Application Layer Information Forensics based on Packet Analysis
The work presented in this paper focuses on acquiring the original illegal information hidden in the network data traffic, to provide reliable digital evidence for the network crime cases. Directing toward the data transmission based on Web service, the paper designed a total-part type forensics modal, and implemented a passive network forensics system under the windows system. The technology and methods we applied are referred to as packet capture, packet filtration, protocol analysis, application date regeneration and so on. The system captures, disassembles, identifies and recombines the network information flow, restores the data into a standard format and makes the plaintext information of application layer reappear at last The result of appraisal and application indicates the system can gain original transparent digital evidence and satisfy network forensics requirements, which provides strong support for solving the network crime cases.
data packet application layer information regeneration network forensics
Ruining Guo Tianjie Cao Xuan Luo
School of Computer Science and Technology China University of Mining and Technology, CUMT Xuzhou, China
国际会议
西安
英文
206-209
2010-08-07(万方平台首次上网日期,不代表论文的发表时间)