Research and system design and implementation of log - based computer forensics technology

Abstract

This thesis is in the “large scale research of Internet information security system” of the background, studied the computer log network forensics technology, focuses on the log forensics analysis and integrity protection and authentication technology, designed and implemented based on computer network system log user behavior forensic analysis system. This paper summarizes the relevant concepts of computer forensics technology, electronic evidence and system log, demonstrates the feasibility of log as electronic evidence, and proposes the realization model of computer network forensics based on system log, and analyzes the problems that should be paid attention to in computer log forensics. This paper studies the key issues in the process of log forensics, including the collection, transmission, preservation, analysis and submission of logs, in which the analysis of log forensics and integrity protection and verification are the focus of the research. Forensic analysis of logs is to mine log records related to intrusion events by analyzing massive log data, which is divided into statistical analysis and correlation analysis. Paper presents the overall structure of the system is designed, and the subsystem module function and working process of description, implements a user behavior based on log computer network forensics analysis system, and from the safety of the system, the log acquisition performance, the integrity of the data transmission performance, the log data, forensic analysis and so on five aspects of the performance of the system were tested and analyzed, the analysis results show that the system has the basic function of the network forensics.