节点文献
网络取证系统及工具分析
Analysis of Network Forensics System and Its Tools
【摘要】 随着网络技术的发展,计算机网络犯罪总量持续上升,计算机取证工作显得越来越重要。计算机取证分为事后取证和实时取证。早期的实时取证所利用的网络安全工具在取证学角度都存在一定的局限性,它们所产生的数据不能成为法律意义上的证据。由此,网络取证系统应运而生,它对网络入侵事件、网络犯罪活动进行证据获取、保存、分析和还原,弥补了传统安全工具在实时取证中的不足。文中对网络取证系统进行了详细分析,并对目前的一些网络取证工具进行了比较。
【Abstract】 With the development of Web,the quantities of computer crimes are increasing and computer forensics is becoming more and more important.Computer forensics is divided into post-event investigation and real-time investigation.In the early days,network security tools were used in network forensics.But it is limited and the data that they produced can’t be regarded as the evidence in the legal meaning.Network forensics system has made up these deficiencies in real-time investigation.It involves capturing,recording,analyzing and reconstructing network audit trails.The paper discusses the network forensics system and a detailed comparison has been made to these tools.
【Key words】 network forensics system; network forensics analysis tool; network security;
- 【文献出处】 微机发展 ,Microcomputer Development , 编辑部邮箱 ,2005年05期
- 【分类号】TP393.02
- 【被引频次】12
- 【下载频次】419