Dynamic Network Forensic Based Plug-In Architecture
Considering on judicial forensic requirements and the character of network crime diversity, a architecture based on XML and plug-in techniques is proposed in this paper. The framework adopts encrypt and authentication technology which ensures collected evidence can be accepted by court, so the original evidence in framework is stability. Because of the network applications diversity, the judgment whether the network packet need collect is implemented by plug-in. Finally, based on the framework, the forensic on specifically information and hacker attack are implemented, in which the analyzing of hacker attack forensic adapts intrusion detection system such as snort, consequently, feasibility of architecture is proved by experiment.
forensic framework plug-in techniques intrusion forensic
Wenqi Wang Yong Li
College of Computer Science, Zhongyuan University of Technology ZhengZhou, 450007, China Department of Information and Electronic Engineer, Anyang Normal University Anyang, 455002, China
国际会议
南昌
英文
445-448
2009-09-01(万方平台首次上网日期,不代表论文的发表时间)