A Remote Forensics System Based on Physical Memory Analysis

Abstract

The invention provides a remote evidence taking system based on physical memory analysis. The remote evidence taking system is characterized by comprising a client and a server, wherein a physical memory of the client is mirrored and stored locally, and a mirror image file is subjected to hash value calculation; the mirror image file is analyzed by calling a physical memory analysis line program, and an analysis result and the mirror image file are sent to the server together; the server is used for monitoring the client; if a client connection request is provided, a client fixing character string is sent, and the physical memory mirror image file and the corresponding mirror image file analysis result of the client are mainly collected; the server collects multiple threads and can simultaneously collect the physical memory mirror image files of multiple clients and memory analysis result information and store the memory analysis results into a database; on the other hand, the server is connected with a remote control terminal to mainly send log information of the client to the remote control terminal; retrieval information meeting retrieval conditions are searched from the database according to the conditions of the remote control terminal.

Description

technical field [0001] The present invention relates to the field of cloud forensics and analysis, in particular to a forensics and analysis of physical memory image files of remote target terminals, and specifically refers to a remote forensics system based on physical memory analysis. Background technique [0002] In the process of electronic data forensics, the analysis process of forensic data often depends on the personal experience and thinking and judgment of the forensics personnel to select the appropriate analysis method to realize the detection and analysis of electronic forensics data, because the analysis of forensics data by forensics personnel often has A variety of analysis methods are involved. This personal subjective choice of forensic analysis method is not only not conducive to the full and effective use of forensic data, but also has a negative impact on the efficiency of forensics. In addition, the number of cases requiring evidence collection has inc...

AI Technical Summary

Problems solved by technology

Third, the current traditional online forensics method requires all kinds of forensics tools to run in the target computer system to complete the data collection and analysis, which makes the evidence collection activities seriously affect the credibility of the certificate, even if it is obtained It is also difficult to prove the integrity and authenticity of some evidence, especially with the development of core state Trojan horses and anti-forensics technology, the data obtained by many online tools may have been tampered with

This patent only transmits information such as voice calls and videos. The specific content may have been changed before transmission, and such information cannot be transmitted in real time.

Images