跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.91) 您好!臺灣時間:2024/12/11 00:54
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:葉峰瑞
研究生(外文):Feng-Jui Yeh
論文名稱:利用審計軌跡概念製作滿足數位鑑識需求的證據蒐集器
論文名稱(外文):Audit Trail Approach to the Implementation of an Evidence Collector: The Authentication and Minimization Aspects of the Digital Forensics
指導教授:梁德容梁德容引用關係
指導教授(外文):Deron Liang
學位類別:碩士
校院名稱:國立臺灣海洋大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2007
畢業學年度:95
語文別:中文
論文頁數:67
中文關鍵詞:數位鑑識數位證據審計軌跡
外文關鍵詞:Digital ForensicsDigital EvidenceAudit trail
相關次數:
  • 被引用被引用:1
  • 點閱點閱:561
  • 評分評分:
  • 下載下載:118
  • 收藏至我的研究室書目清單書目收藏:0
資訊與科技的新紀元到來後,全世界許多人們的生活重心已和科技密不可分。隨著人們對資訊科技的依賴越重,數位設備與電子資訊已經成為人們不可取代的重大資產。但科技進步不只是帶來好處,同時也造成了一些隱憂,觀察近年來種類繁多的網路犯罪(Cybercrime)事件頻傳,犯罪者和不肖人士藉著科技之便逞個人私欲,其所作所為對社會大眾造成的龐大損失,已經到達我們不可忽視的程度。
為了重建犯罪歷程、證明犯罪事實並強化安全措施,數位鑑識(Digital Forensics)因此因應而生。藉著數位鑑識的發展與相關法規的不斷改進,有許多的網路犯罪者因而被繩之以法。然而數位鑑識的發展至今不過十多年,在科技的快速進步與犯罪手法的不斷演進下,現有的數位鑑識方法已逐漸不敷需求。
數位鑑識包含了對數位證據的蒐集與分析,在蒐集證據方面,現今的數位鑑識方法逐漸難以滿足證明力(Authentication)與最小化(Minimization)的需求。藉著審計軌跡概念的啟發,本論文透過動態攔截Windows API和Windows Messages的方法製作證據蒐集器。針對證明力和最小化的需求,本論文亦將討論現今的蒐證方法與我們提出的證據蒐集器之差異,藉此推論本論文提出的審計軌跡證據蒐集概念具有可行性。
The modern information technology has been indispensable to our daily life in the past decade. In particular, various 3C devices and the information they carry. But every coin has two sides; not only benefits but criminal and opportunist were also brought to the digital world. Recent years, many kinds of cybercrime occurred, criminal used the technology to corrupt others’ assets and satisfy their ill-desire. The loss to the public due to these cybercrime is substantial, and it is the time that we have to take a serious look at it.
Digital Forensics has drawn tremendous attention recently to both academia and industry as a mean to reconstruct, prove the cybercrime and strengthen the security. Rely on the development of Digital Forensics and adjustment of our related law, many criminals was dealt with according to justice. However, the field of Digital Forensics is still in its infancy. The current technology cannot keep up with the ever changing criminal tricks and information technologies.
Digital Forensics cannot satisfy the authentication and minimization requirements with present searching and collecting method. Audit trail inspired us to develop an evidence collector by intercepting Windows API and messages dynamically. In this thesis, we will discuss the proposed evidence collector and traditional evidence collection method in authentication and minimization aspects to demonstrate the former method is feasible.
摘要 I
Abstract II
誌謝 III
目錄 IV
圖表目錄 VI
第一章 導論 1
第一節、 研究動機 1
第一項. 科技進步與電腦犯罪猖獗 1
第二項. 數位鑑識因應而生 4
第三項. 傳統數位鑑識無法滿足鑑識需求 5
第二節、 研究目的 5
第三節、 論文結構 6
第二章 研究背景 7
第一節、 蒐集數位證據必須滿足的條件 7
第一項. 完整性(Integrity) 8
第二項. 還原力(Reproducibility) 9
第三項. 獨立性(Non-Interference) 9
第四項. 證明力(Authentication) 10
第五項. 最小化(Minimization) 10
第二節、 傳統數位蒐證不易滿足證明力需求 11
第三節、 傳統數位蒐證不易滿足最小化需求 13
第四節、 審計軌跡與可攜式攔截器 15
第五節、 Windows內建事件記錄器功能不足 16
第六節、 利用審計軌跡與可攜式攔截器製作證據蒐集器 18
第三章 文獻探討 19
第一節、 傳統數位蒐證的限制(I) 19
第二節、 傳統數位蒐證的限制(II) 23
第三節、 入侵偵測系統進行全域監聽的限制 25
第四節、 數位蒐證方法的比較 27
第四章 系統架構設計 29
第一節、 系統設計目標 29
第二節、 現行數位蒐證的證明力分析 29
第一項. 證明力實驗選取條件與實驗設計 29
第二項. 實驗評估結果與討論 32
第三節、 現行數位蒐證的最小化需求分析 34
第四節、 導入審計軌跡概念與攔截器技術 34
第一項. 動態攔截方法(I)– Proxy DLL 35
第二項. 動態攔截方法(II)– Patching API 36
第三項. 動態攔截方法(III)– DLL Injection 38
第五節、 證據蒐集器之架構 39
第五章 系統實做與評估 42
第一節、 系統實做之環境需求 42
第二節、 系統實做 42
第三節、 實驗設計與評估 47
第一項. 證明力需求之評估 48
第二項. 最小化需求之評估 50
第三項. 效能評估測試 51
第六章 研究討論與未來發展 54
第一節、 論文貢獻 54
第二節、 研究結果討論 54
第三節、 未來研究與發展 55
參考文獻 56
[1] M. K. Rogers and K. Seigfried, "The Future of Computer Forensics: a Needs Analysis Survey," Computers & Security, vol. 23, pp. 12-16, 2004.
[2] "2004 E-commerce Multi-sector Report," U.S. Department of Commerce, Economics and Statistics Administration 2006.
[3] "2005 E-commerce Multi-sector Report," U.S. Department of Commerce, Economics and Statistics Administration 2007.
[4] E. Casey, Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet, 1 ed.: Academic Press, 2001.
[5] D. B. Parker, Fighting Computer Crime: A New Framework for Protecting Information: Wiley, 1998.
[6] "1997 Global Software Piracy Report," Business Software Alliance 1998.
[7] "2006 Global Software Piracy Report," Business Software Alliance 2007.
[8] "2001 IFPI Music Piracy Report," International Federation of the Phonographic Industry (IFPI) 2002.
[9] "2005 IFPI Music Piracy Report," International Federation of the Phonographic Industry (IFPI) 2006.
[10] A. J. Marcella Jr., Greenfield Robert S. , Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, 1 ed.: AUERBACH, 2002.
[11] K. J. Kuchta, "Forensic Fieldwork: Experience Is the Best Teacher," Information Systems Security, vol. 11, pp. 36-43, 2002.
[12] G. Palmer, "A Road Map for Digital Forensics Research," in Digital Forensic Research Workshop(DFRWS), 2001.
[13] S. Mocas, "Building Theoretical Underpinnings for Digital Forensics Research," Digital Investigation, 2004.
[14] S. V. Hart, "Forensic Examination of Digital Evidence: A Guide for Law Enforcement," National Institute of Justice (NIJ) 2004.
[15] C. E. Landwehr, "Computer Security," International Journal of Information Security, vol. 1, pp. 3-13, 2001.
[16] B. Carrier, "Open Source Digital Forensics Tools," @stake.com 2003.
[17] J. C. Keeney, "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations," United States Department of Justice 2002.
[18] B. D. Carrier and E. H. Spafford, "Defining Event Reconstruction of Digital Crime Scenes," Journal of Forensic Sciences, vol. 49, pp. 1291-1298, Nov 2004.
[19] C. Hosmer, "Time Lining Computer Evidence," WetStone Technologys,Inc. 1998.
[20] J. Kornblum, "Preservation of Fragile Digital Evidence by First Responders," in Digital Forensic Research Workshop (DFRWS), 2002.
[21] F. Adelstein, "Live Forensics, Diagnosing Your System Without Killing It First," Communicatins of the ACM, vol. 49, 2006.
[22] M. Foster and J. N.Wilson, "Process Forensics, a Pilot Study on the Use of Checkpointing Technology in Computer Forensics," International Journal of Digital Evidence, vol. 3, 2004.
[23] A. Yasinsac and Y. Manzano, "Policies to Enhance Computer and Network Forensics," in IEEE Systems, Man, Cybernetic Information Assurance Workshop, 2001.
[24] G. G. Richard and V. Roussev, "Next-Generation Digital Forensics," Communicatins of the ACM, vol. 49, pp. 76-80, 2006.
[25] CPU-zilla, "Seagate Outlines the Future of Storage," 2006.
[26] A. Serwer, "Dirty Rotten Numbers," in Fortune, 2002, pp. 42-45.
[27] M. A. Vasarhelyi and F. B. Halper, "The Continuous Audit of Online System," Auditing: A Journal of Practice and Theory, vol. 10, pp. 110-125 1990.
[28] D. Liang, C.-L. Fang, F. Lin, and C.-C. Lin, "A Portable Interceptor Mechanism on SOAP for Continuous Audit," in Asia Pacific Software Engineering Conference (APSEC). vol. 48, 2007, pp. 197-211.
[29] W. Glenn, MCDST Self-Paced Training Kit: Support Users and Troubleshooting a Microsoft Windows XP Operating System: Microsoft Press 2004.
[30] B. D. Carrier, "Risks of Live Digital Forensic Analysis," Communicatins of the ACM, vol. 49, 2006.
[31] E. E. Kenneally and C. L. T. Brown, "Risk Sensitive Digital Evidence Collection," Digital Investigation, vol. 2, pp. 101-119, 2005.
[32] R. Nolan, "First Responders Guide to Computer Forensics," Computer Emergency Response Team (CERT) 2005.
[33] N. Barrett, Traces of Guilt: Corgi Adult, 2005.
[34] E. Casey, "Case study: Network Intrusion Investigation - Lessons in Forensic Preparation," Digital Investigation, vol. 2, pp. 254-260, 2005.
[35] P. Sommer, "Intrusion Detection Systems as Evidence," Computer Networks, vol. 31, pp. 2477-2487, 1999.
[36] P. Stephenson, "The Application of Intrusion Detection Systems in a Forensic Environment," in Proceedings of the RAID 2000 conference, 2000.
[37] S. T. King and P. M. Chen, "Backtracking Intrusions," in SOSP, New York, USA, 2003.
[38] "How NTFS Works," Microsoft TechNet, 2003.
[39] S. L. Garfinkel and A. Shelat, "Remembrance of Data Passed: A Study of Disk Sanitization Practices," IEEE Security & Privacy, 2003.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊