摘要
为了进行可信计算环境中的数字取证调查,提出了一个可信计算取证模型.该模型对传统数字取证模型中的分析流程进行了扩展,增加了意识、授权和计划分析过程;在模型的收集和分析任务过程中引进了扩展的可信计算取证服务,包括:取证密封服务、取证密封数据、取证认证、密钥恢复以及分布式取证服务.利用可信计算取证服务和改进的分析流程能够有效解决可信计算环境中的数字取证调查问题.从可信计算和数字取证技术角度,分析了该模型的取证能力指标.通过比较和评价可知该模型具有较强的取证能力并能够进行分布式取证分析.
This paper presents an extended trusted computing and forensics model in order to efficiently investigate the environment based on trusted computing technique. The workflow of traditional digital forensics model is improved: awareness, authorization and planning task are added. The extended trusted computing and forensic services are used in collecting and analysis activity, including forensic sealing, forensic authentication, key recovery and distributed forensic services. So the trusted computing environment can be investigated by extend forensic services and improved workflow. By the evaluation and comparison, the model has the ability to investigate trusted computing environment.
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2006年第5期523-526,共4页
Journal of Wuhan University:Natural Science Edition
基金
国家863计划资助项目(2003AA146010)
关键词
数字取证
可信计算
数据获取
加密
文件系统
digital forensics
trusted computing
data acquisition
encryption
file system
