forensics technology plays an important role in maintaining social stability and protecting good Internet environment. It is also an important guarantee to realize information security. However, at present, computer forensics is faced with many challenges, such as the explosive growth of data, the improvement of computer crime technology, the credibility of analytical and inference conclusions, and so on. Due to its own characteristics-variability, electronic data is threatened by many aspects of the electronic evidence capture process, including evidence coverage, evidence tampering, evidence deletion, destruction of storage media and other threats, such as evidence coverage, evidence tampering, evidence deletion, storage medium destruction, and so on. At the same time, with the further development of anti-forensics technology, the electronic evidence acquisition tools encounter more serious reliability problems, and the electronic evidence obtained by evidence is not convincing in the court. The credibility of electronic forensics is the first prerequisite for the implementation of computer forensics technology and the basis of evidence analysis. However, in reality, it only pays attention to the acquisition of electronic evidence, but neglects the research on the credibility of obtained electronic evidence. The forensic process and analysis are mostly done by hand, with low efficiency and high probability of operation error. Based on the above problems, this paper takes the credible computer forensics model as the starting point, and discusses in detail the discovery of electronic evidence in the process of obtaining evidence, the fixation of data, and the secure acquisition of electronic data. This paper analyzes the influence of forensic tools and methods on electronic evidence from the point of view of internal structure of disk data storage from the point of view of reliability of evidence analysis technology and other stages, and gives a quantitative evaluation index based on the knowledge of probability theory. Finally, the finite state automata with time constraints is proposed to formalize the forensic process, which makes the electronic evidence acquisition method more scientific and the formalized forensic reasoning method more standardized. To sum up, the main research work and chapter contents are arranged as follows. (1) to understand the frontier information in the field of computer security forensics at home and abroad. (2) some common computer forensics models are analyzed. (3) the main work of the credible computer forensics model is introduced in detail. (4) analyze the physical memory data storage, image file acquisition and the tools used to analyze the image file. (5) to understand the knowledge of probability theory, and to lay a good foundation for the data credibility analysis of computer evidence. (6) the probability of the influence of the changes of forensic tools and memory on the credibility of electronic evidence is evaluated by simulation experiments. (7) the finite state automata with time constraints is used to formalize the computer forensics process.
【學(xué)位授予單位】:山東輕工業(yè)學(xué)院
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2012
【分類號(hào)】:TP309;TP333.1
【參考文獻(xiàn)】
相關(guān)期刊論文 前10條
1 安德智;;計(jì)算機(jī)取證技術(shù)應(yīng)用[J];計(jì)算機(jī)安全;2006年09期
2 譚安芬;張春瑞;;失控單機(jī)及介質(zhì)事后取證研究[J];計(jì)算機(jī)安全;2006年10期
3 張新剛;劉妍;;計(jì)算機(jī)取證技術(shù)研究[J];計(jì)算機(jī)安全;2007年01期
4 劉凌;;淺談?dòng)?jì)算機(jī)靜態(tài)取證與計(jì)算機(jī)動(dòng)態(tài)取證[J];計(jì)算機(jī)安全;2009年08期
5 王笑強(qiáng);;數(shù)據(jù)恢復(fù)技術(shù)成為電子取證的核心技術(shù)[J];計(jì)算機(jī)安全;2009年12期
6 許榕生;;我國(guó)數(shù)字取證技術(shù)研究的十年回顧[J];計(jì)算機(jī)安全;2011年03期
7 譚安芬;;基于單機(jī)和設(shè)備的計(jì)算機(jī)取證技術(shù)[J];計(jì)算機(jī)安全;2007年05期
8 張俊;麥永浩;龔德忠;;計(jì)算機(jī)取證的時(shí)間分析方法[J];湖北警官學(xué)院學(xué)報(bào);2009年02期
9 程杰仁;殷建平;劉運(yùn);鐘經(jīng)偉;;蜜罐及蜜網(wǎng)技術(shù)研究進(jìn)展[J];計(jì)算機(jī)研究與發(fā)展;2008年S1期
10 許榕生,吳海燕,劉寶旭;計(jì)算機(jī)取證概述[J];計(jì)算機(jī)工程與應(yīng)用;2001年21期
相關(guān)博士學(xué)位論文 前1條
1 陳龍;計(jì)算機(jī)取證的安全性及取證推理研究[D];西南交通大學(xué);2009年
相關(guān)碩士學(xué)位論文 前4條
1 劉秀波;基于計(jì)算機(jī)物理內(nèi)存分析的Rootkit查找方法研究與實(shí)現(xiàn)[D];山東輕工業(yè)學(xué)院;2011年
2 婁曉會(huì);細(xì)粒度數(shù)據(jù)完整性檢驗(yàn)方法研究[D];重慶郵電大學(xué);2011年
3 陳恒;計(jì)算機(jī)取證物理內(nèi)存鏡像獲取技術(shù)的研究與實(shí)現(xiàn)[D];山東輕工業(yè)學(xué)院;2009年
4 王小玲;基于NDIS中間層驅(qū)動(dòng)的ARP欺騙防范設(shè)計(jì)[D];電子科技大學(xué);2009年
本文編號(hào):2444226
本文鏈接:http://sikaile.net/kejilunwen/jisuanjikexuelunwen/2444226.html
最近更新
教材專著
