基于涉密网的计算机取证模型研究
Study on the Model of Computer Forensics Based on the Secret-Related Network
-
摘要: 设计一种针对涉密网的基于Agent的动态远程控制取证模型,采取Agent的分布式数据采集策略,引入syslog协议实时高效传输相关日志,将计算机取证与入侵检测技术相结合,动态获取入侵证据,提高证据的可信性、有效性及证明能力.Abstract: Combining with computer forensic technique and intrusion detection technique, a distributed dynamic computer forensics model based on multi-Agent is presented. The distributed data collection policy is adopted, and introduced the protocol of syslog to translate the related log real-time and efficiently, so that the range of data collection is extended. The dynamic intrusion detection system provides real-time evidences of high legal stringency. The evidence-combined data analysis technique is adopted to decrease the rate of false alarm and enhance the validity of the evidences.