Windows日志取证系统设计

下载PDF

导出

摘要日志文件分析是系统安全检测的重要内容,同时日志文件也是计算机取证的重要依据。文章设计了第三方的Windows日志取证系统,并讨论了今后的研究方向。

作者石淑华

机构地区深圳职业技术学院计算机系

出处《计算机时代》 2007年第6期28-29,共2页 Computer Era

关键词日志文件网络取证审计跟踪 IRP

参考文献6

1Abe 1.Christopher Gene.A comparison of cryptographic algorithms for Intemet Security,2001.
2Muriel Roger.Jean Goubault-Larrecq.Log Auditing through Model Checking.IEEEE,2001:220～234
3....http://www.microsoft.com/china/technet/security,,..
4苏成.计算机取证与反取证的较量[J].计算机安全,2006(1):67-68. 被引量：12
5王玲,钱华林.计算机取证技术及其发展趋势[J].软件学报,2003,14(9):1635-1644. 被引量：198
6梁锦华,蒋建春,戴飞雁,卿斯汉.计算机取证技术研究[J].计算机工程,2002,28(8):12-14. 被引量：34

1grugq.Defeating forensic analysis on Unix. Phrack #59 article6.http://www.phrack.org/show.phpp=59a=6,2002.
2Farmer D.What are MACtimes Dr. Dobb''s Journal.http://www.ddj.com/documents/s=880/ddj0010f/0010f.htm,2000,10.
3Farmer D Venema W.The coroner''''s toolkit (TCT). Dan Farmer Wietse Venema.http://www.fish.com/tct/,2002.
4grugq scut.Armouring the ELF: Binary encryption on the UNIX platform. Phrack #58 article5.http://www.phrack.org/show.phpp=58a=5,2001.
5Oseles L.Computer forensics: The key to solving the crime.http://facuity.ed.umuc.edu/-meinkej/inss690/oseles_2.pdf,2001.
6ParraM.Computer forensics.http://www.giac.org/practical/Moroni_Parra_GSEC.doc,2002.
7Dittrich D.Basic steps in forensic analysis of Unix systems.http://staff.washington.edu/dittrich/misc/forensics/,2000.
8[1]Lunn D A.Computer Forensics:An Overview.http:∥www.sans.org/infosecFAQ/incident/forensics.htm
9[2]CERT R Coordination Center Steps for Recovering from a Unix or NT System Compromise.http:∥www.cert.org/tech tips/root compromise.html
10[3]Robbins J.An Explanation of Computer Forensics. http:∥www.computerforensics.net/forensics.htm

计算机时代

2007年第6期

内容加载中请稍等...