摘要
研究了网络服务器取证与传统计算机磁盘取证的区别,提出了基于可信时间戳的网络服务器取证模型。该模型以公钥基础设施(PKI)为基础,由时间戳服务器使用其私钥对取证数据进行数字签名,通过PKI体系中私钥的不可推导特性保证证据数据的真实性、完整性。针对实际应用环境中的网络带宽、证据数据存储空间等瓶颈限制,提出了证据数据摘要的分组生成算法。该算法可以有效降低时间戳服务器的工作压力,减小服务器取证系统对磁盘空间和网络带宽的需求。
This paper studies the difference on forensics between network server and tranditional computing disk server and proposes a timestamp based network server forensic model. This model, based on Public Key Infrastructure (PKI), signs digital signature on the data via its private key, and guarantees the data realibility and integrity by its non-derivable private key in the PKI system. Considering the limitation of network bandwidth in real application environment and the bottleneck of forensic data storage, this paper proposes a grouping algorithm for the forensics data summary. This algorithm can effectively reduce the workload of the timestamp server and minimize the requirement on disk space and network bandwidth in the forensics system.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2007年第S3期1404-1406,共3页
Journal of University of Electronic Science and Technology of China
