网络电子取证技术研究
发布时间:2018-08-05 20:35
【摘要】:随着计算机和网络技术的不断发展,网络安全问题越来越受到人们的关注。为了解决网络攻击的简单化和网络防御的复杂化之间的矛盾,网络安全研究开始由单纯的被动防御向主动防御转变,将网络犯罪行为诉诸法律就是主动防御的一种。对网络犯罪行为取证问题的研究是网络犯罪诉讼的核心,只有取证问题得到解决,网络法规才能得以健全和执行,才能打击和震慑网络犯罪分子,从根本上保障网络的安全。 本文对网络电子取证技术进行了深入的研究和探讨。试图从技术的角度解决网络电子取证中存在的问题,为网络安全在法律上实现提供技术上的帮助。主要工作与成果有: 1.分析了当前计算机网络安全的概况、存在的问题,指出只有借助法律手段才能解决日益猖獗的计算机网络犯罪。 2.对电子取证技术的研究作了回顾,介绍了电子取证发展的历程,国内外的研究现状,从取证模型和取证技术两个方面分析了当前一些电子取证技术的不足。从这两个问题出发,提出了代理第三方签名的网络电子取证过程模型,该模型提供了一个较为清晰的网络电子取证过程框架,给出网络电子取证过程中应遵循的基本原则和基本步骤。具有如下特点:扩展了攻击预防的范围,有效地保证了证据的完整性,提出了第三方签名的概念及其实施机制,保证取证监督链的完整性,使所取得的电子证据真实可信;以时间为线索,结构清晰,各阶段任务明确,可操作性强。 3.在取证过程模型的指导下,设计实现的网络电子取证系统,该系统分为取证服务器、取证代理、电子证据分析重放系统三个部分,通过加密、认证、签名等手段有效的保证了电子证据的真实性、完整性、抗抵赖性,解决了电子取证中存在的电子证据易于消失,完整性和真实性难以得到保证的问题。并举例说明了该取证系统的部署和应用。 最后,对网络电子取证技术作了总结和展望。
[Abstract]:With the development of computer and network technology, people pay more and more attention to network security. In order to solve the contradiction between the simplification of network attack and the complication of network defense, the research of network security began to change from pure passive defense to active defense. The research on the problem of obtaining evidence of network crime is the core of network crime litigation. Only when the problem of obtaining evidence is solved, can the network laws and regulations be perfected and enforced, the network criminals can be attacked and intimidated, and the security of the network can be guaranteed fundamentally. In this paper, the network electronic forensics technology is deeply studied and discussed. This paper attempts to solve the problems existing in network electronic forensics from the technical point of view and provide technical help for the legal realization of network security. The main work and results are as follows: 1. This paper analyzes the general situation and existing problems of computer network security at present, and points out that only by means of legal means can the increasingly rampant computer network crime be solved. This paper reviews the research of electronic forensics, introduces the development of electronic forensics, the current research situation at home and abroad, and analyzes the shortcomings of some current electronic forensics technologies from two aspects: forensics model and forensics technology. Based on these two problems, a network electronic forensics process model of proxy third party signature is proposed, which provides a clear framework of network electronic forensics process. The basic principles and steps to be followed in the process of network electronic forensics are given. It has the following characteristics: expanding the scope of attack prevention, effectively ensuring the integrity of evidence, putting forward the concept of third-party signature and its implementation mechanism, ensuring the integrity of the chain of forensic supervision, making the obtained electronic evidence truthful and credible; Take the time as the clue, the structure is clear, each stage task is clear, the maneuverability is strong. 3. Under the guidance of the forensics process model, the network electronic forensics system is designed and implemented. The system is divided into three parts: the forensics server, the forensics agent, the electronic evidence analysis and replay system, which are encrypted and authenticated. Signature can effectively guarantee the authenticity, integrity and non-repudiation of electronic evidence, and solve the problem that the electronic evidence in electronic forensics is easy to disappear, integrity and authenticity is difficult to be guaranteed. An example is given to illustrate the deployment and application of the system. Finally, the network electronic forensics technology is summarized and prospected.
【学位授予单位】:西北工业大学
【学位级别】:硕士
【学位授予年份】:2005
【分类号】:D918.2
[Abstract]:With the development of computer and network technology, people pay more and more attention to network security. In order to solve the contradiction between the simplification of network attack and the complication of network defense, the research of network security began to change from pure passive defense to active defense. The research on the problem of obtaining evidence of network crime is the core of network crime litigation. Only when the problem of obtaining evidence is solved, can the network laws and regulations be perfected and enforced, the network criminals can be attacked and intimidated, and the security of the network can be guaranteed fundamentally. In this paper, the network electronic forensics technology is deeply studied and discussed. This paper attempts to solve the problems existing in network electronic forensics from the technical point of view and provide technical help for the legal realization of network security. The main work and results are as follows: 1. This paper analyzes the general situation and existing problems of computer network security at present, and points out that only by means of legal means can the increasingly rampant computer network crime be solved. This paper reviews the research of electronic forensics, introduces the development of electronic forensics, the current research situation at home and abroad, and analyzes the shortcomings of some current electronic forensics technologies from two aspects: forensics model and forensics technology. Based on these two problems, a network electronic forensics process model of proxy third party signature is proposed, which provides a clear framework of network electronic forensics process. The basic principles and steps to be followed in the process of network electronic forensics are given. It has the following characteristics: expanding the scope of attack prevention, effectively ensuring the integrity of evidence, putting forward the concept of third-party signature and its implementation mechanism, ensuring the integrity of the chain of forensic supervision, making the obtained electronic evidence truthful and credible; Take the time as the clue, the structure is clear, each stage task is clear, the maneuverability is strong. 3. Under the guidance of the forensics process model, the network electronic forensics system is designed and implemented. The system is divided into three parts: the forensics server, the forensics agent, the electronic evidence analysis and replay system, which are encrypted and authenticated. Signature can effectively guarantee the authenticity, integrity and non-repudiation of electronic evidence, and solve the problem that the electronic evidence in electronic forensics is easy to disappear, integrity and authenticity is difficult to be guaranteed. An example is given to illustrate the deployment and application of the system. Finally, the network electronic forensics technology is summarized and prospected.
【学位授予单位】:西北工业大学
【学位级别】:硕士
【学位授予年份】:2005
【分类号】:D918.2
【引证文献】
相关期刊论文 前2条
1 陈华;蒋文保;陈德礼;许能;;高速网络取证的数据分析模型[J];赤峰学院学报(自然科学版);2009年10期
2 张楚;张樊;;网络取证中的若干问题研究[J];证据科学;2007年Z1期
相关会议论文 前1条
1 丁可;;网络取证模型研究综述[A];第三届全国软件测试会议与移动计算、栅格、智能化高级论坛论文集[C];2009年
相关硕士学位论文 前4条
1 张云虎;动态电子证据采集系统研究与实现[D];昆明理工大学;2006年
2 刘海旺;可信网络平台之准入控制研究[D];上海交通大学;2009年
3 王e,
本文编号:2166946
本文链接:https://www.wllwen.com/shekelunwen/gongan/2166946.html
