Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Digital evidence integrality preserving method based on computer evidence

A technology of computer forensics and digital evidence, applied in digital data protection, electronic digital data processing, computer security devices, etc., to prevent modification, avoid malicious damage, and achieve objectivity

Inactive Publication Date: 2008-07-16
TIANJIN UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to solve the problem that the existing computer forensics technology cannot realize the real-time protection of the integrity of forensics information, and to provide a method for ensuring the integrity of digital evidence based on computer forensics

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Digital evidence integrality preserving method based on computer evidence
  • Digital evidence integrality preserving method based on computer evidence
  • Digital evidence integrality preserving method based on computer evidence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] Such as Figure 1-4 As shown, the integrity verification of computer evidence is a key issue in computer evidence identification. One of the most difficult aspects of computer forensics is proving that the evidence collected by the forensic investigator has not been altered. figure 1 Describes the whole process of computer being invaded, which can be divided into three stages: before intrusion, during intrusion, and after intrusion. Among them, in the early stage of the invasion, the intruder first determines the attack target, and uses various scanning tools to remotely scan the target system to obtain the vulnerability of the target system and collect information for the next stage of successful intrusion; during the intrusion, the intruder According to the information collected in the first stage, various intrusion techniques or tools are used to successfully invade the target system; after the computer system is found to have been successfully invaded or is being i...

Embodiment 2

[0095] Test Effects of Forensic Information Integrity Protection Protocol

[0096] First carry out security signature and transfer (see embodiment 1) to the evidence collection information, its program testing process is as follows image 3 shown. The program loop first checks whether there is data to be signed in the buffer, and if so, reads out this record to determine whether it is the first record, if so, calculates its SHA digest, and then calculates its signature, if not, then Add the summary value obtained from the previous record to this information and then hash it, and finally save the information summary, and save this record and its summary, signature, public key and record number safely, and then retrieve the information from the buffer Delete this record.

[0097] Next, verify the information records that have been safely signed and saved. The program testing process is as follows: Figure 4 shown. The program reads the first row of data from the database, fi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for keeping the integration of data evidence based on computer evidence obtaining, which can solve the problem that present technique can not real-time protect the integration of evidence information. Wherein, when the i-th information mi is generated, copying, signing and safely storing (mi'), to attain the digital signs ri and si of mi via the computer system S; when completing signing, S sends the signs ri and si, the information record mi', the record serial number I and the record generated time ti to the safe storage object M, and transfers the safety hash algorism to process information summary on the mi'||i||ti||SHA(i-1), to complete the storage process. The invention can real-time protect the evidence when in invaded, or before invaded, to avoid being destroyed.

Description

【Technical field】: [0001] The invention belongs to the field of security protection of computer evidence. By fixing possible criminal evidence generated in the protected computer system in real time, the original protection of computer criminal evidence is realized. 【Background technique】: [0002] In recent years, computer network crime cases have risen sharply, and network crime has become an international issue of general concern. The key to combating computer network crimes is to find sufficient, reliable and legally effective electronic evidence. Therefore, computer forensics has received more and more attention and has become a research hotspot in the field of computer network security. [0003] Computer forensics is the acquisition, preservation, analysis and presentation of computer crime evidence, mainly including physical evidence and digital evidence. Physical evidence means that legitimate investigators come to the scene of a computer crime or intrusion to fin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/00G06F21/60
Inventor 孙济洲綦朝晖戴银华
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com