【摘要】 提出了一种基于multi-agent的计算机动态取证模型。该模型在监控agent(SA)、协同agent(CA)及反击agent(BA) 的协作下能实时、准确全面地收集入侵证据,将这些信息有机整合、排序,可再现入侵过程。从而克服了静态取证的缺乏及时性、不连续性和不充分性等缺陷。更多还原

【Abstract】 This paper presents a model of dynamic computer forensics based on multi-agent. This model can collect intrusion evidence real- timely, accurately and entirely, which collaborates with surveillance agents(SA), cooperating agents(CA) and beating back agents(BA). Then these intrusion processes can be played back according to the real-time intrusion evidence. Therefore the limitation of static computer forensic is overcome, such as non-real-time, non-continuity and non-sufficiency.更多还原