摘要
针对网络数据的特点,定义网络数据取证的完整性规则;在分析浏览器访问服务器原理的基础上,提出针对浏览器访问网络过程取证的系统框架;设计哈希函数,利用Windows系统的多核机制设计关键词取证高效分析算法;根据TCP/IP协议将网络数据还原到应用层,采用正则表达式搜索技术实现网页重构的算法。实测结果表明,该算法能够有效获取并还原用户的访问内容。
For network data properties, the integrity rule of network forensic was specified. Based on the principles of browser accessing server, a forensic framework was proposed which collected evidence during a browser accessing the networks. In that framework, Hash function was designed, and a keyword match algorithm based on the Windows multi-cores mechanism was de- signed, which were used to collected crime evidence. A network data restoring and Web page restructuring algorithm was imple- mented using the regular expression. Results of the test show the proposed algorithms can restore complex Web pages.
出处
《计算机工程与设计》
北大核心
2015年第12期3188-3193,共6页
Computer Engineering and Design
基金
河南省科技攻关计划基金项目(132102310284)
关键词
完整性规则
浏览器取证
关键词取证分析
网络数据还原
网页重构
integrity rule
browser forensic
keyword match algorithm
network data restore
Web page restructuring
