| 基于远程控制技术的动态取证系统 |
| |
| 引用本文: | 史伟奇,张波云,谢冬青. 基于远程控制技术的动态取证系统[J]. 计算机工程, 2007, 33(16): 117 |
| |
| 作者姓名: | 史伟奇 张波云 谢冬青 |
| |
| 作者单位: | 湖南大学软件学院,长沙,410082;湖南公安高等专科学校计算机系,长沙,410006;国防科技大学计算机学院,长沙410073;湖南大学软件学院,长沙,410082 |
| |
| 基金项目: | 国家自然科学基金,公安部应用创新基金 |
| |
| 摘 要: | 设计了一种新的基于远程控制技术的计算机取证系统,提供了3种不同取证方法动态获取控制目标的电子证据,研究了文件隐藏、进程隐藏、注册表修改隐藏、端口反弹、数据加密等关键技术。实验表明,该系统能动态获取网上不同监控对象的电子证据,是当前取证技术的一种新思路。
|
| 关 键 词: | 计算机取证 远程控制 电子证据 动态获取 |
System of Dynamic Computer Forensic Based on Remote Control Technology |
| |
| SHI Wei-qi,ZHANG Bo-yun,XIE Dong-qing. System of Dynamic Computer Forensic Based on Remote Control Technology[J]. Computer Engineering, 2007, 33(16): 117 |
| |
| Authors: | SHI Wei-qi ZHANG Bo-yun XIE Dong-qing |
| |
| Affiliation: | (1. School of Software, Hunan University, Changsha 410082; 2. School of Computer, National University of Defense Technology, Changsha 410073; 3. Computer Department, Hunan Public Security Academy, Changsha 410006) |
| |
| Abstract: | A novel computer forensics system based on remote control technology is present. By using three different ways of evidence-obtaining and evidence-controlling for different subjects, the system can realize objective of dynamic obtaining electronic evidence of the monitored subjects, including the research on the key technologies of process hiding and file hiding, register modifying and hiding, ports back-bouncing, and data encrypting about the system as well. Experimental result shows that the system realizes the active obtaining evidence to the monitored subjects on the network by different applications, and it demonstrates that this is a new technical thinking in the current computer forensics technology. |
| |
| Keywords: | computer forensics remote control electronic evidences dynamic obtaining |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
|
