摘要
计算机取证是打击计算机犯罪的有效手段,传统的计算机取证大多采用事后分析的静态取证技术,证据的采集不够及时、全面,经恢复的数据可能是已经被篡改,因而法律效力低。可以运用一种将计算机取证技术与入侵检测技术结合的入侵动态取证系统,动态收集识别入侵证据,及时分析、提取证据至证据库中保存。此系统采用认证、加密、隔离等安全手段,确保了证据在传送、保存过程中的真实性、准确性及不可篡改性,使其成为有效的法庭证据,实现了计算机取证的及时性、智能性。
The computer forensic is an important tool in battling with the computer crime. In tradition, the static forensic is mainly employed to collect digital evidences after the intrusion has happened, so it's difficult to collect the evidences entirely in time, and the recovered files may has been modified, so the collected digital evidences are not so available in law. The paper provide a dynamic computer forensics system combined with computer forensic technology and intrusion detection system, the system collects and recognizes the digital evidences by intrusion detection, analyzes and extracts the evidences to evidences database. It employs the security methods like computer authentication, encryption and isolation to ensure the accuracy, validity, immutability of the digital evidences in the course of transfer and storage. The system makes the computer forensics intelligently and in time.
出处
《湖南公安高等专科学校学报》
2005年第6期67-70,共4页
Journal of Huan Public Security College
关键词
计算机取证
电子证据
入侵检测
证据提取
computer forensics
digital evidence
intrusion detection
evidences extraction.
