On-demand forensics to support crime scene reconstruction

Abstract
Figures/Tables
References
Related Articles
Metrics

Download: PDF(1732 KB) HTML
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks Supporting Info

Guide

Abstract

A system, DFR2 (on-demand forensic technology support for rollback recovery), is developed to obtain on demand real-time evidence from crimes to support rollback recovery. The Linux based system for obtaining evidence uses different methods and objects which are logically based on their different environments to narrow down the range of treatments, to shorten the investigations and evidence acquisition, and to improve the effectiveness of the evidence. The system also supports rollback recovery of the file system data to minimize intrusion losses. Compared with existing method Snare, the results have improved function and performance with reducing 5% cost during robbing process.

Keywords intrusion forensic crime rebuilding electronic evidence on-demand forensics

ZTFLH:

Fund:

Issue Date: 15 January 2014

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	Zhihong TIAN
	Wei JIANG
	Hongli ZHANG

Cite this article:

Zhihong TIAN,Wei JIANG,Hongli ZHANG. On-demand forensics to support crime scene reconstruction[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 20-28.

URL:

http://jst.tsinghuajournals.com/EN/ OR http://jst.tsinghuajournals.com/EN/Y2014/V54/I1/20

[1]	孙国梓, 耿伟明. 基于可信概率的电子数据取证有效性模型 [J]. 计算机学报, 2011, 34(7): 1262-1274. SUN Guozi, GENG Weiming. One validity model of digital data forensics based on trusted probability[J]. Chinese Journal of Computers, 2011, 34(7): 1262-1274. (in Chinese) url: http://www.cnki.com.cn/Article/CJFDTotal-JSJX201107009.htm
[2]	Steve B. EnCase Forensic [Z/OL]. (2013-11-20), http://www.encase.com/products/Pages/encase-forensic/overview.aspx.
[3]	Farmer D, Venema W. The coroner's toolkit (TCT) [Z/OL]. (2002-03-12), http://www.fish2.com.
[4]	New Technologies Inc. NTI [Z/OL]. (2007-11-01), http://www.forensics-intl.com/.
[5]	Schneier B. Forensic Toolkit [Z/OL]. (2011-03-21), http://www.accessdata.com/.
[6]	Dunlap G W, King S T, Cinar S, et al.ReVirt: Enabling intrusion analysis through virtual-machine logging and replay [C] // Proceedings of the 2002 Symposium on Operating Systems Design and Implementation. Piscataway, USA: IEEE Press, 2002: 98-103.
[7]	King S T, Chen P M. Backtracking intrusions[J]. ACM Transactions on Computer Systems, 2005, 23(1): 51-76. url: http://dx.doi.org/10.1145/1047915.1047918
[8]	Jerome F, Radu S. Digital forensics in VoIP networks [C] // Proceedings of the IEEE International Workshop on Information Forensics and Security. Seattle, USA: IEEE Press, 2010: 1-6.
[9]	Zhu Y W. Snare: A strong security scheme for network-attached storage [C] // Proceedings of the 22nd International Symposium on Reliable Distributed Systems. Tucson, USA, 2003: 74-79.
[10]	Goel A, Feng W, Maier D, et al.Forensix: A robust, high-performance reconstruction system [C] // Proceedings of the 25th International Conference on Distributed Computing Systems Workshops. Columbus, USA, 2005: 6-10.
[11]	Sander K. Linux intrusion detection system [Z/OL]. (2003-05-19), http://www.lids.org/.
[12]	Natarajan M, Sumanth R. Tools and techniques for network forensics[J]. International Journal of Network Security & Its Applications, 2009, 7(2): 274-318.
[13]	丁丽萍, 周博文, 王永吉. 基于安全操作系统的电子证据获取与存储[J]. 软件学报, 2007, 18(7): 1715-1729. DING Liping, ZHOU Bowen, WANG Yongji. Capture and storage of digital evidence based on security operating system[J]. Journal of Software, 2007, 18(7): 1715-1729. (in Chinese) url: http://www.cnki.com.cn/Article/CJFDTotal-RJXB200707017.htm
[14]	孙波, 孙玉芳. 电子数据证据收集系统的研究与保护[J]. 计算机研究与发展, 2005, 42(8): 1422-1426. SUN Bo, SUN Yufang. Research and protection of the digital evidence collecting system[J]. Journal of Computer Research and Development, 2005, 42(8): 1422-1426. (in Chinese) url: http://www.cnki.com.cn/Article/CJFDTotal-JFYZ200508021.htm
[15]	伏晓, 石进, 谢立. 用于自动证据分析的层次化入侵场景重构方法[J]. 软件学报, 2011, 22(5): 996-1008. FU Xiao, SHI Jin, XIE Li. Layered intrusion scenario reconstruction method for automated evidence analysis[J]. Journal of Software, 2011, 22(5): 996-1008. (in Chinese) url: http://www.cnki.com.cn/Article/CJFDTotal-RJXB201105014.htm

[1]	Kexin DENG. Retinal image registration based on hyper-edge graph matching[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 568-574.
[2]	Chen HAO, Fu LI, Jiong GUO. Simulations of mixing in the pebble flow of a pebble bed HTR[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 624-628.
[3]	Pengfei LIN, Xiaojian ZHANG, Chao CHEN, Jun WANG. Treatment of molybdenum-containing wastewater and drinking water[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 613-618.
[4]	Qi MIN, Yuanyuan DUAN, Xiaodong WANG. Lattice Boltzmann method for the fluid saturation density based on the volume translated Peng-Robinson equation of state[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 619-623.
[5]	Zhenbo WANG, Jun ZHANG, Yiming LUOSUN. Flexural performance of textile reinforced cementitious composite with sprinkling water hardening technique[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 551-555.
[6]	Feng JIANG, Ziwei ZHUANG, Zhenzhong ZHANG, Jiying WEI. Evaporation-condensation technology for testing the efficiency of HEPA filter media[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 629-632.
[7]	Xinrong CAO, Lei LIU, Dongyang CAI, Peng GUO, Jintian TANG. Statistical analyses of ballistocardiogram features for cardiac disease diagnosis[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 633-637.
[8]	Wu XU, Qing YU, Guohuang YAO. Effect of preload on the axial capacity of CFST reinforced concrete columns[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 556-562.
[9]	Ya WEI, Xiangjie YAO. Tensile creep model for concrete subject to constant restraints[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 563-567.
[10]	Ronghua LIU, Jiahua WEI, Yanzhang WENG, Guangqian WANG, Shuang TANG. HydroMP: A cloud computing based platform for hydraulic modeling and simulation service[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 575-583.
[11]	Na ZHAO, Zhaoyin WANG, Baozhu PAN, Zhiwei LI, Xuehua DUAN. Ecological functions of riverbed structures with different strengths in the Xiaojiang River basin[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 584-589.
[12]	Hanbo YANG, Huafang LV, Qingfang HU, Huimin LEI, Dawen YANG. Comparison of parametrization methods for calculating the downward long-wave radiation over the North China Plain[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 590-595.
[13]	Fenjie LONG, Zhenxing LONG, Xiaomeng WANG. Effect of equity constraints on housing prices in rising markets[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 596-601.
[14]	Hong ZHANG, Yang ZHANG, Xuanbing CHEN. Experimental evaluation of Beijing resale housing information diffusion during information transmission[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 602-606.
[15]	Hongwei YANG, Haoyu WANG, Yunxia LIU, Wenjun LIU, Shaoxia YANG. Ozone-biological activated carbon treatment of DBP in high-bromide water[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(5): 607-612.

Viewed

Full text

Abstract

Cited

Shared

Discussed