Windows环境下隐秘信息取证系统研究

发布时间：2018-03-14 05:02

  本文选题：计算机取证　切入点：电子证据　出处：《南京邮电大学》2013年硕士论文　论文类型：学位论文

【摘要】：随着计算机网络的高速发展,从事计算机犯罪的活动逐渐增多,计算机取证技术的发展得到了越来越多的关注,为了满足各种各样的取证场景的需求,功能丰富、操作实用的取证工具已成为行业的必需,基于此,需要研究并设计出基于Windows环境下的隐秘信息取证系统。论文对此进行研究,具有较强的理论意义和实际应用价值。 论文将传统的电子证据提取技术与数据挖掘技术相结合,提出集电子证据收集、电子证据分类和电子证据展示于一体的取证系统模型。 本文首先深度分析主流浏览器内核机制,从计算机取证角度对浏览器痕迹提取技术进行研究,提取大量有效的W.eb电子文档信息；与此同时,还进行了电子邮件取证的相关研究,对邮件系统构成以及邮件编码格式进行了深入分析,从电子邮件取证角度对邮件头信息进行真伪性鉴定分析。 针对电子证据的数据量巨大且杂乱无章的特性,论文研究了基于朴素贝叶斯算法的文本分类模型,并以网页文本分类以及邮件分类实验为例,设计融合分类思想的取证模型。论文通过多学习器与单学习器性能的仿真对比,融入了具备更高分类性能的集成学习分类思想,大大提高了取证精度以及取证效率,有效地将计算机取证技术与数据挖掘领域的分类技术进行了融合,最终实现杂乱无章的海量电子证据的有效分类,提高取证效率。
[Abstract]:With the rapid development of computer network, the activities engaged in computer crime are increasing gradually, and the development of computer forensics technology has been paid more and more attention. In order to meet the needs of various forensics scenes, it has rich functions. It is necessary to study and design a secret information forensics system based on Windows, which has strong theoretical significance and practical application value. This paper combines the traditional electronic evidence extraction technology with the data mining technology, and puts forward a system model of evidence collection, electronic evidence classification and electronic evidence display. In this paper, we first deeply analyze the mainstream browser kernel mechanism, research the browser trace extraction technology from the computer forensics point of view, extract a large number of effective W. EB electronic document information; at the same time, In addition, the related research of email forensics is carried out, the composition of mail system and the mail coding format are analyzed in depth, and the authenticity of email header information is analyzed from the point of view of e-mail forensics. In view of the large amount of electronic evidence and chaotic characteristics, the text classification model based on naive Bayes algorithm is studied in this paper, and the experiments of web page text classification and mail classification are taken as examples. By comparing the performance of multiple learning devices and single learning devices, the thesis integrates the integrated learning classification idea with higher classification performance, which greatly improves the accuracy and efficiency of evidence collection. The computer forensics technology and the classification technology in the field of data mining have been effectively combined to realize the effective classification of mass electronic evidence and improve the efficiency of evidence collection.
【学位授予单位】：南京邮电大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP391.1;D918.2

【参考文献】

中国期刊全文数据库 前10条

1 黄建华;赵长亮;;电子合同的法律效力问题及对策研究[J];电子科技大学学报;2009年S1期

2 郭秋香;包兵;罗永刚;张睿超;;电子邮件取证模型的研究[J];计算机安全;2007年01期

3 龙春e，

本文编号：1609713