RSS Feed
Twitter
陳弘傑-具電腦鑑識特性之即時遠端log蒐集監測系統
[ 摘要 ]
電腦鑑識科學為用來判定電子犯罪常使用的利器,然而,卻有著缺乏資料及可靠度不足時,就無法有效使用的缺憾。而電腦鑑識所蒐集與分析的數位證據必須具備兩種要件才可能在審判時所接受,一為所蒐集的證據必須是原始的,無人為介入產生或偽造的可能;二為分析前後的數位證據與原始證據前後一致。
本研究即是基於電腦鑑識之前提下提供一個可靠的遠端log及時監測蒐集機制,將可提高所蒐集之log資訊的可靠度及代表性,提供後續電腦鑑識分析上原始資料的可靠度,做到資料即可代表原始環境之特性,以提供法院作為呈堂證據,並透過SOC之架構,可以達成蒐集廣範圍之log資訊,將可簡易整合在企業組織之SOC架構,建構一個完整的企業安全防範體制,確保企業資訊安全。
[ 英文摘要 ]
The science of computer forensics is often used to judge computer crime. However, if the evidences are lack of reliability, these digital evidences will not be accepted by the court. Therefore, Digital evidence must satisfy two cyber forensics requirements in order to be valid in the court. First of all, evidence acquired must be original; avoid any human intervention or fabrication. Secondly, the evidence should be coherent with its analyzed output.
This research proposes an advanced mechanism which enables remote log monitoring and real-time evidence acquisition while ensuring data reliability, integrity and validity. This mechanism can be integrated into SOC framework to further guarantee enterprise security system.
