木马抗辩真伪研究

为了解决犯罪嫌疑人在被调查时,提出所涉及计算机犯罪行为为木马所为这一问题,本文以木马程序攻击为例,针对相关电子证据和计算机取证进行分析判断,以确定犯罪嫌疑人的罪行或证明其清白。     

Forensic acquisition and analysis of palm webOS on mobile devices

The emergence of webOS on Palm devices has created new challenges and opportunities for digital investigators. With the purchase of Palm by Hewlett Packard, there are plans to use webOS on an increasing number and variety of computer systems. These devices can store substantial amounts of information relevant to an investigation, including digital photographs, videos, call logs, SMS/MMS messages, e-mail, remnants of Web browsing and much more. Although some files can be obtained from such devices with relative ease, the majority of information of forensic interest is stored in databases on a system partition that many mobile forensic tools do not acquire. This paper provides a methodology for acquiring and examining forensic duplicates of user and system partitions from a device running webOS. The primary sources of digital evidence on these devices are covered with illustrative examples. In addition, the recovery of deleted items from various areas on webOS devices is discussed.     

A survey of main memory acquisition and analysis techniques for the windows operating system

Traditional, persistent data-oriented approaches in computer forensics face some limitations regarding a number of technological developments, e.g., rapidly increasing storage capabilities of hard drives, memory-resident malicious software applications, or the growing use of encryption routines, that make an in-time investigation more and more difficult. In order to cope with these issues, security professionals have started to examine alternative data sources and emphasize the value of volatile system information in RAM more recently. In this paper, we give an overview of the prevailing techniques and methods to collect and analyze a computer's memory. We describe the characteristics, benefits, and drawbacks of the individual solutions and outline opportunities for future research in this evolving field of IT security.     

云时代计算机犯罪浅析

随着互联网的发展与普及,计算机犯罪的危害性不断扩大。文章对计算机犯罪的特点进行了阐述,着重分析了当今云时代下计算机犯罪的特征和危害,提出了预防计算机犯罪的基本策略及方法。     

单机游戏著作权人合法权益的保护

在司法实务中,计算机软件的著作权人往往采取公证的方式获取侵权证据,文章结合此类诉讼中侵权人的抗辩事由深入探究著作权人在维权活动,特别是办理公证取证过程中应注意的问题,以切实维护计算机软件著作权人的合法权益。     

Cloud forensics–Tool development studies & future outlook

In this work, we describe our experiences in developing cloud forensics tools and use them to support three main points:First, we make the argument that cloud forensics is a qualitatively different problem. In the context of SaaS, it is incompatible with long-established acquisition and analysis techniques, and requires a new approach and forensic toolset. We show that client-side techniques, which are an extension of methods used over the last three decades, have inherent limitations that can only be overcome by working directly with the interfaces provided by cloud service providers.Second, we present our results in building forensic tools in the form of three case studies: kumodd–a tool for cloud drive acquisition, kumodocs–a tool for Google Docs acquisition and analysis, and kumofs–a tool for remote preview and screening of cloud drive data. We show that these tools, which work with the public and private APIs of the respective services, provide new capabilities that cannot be achieved by examining client-side artifacts.Finally, we use current IT trends, and our lessons learned, to outline the emerging new forensic landscape, and the most likely course of tool development over the next five years.     

Monte-Carlo Filesystem Search – A crawl strategy for digital forensics

Criminal investigations invariably involve the triage or cursory examination of relevant electronic media for evidentiary value. Legislative restrictions and operational considerations can result in investigators having minimal time and resources to establish such relevance, particularly in situations where a person is in custody and awaiting interview. Traditional uninformed search methods can be slow, and informed search techniques are very sensitive to the search heuristic's quality. This research introduces Monte-Carlo Filesystem Search, an efficient crawl strategy designed to assist investigators by identifying known materials of interest in minimum time, particularly in bandwidth constrained environments. This is achieved by leveraging random selection with non-binary scoring to ensure robustness. The algorithm is then expanded with the integration of domain knowledge. A rigorous and extensive training and testing regime conducted using electronic media seized during investigations into online child exploitation proves the efficacy of this approach.     

对公安院校开设计算机取证课程的思考

计算机取证是指计算机证据的获取、分析、传输、保存、呈堂等行为.如同法医学一样,被称为电子法医学的计算机取证学理应成为公安院校的一门专业课.本文简要分析了在公安院校开设计算机取证课程的必要性、可行性和课程的设计.     

计算机入侵动态取证技术研究

计算机取证是打击计算机犯罪的有效手段,传统的计算机取证大多采用事后分析的静态取证技术,证据的采集不够及时、全面,经恢复的数据可能是已经被篡改,因而法律效力低。可以运用一种将计算机取证技术与入侵检测技术结合的入侵动态取证系统,动态收集识别入侵证据,及时分析、提取证据至证据库中保存。此系统采用认证、加密、隔离等安全手段,确保了证据在传送、保存过程中的真实性、准确性及不可篡改性,使其成为有效的法庭证据,实现了计算机取证的及时性、智能性。     

谈计算机取证

随着信息技术的发展,利用计算机系统作为犯罪工具或目标的案件越来越多。因此,电子证据也将成为越来越重要的证据。但对于这类证据的取得,即计算机犯罪取证,却是人们要面对的一个难题。计算机取证可按以下步骤进行:保护和勘查现场、确定和获取电子证据、分析和提取数据、归档并提交结果。