Digital evidence obtaining system based on Linux environment

An environmental and digital technology, applied in transmission systems, electronic digital data processing, instruments, etc., can solve the problems of ineffective forensics work, lagging of forensics work, loss of effective evidence, etc., to facilitate traceability analysis and attack path reproduction, Reduced workload, friendly interface effect

Inactive Publication Date: 2017-11-07
NANJING UNIV OF POSTS & TELECOMM
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, there are a small number of forensics tools available for Linux in the market, such as FTK, Volatility, etc., but most of them are transplanted from the Windows system and cannot be fully qualified for the forensics work in the Linux environment. It can be used to mirror and analyze the disk, and Volatility can only be used for the analysis of memory mirroring
In real life, evidence extraction in a single direction often cannot meet the support of judicial usability. At the same time, the use of these tools requires relatively high skills for operators. At the same time, it cannot guarantee that the extracted evidence is synchronized and effective. As a result, in the case of computer crimes against the Linux operating system, the forensics work is often unable to be carried out effectively, resulting in the lag of the forensics work or the serious loss of effective evidence.
At present, the biggest difficulty in digital forensics for the Linux operating system is: (1) whether the operating system itself provides readable digital evidence; (2) what digital evidence can be obtained from the Linux operating system; (3) where to obtain it from the system Digital evidence; (4) How to make the obtained digital evidence recognized by the law, that is, to ensure the judicial availability of digital evidence; (5) How to ensure that the extracted digital evidence is not maliciously modified by the forensic personnel; (6) How to reduce the forensics investigators Difficult to operate, yet able to carry out effective evidence collection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Digital evidence obtaining system based on Linux environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention is described in further detail now in conjunction with accompanying drawing.

[0032] Such as figure 1 As shown, the digital forensics system based on the Linux environment proposed by the present invention includes a host operation trace investigation module, a network operation trace investigation module, a log information investigation module, a memory information investigation module and an evidence fixation module.

[0033] The host operation trace investigation module is mainly used to extract the basic information and operation records of the system. By providing this information to forensic investigators and analysts, it can not only enable the forensic investigators to establish a "safety baseline" for the system based on their own experience, but also provide some sensitive information. Abnormal information, such as: whether it contains illegal users, unrecommended operations and access, etc. Specifically, this module provides the follow...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a digital evidence obtaining system based on a Linux environment. The system is composed of a host operation trace investigation module, a network operation trace investigation module, a log information investigation module, a memory information investigation module and an evidence fixing module. The host operation trace investigation module comprises a basic operation investigation function and an application information investigation function. The network operation trace investigation module comprises the basic operation investigation function, a network cache investigation function and a network application state investigation function. The log information investigation module comprises a log file analysis and storage function and a keyword search module. The memory information investigation module dumps a memory through adoption of an fmem tool and realizes memory information investigation through combination of a system tool. The evidence fixing module carries out hash processing on an original evidence file and a processed database file. According to the system, workloads of an evidence obtaining investigator are effectively reduced, concepts of evidence obtaining tool engineering and evidence fixing are introduced, and an evidence obtainer is prevented from illegally modifying an evidence file.

Description

technical field [0001] The invention belongs to the field of digital forensics, relates to computer crime forensics under the Linux operating system, and specifically relates to a digital forensics system based on the Linux environment. technical background [0002] Digital forensics (computer crime forensics), also known as computer forensics, refers to the computer as a crime scene, the use of advanced identification technology, forensic dissection of computer crimes, search and confirmation of criminals and their criminal evidence, and based on this File a lawsuit. It is mainly to identify, preserve, collect, analyze and present electronic evidence, so as to reveal criminal acts or negligence related to digital products. Digital forensics technology applies computer investigation and analysis techniques to the determination and acquisition of potential and legally valid electronic evidence. They are also aimed at hackers and intrusions, and the purpose is to ensure the s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12G06F21/56
CPCH04L61/103H04L63/1416H04L63/1425H04L63/1466H04L63/30G06F21/565H04L61/4511
Inventor 孙国梓吴嘉元黄江伟吴西
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products