CN104199962B - A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model - Google Patents
A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model Download PDFInfo
- Publication number
- CN104199962B CN104199962B CN201410482826.6A CN201410482826A CN104199962B CN 104199962 B CN104199962 B CN 104199962B CN 201410482826 A CN201410482826 A CN 201410482826A CN 104199962 B CN104199962 B CN 104199962B
- Authority
- CN
- China
- Prior art keywords
- evidence
- web page
- webpage
- original web
- sectional drawing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
- G06F16/986—Document structures and storage, e.g. HTML extensions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
Abstract
The invention discloses a kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model, it is characterized in that system composition includes:Evidence evidence obtaining server, evidence storage server and evidence presence server;Evidence evidence obtaining server is responsible for the extraction and fixation of evidence, and evidence storage server is responsible for the storage of evidence, and evidence presence server is responsible for the reliability and generation evidence document of experimental evidence.The present invention can be collected evidence with being fixed to info web, and the evidence of acquisition is reliably stored, so that generating court evidence document is used to aid in cracking of cases.
Description
Technical field
It is more particularly to a kind of for web data evidence obtaining and reconnaissance method the invention belongs to electronic evidence-collecting field.
Background technology
Current existing electronic evidence-collecting technology is concentrated mainly on host electronic evidence obtaining, wherein belonging to main frame evidence acquiring technology
Have:For avoiding destroying original medium and disturb safe acquiring technology to computer system files, to disk or
Safety and nondestructive bad redundancy technique of other storage mediums etc..There is significant limitation in existing host electronic forensic technologies:Greatly
Part Methods specific aim is stronger, lacks towards applicability of different tissues mechanism etc..Especially it is being directly used in internet net
There are the following problems when page content is collected evidence:
1. the data storage medium of ICP can not be directly obtained.Many websites, which are difficult to obtain, directly obtains clothes
The storage device of business device (such as some server repositories are overseas), it is difficult to evidence is directly obtained on data storage medium and is simultaneously carried out
Evidence obtaining.
2. web page contents dynamic is variable, (such as BBS forums, won while user can change or delete at any time web page contents
Visitor etc.).It is difficult to the storage device of server is fixed, also implies that offender can be with for the data on network
When modify or delete, cause the loss of evidence of crime.
3. Web page electric evidence has fragility.Electronic evidence is expressed as binary data, is deposited in the way of data signal
, and data signal is discrete, therefore deliberately or because of mistake electronic evidence is carried out change, deletion, abreviation, montage,
Intercept and monitoring etc. are technically difficult to assert.
The content of the invention
The present invention is proposed a kind of based on three layers of credible webpage evidence obtaining mould to overcome the weak point that above-mentioned prior art is present
The credible webpage evidence-obtaining system and its evidence collecting method of type, can be collected evidence with being fixed, and the evidence of acquisition is entered to info web
The reliable storage of row, so that generating court evidence document is used to aid in cracking of cases.
The present invention adopts the following technical scheme that to solve technical problem:
A kind of the characteristics of credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model of the present invention is that composition includes:
Evidence evidence obtaining server, evidence storage server and evidence presence server;
The evidence evidence obtaining server is used to collect evidence to the webpage URL addresses that user submits or to monitoring targeted website
URL addresses collected evidence and monitored, and the evidence obtained is classified and fixed, formed by binary data, original
Three layers of electronic evidence that web page files and original web page sectional drawing are constituted;
The bottom-up network data plane storage server for being divided into first layer of the evidence storage server, the second layer it is interior
Hold the sectional drawing evidence obtaining layer storage server for crawling layer storage server and third layer, be respectively used to storage three layers of electronic evidence
Binary data, original web page file and original web page sectional drawing, so as to form three layers of credible webpage Forensics Model;
The evidence presence server is used to carry out three layers of electronic evidence anti-tamper checking and generates court evidence
Document.
The characteristics of evidence collecting method of the credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model of the invention be by
Following steps are carried out:
Step 1, the evidence obtaining server is to received webpage URL addresses or monitors that the URL addresses of targeted website are entered
Row dns resolution, obtains dns resolution result;And Hash calculation is carried out to the dns resolution result, deposited after obtaining cryptographic Hash
Storage;
Step 2, URL of the evidence obtaining server by utilizing web crawlers to the webpage URL addresses or monitoring targeted website
Address is crawled, and binary data, original web page file and original web page sectional drawing are obtained respectively and is stored successively and arrives the card
Layer storage server and sectional drawing evidence obtaining layer storage server are crawled according to network data plane storage server, the content of storage server
In, so as to form three layers of credible webpage Forensics Model in the evidence storage server;
Step 3, the evidence that the evidence presence server is submitted according to user, which is presented, asks, and is stored respectively from the evidence
Obtained in server after the binary data, original web page file and original web page sectional drawing and to carry out anti-usurp by cross validation principle
Change checking;
The cross validation principle is:
Step a, the binary data reduced, compared after obtaining web page files with the original web page file
It is right;If comparison result is consistent, step b is performed;Otherwise step c is performed;
Step b, the original web page file reduced, obtain after webpage capture and enter with the original web page sectional drawing
Row is compared;If comparison result is consistent, then it represents that the electronic evidence is not tampered with and performs step 4;Otherwise represent described original
Webpage capture is tampered, and the webpage capture is substituted step 4 is performed after the original web page sectional drawing;
Step c, the web page files are reduced, obtain after checking webpage capture and to be carried out with the original web page sectional drawing
Compare;If comparison result is consistent, represent that original web page file is tampered;Abandon execution step 4 after the original web page file;It is no
Then represent that the binary data is tampered, abandon and step 4 is performed after the binary data;
Step 4, the user generate court evidence document to evidence presence server according to the original web page sectional drawing.
The present invention uses the credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model, is carried out for particular webpage
Evidence obtaining.The present invention is during evidence obtaining, it is only necessary to which providing needs the URL of evidence obtaining webpage, and the web page files are stored without obtaining
Storage medium, compared with prior art, the beneficial effects of the present invention are:
1. the whole structure of scheme:A kind of webpage evidence obtaining side based on three layers of credible webpage Forensics Model that the present invention is provided
Method, accomplishes balance well in terms of security, robustness, sensitiveness, is adapted to the application in real web pages commit a crime evidence obtaining,
With preferable practicality, high believable web page contents evidence obtaining service can be provided.
2. the present invention lacks the applicability towards different tissues mechanism for conventional art, provided towards different tissues structure
Two kinds of evidence obtaining services, a kind of collected evidence service towards the disposable webpage of domestic consumer, and another be towards enterprise-class tools
Continuation webpage monitoring and evidence obtaining service.
3. the problem of present invention can not directly obtain content provider data storage medium for internet, using by webpage
Content is crawled by web crawlers and stored on local evidence server, without obtaining the net at content supplier
The storage medium of page file, you can obtain the evidence needed.
4. the present invention is directed to web page contents mutability, while user can change or delete at any time web page contents (such as BBS
Forum, blog), using version control function, web page contents not in the same time are stored in local evidence service plus timestamp
On device, the web page contents before web page contents can also be reduced according to timestamp are deleted even if user afterwards and this are regard as evidence.
5. the fragility that the present invention has for evidence, uses in evidence storage server and distinguishes different three layers of evidences
Store on physically mutually isolated server, it is ensured that the security during evidence storage, it is ensured that three parts of evidences can not be simultaneously
It is tampered, remains to restore the evidence being tampered by other two parts of evidences even if final portion evidence meets with to distort.
Brief description of the drawings
Fig. 1 is the credible brief flow of webpage evidence-obtaining system based on three layers of credible webpage Forensics Model;
Fig. 2 is that three layers of evidence carry out mutual checking process figure;
Fig. 3 is to crawl system construction drawing web crawlers evidence obtaining process;
Fig. 4 is web crawlers evidence obtaining process.
Embodiment
In the present embodiment, three layers in a kind of credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model are credible
It by webpage evidence obtaining Process Design is three layers that webpage Forensics Model, which is characterized in, and bottom-up is that network data plane, content are crawled respectively
Layer and sectional drawing evidence obtaining layer, data acquisition is carried out in different levels, the evidence of preservation can be intersected different levels
Checking;Meanwhile, restore original webpage again to acquired web pages component, and really shown in local browser
Come.Bottom network data plane is responsible for recording network communication data, and these data are original binary;Content crawls layer and is responsible for
Preserve webpage associated documents;Sectional drawing collects evidence layer to crawling the webpage progress sectional drawing of acquisition and saving as picture.As shown in figure 4, logical
Three layers of Forensics Model of the system are crossed, evidence is via first layer binary file, to second layer web page files, until third layer
Sectional drawing file, evidence becomes more directly perceived, visual, passes through three layers of evidence obtaining so that evidence more has convincingness
(believable).Also for evidence, cross validation provides framework to other three layers of Forensics Model between different levels.
As shown in figure 1, the composition of credible webpage evidence-obtaining system includes:Evidence evidence obtaining server, evidence storage server and
Evidence presence server;
Evidence evidence obtaining server is used to collect evidence to the webpage URL addresses that user submits or to monitoring targeted website
URL is collected evidence address and monitored, and the evidence obtained is classified and fixed, and is formed by binary data, original net
Three layers of electronic evidence that page file and original web page sectional drawing are constituted;
As shown in figure 3, wherein evidence obtaining server includes following three part:
1st, web crawlers.Web crawlers can imitate user and browse webpage process, under the information crawler that server is provided
Come and fix as electronic evidence, web crawlers is the script or program according to the automatic crawl network information of certain rule, is utilized
Web crawlers, can be oriented, selectable network data is captured.Present networks reptile uses Scrapy reptile frameworks,
Scrapy is by Python quick, the high-level screen scraping developed and web crawl framework, for capturing web stations
Point and the data that structuring is extracted from the page.All three layers of evidences of evidence-obtaining system are told to obtain by this reptile framework.
2nd, Version Control.Webpage can change real-time, it is therefore desirable to which each version of webpage is preserved according to the time.It is logical
Version Control is crossed, the file preserved every time is kept a record.By setting the Last-Modified fields in HTTPHeader,
To realize the caching technology of file, for being returned as the file that the file of 304 expression Present Globals does not change, without again
It is secondary to preserve.While data space is saved, the situation of change of file on server can be also recorded at any time.
3rd, DNS cache is recorded.Record DNS query result so that even if evidence obtaining server has had been subjected to malice DNS deceptions
Attack, also can correctly review error result, it is to avoid provide the information of mistake.
The bottom-up network data plane storage server for being divided into first layer of evidence storage server, the content of the second layer are climbed
The sectional drawing evidence obtaining layer storage server of layer storage server and third layer is taken, is respectively used to store the binary system of three layers of electronic evidence
Data, original web page file and original web page sectional drawing, so as to form three layers of credible webpage Forensics Model;
Layer storage is crawled to the network data plane storage server of first layer, the content of the second layer in evidence storage server
Server and the sectional drawing of third layer evidence obtaining layer storage server are physically completely cut off, it is ensured that the security during evidence storage,
Ensure that three parts of evidences can not be remained to reduce by other two parts of evidences while be tampered even if final portion evidence meets with to distort
Go out the evidence being tampered.
The storage of evidence storage server evidence is carried out as follows:
1st, the target web binary data packets being collected into are stored in the by evidence evidence obtaining server by utilizing WinpCap instruments
In one layer network data Layer storage server, while network data plane storage server is breathed out to the binary data packets of storage
It is uncommon to calculate, and store the cryptographic Hash after obtaining.
2nd, the target web file for crawling acquisition is stored in second layer content by evidence evidence obtaining server by utilizing web crawlers
Crawl in layer storage server, while content crawls layer storage server carries out Hash calculation to the web page files of storage, and deposit
Cryptographic Hash after storage acquisition.
3rd, the target web sectional drawing of generation is stored in third layer sectional drawing by evidence evidence obtaining server by utilizing CutyCapt instruments
In layer storage server of collecting evidence, while sectional drawing is collected evidence, layer storage server carries out Hash calculation to the sectional drawing of storage, and storage is obtained
Cryptographic Hash after obtaining.
Evidence presence server is used to carry out three layers of electronic evidence anti-tamper checking and generates court evidence document.
The evidence presentation for telling evidence presence server is to carry out as follows:
1st, user submits the URL that some has fixed network address to evidence presence server;
2nd, evidence presence server sends evidence read requests to evidence storage server;
3rd, evidence storage server contrasts the evidence and corresponding cryptographic Hash of itself storage, confirms that evidence will be respective after errorless
Evidence is sent to evidence presence server.
4th, evidence presence server carries out anti-tamper checking to the three layers of evidence collected by cross validation principle, confirms errorless
Forensic evidence document is generated afterwards, and this document is returned into user.
A kind of evidence collecting method of the credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model is as follows
Carry out:
Step 1, evidence obtaining server is to received webpage URL addresses or monitors that the URL addresses of targeted website carry out DNS
Parsing, obtains dns resolution result;And Hash calculation is carried out to dns resolution result, stored after obtaining cryptographic Hash;Record DNS
Query Result so that even if evidence obtaining server has had been subjected to malice DNS spoofing attacks, also can correctly review error result,
Avoid providing the information of mistake.
Step 2, evidence obtaining server by utilizing web crawlers is to webpage URL addresses or monitors that the URL addresses of targeted website are carried out
Crawl, binary data, original web page file and original web page sectional drawing are obtained respectively and is stored successively and arrives evidence storage server
Network data plane storage server, content crawl layer storage server and sectional drawing evidence obtaining layer storage server in so that card
According to three layers of credible webpage Forensics Model of formation in storage server;
Three layers of credible webpage Forensics Model are fixed by three layers of content, while three parts of evidences can be obtained:Binary data,
Original web page file, original web page sectional drawing, and with following feature:
1st, for three parts of evidence copies, Hash calculation is carried out, the cryptographic Hash of acquisition is saved, it is ensured that be not tampered with, energy
Enough carry out cross validation, it is ensured that evidence it is credible, even if a copy of it is tampered, remain on can rely on three between friendship
Fork verification ensures the validity of related data.
2nd, for three kinds of simultaneous evidence obtaining fixed forms, it can simultaneously record to ensure to take according to different levels form
Demonstrate,prove data correctness and can not being tampered property.Once a copy of it is tampered, other two parts can be used by each side
Method examines its correctness, or even the evidence that recovery is tampered.
3rd, in first layer binary data packets include specific data content can by it is various parsing obtain the second layer
Web page files content of evidence, but because a variety of causes gateway there may be difference to the partitioning scheme of packet, it is impossible to from second
Layer web page files evidence obtains first layer binary data, thus first layer to the extraction process of the second layer be irreversible.
4th, the file such as HTTP files, CSS style, Javascript scripts and webpage capture are many-to-one relations, and by
Exist in factors such as written in code customs, different HTTP files, CSS style, Javascript scripts there may be after rendering
Obtain the effect of the same page, and webpage rendered sectional drawing and only includes image information, therefore second layer web page files originally
It is also irreversible to the data extraction procedure of third layer webpage capture.
5th, due to two layers of information extraction can not reverse-power presence, cause only low level evidence to recover high-level card
According to, and can not be from high-level Information recovering low level data.
Step 3, the evidence that evidence presence server is submitted according to user, which is presented, asks, respectively from evidence storage server
Obtain after binary data, original web page file and original web page sectional drawing by the anti-tamper checking of cross validation principle progress;
As shown in Fig. 2 cross validation principle is:
Step a, the binary data of step 3 reduced, compared after obtaining web page files with original web page file
It is right;If comparison result is consistent, step b is performed;Otherwise step c is performed;
Step b, the original web page file of step 3 reduced, obtain after webpage capture and enter with original web page sectional drawing
Row is compared;If comparison result is consistent, then it represents that electronic evidence is not tampered with and performs step 4;Otherwise original web page sectional drawing is represented
It is tampered, webpage capture is substituted step 4 is performed after original web page sectional drawing;
Step c, step a web page files are reduced, obtain after checking webpage capture and to be carried out with original web page sectional drawing
Compare;If comparison result is consistent, represent that original web page file is tampered;Abandon and step 4 is performed after original web page file;Otherwise then
Represent that binary data is tampered, abandon and step 4 is performed after binary data;
Anti-tamper checking includes herein below:
1st, assume only have third layer webpage capture evidence to be tampered, first layer binary system evidence can be used by simulating number
Crawled according to parsing and the reptile framework of bag and retrieve second layer web page files evidence, then with original second layer web page files evidence
It is compared.If both contents are just the same, prove that evidence remains unchanged effectively.Can also through the second layer webpage being reduced
Documentary evidence or original second layer web page files evidence recover the third layer webpage capture evidence being tampered.
2nd, assume only have second layer web page files evidence to be tampered, first layer binary system evidence can be used first to recover the
Two layers of web page files evidence go out third layer webpage capture evidence by the evidences collection recovered again, afterwards with original third layer webpage
Sectional drawing evidence is contrasted.If both contents unanimously if prove that evidence is effective.
3rd, assume only have first layer binary system evidence to be tampered, because the irreversibility of first layer binary system evidences collection is led
Cause can not recover first layer binary system evidence completely.It can only use after second layer web page files evidences collection and to be cut with third layer webpage
Figure evidence is compared, if content is consistent, proves that evidence remains unchanged effectively.
Step 4, user generate court evidence document to evidence presence server according to original web page sectional drawing.
Claims (2)
1. a kind of credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model, it is characterized in that composition includes:Evidence takes
Demonstrate,prove server, evidence storage server and evidence presence server;
The evidence evidence obtaining server is used to collect evidence to the webpage URL addresses that user submits or to monitoring targeted website
URL is collected evidence address and monitored, and the evidence obtained is classified and fixed, and is formed by binary data (A1), original
Three layers of electronic evidence that beginning web page files (B1) and original web page sectional drawing (C1) are constituted;
The bottom-up network data plane storage server for being divided into first layer of the evidence storage server, the content of the second layer are climbed
The sectional drawing evidence obtaining layer storage server of layer storage server and third layer is taken, the two of storage three layers of electronic evidence are respectively used to
Binary data (A1), original web page file (B1) and original web page sectional drawing (C1), so as to form three layers of credible webpage Forensics Model;
The evidence presence server is used for when only one layer evidence is tampered, and three layers of electronic evidence is tested by intersection
Principle is demonstrate,proved to carry out anti-tamper checking and generate court evidence document according to the original web page sectional drawing (C1);
The cross validation principle is:
Step a, the binary data (A1) reduced, obtain web page files (B2) afterwards with the original web page file
(B1) it is compared;If comparison result is consistent, step b is performed;Otherwise step c is performed;
Step b, the original web page file (B1) reduced, obtain webpage capture (C2) afterwards with the original web page sectional drawing
(C1) it is compared;If comparison result is consistent, then it represents that the electronic evidence is not tampered with;Otherwise represent that the original web page is cut
Figure (C1) is tampered, and the original web page sectional drawing (C1) is substituted with the webpage capture (C2);
Step c, the web page files (B2) are reduced, obtain checking webpage capture (C3) afterwards with the original web page sectional drawing
(C1) it is compared;If comparison result is consistent, represent that original web page file (B1) is tampered;Abandon the original web page file
(B1);Otherwise represent that the binary data (A1) is tampered, abandon the binary data (A1).
2. a kind of evidence obtaining of the credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model described in utilization claim 1
Method, it is characterized in that carrying out as follows:
Step 1, the evidence obtaining server is to received webpage URL addresses or monitors that the URL addresses of targeted website carry out DNS
Parsing, obtains dns resolution result;And Hash calculation is carried out to the dns resolution result, stored after obtaining cryptographic Hash;
Step 2, the evidence obtaining server by utilizing web crawlers is to the webpage URL addresses or the URL addresses of monitoring targeted website
Crawled, binary data (A1), original web page file (B1) and original web page sectional drawing (C1) are obtained respectively and is stored successively
Network data plane storage server, content to the evidence storage server crawl layer storage server and sectional drawing evidence obtaining layer is deposited
Store up in server, so as to form three layers of credible webpage Forensics Model in the evidence storage server;
Step 3, the evidence that the evidence presence server is submitted according to user, which is presented, asks, respectively from the evidence storage service
Obtained in device after the binary data (A1), original web page file (B1) and original web page sectional drawing (C1), in only one layer card
During according to being tampered, anti-tamper checking is carried out by cross validation principle;
The cross validation principle is:
Step a, the binary data (A1) reduced, obtain web page files (B2) afterwards with the original web page file
(B1) it is compared;If comparison result is consistent, step b is performed;Otherwise step c is performed;
Step b, the original web page file (B1) reduced, obtain webpage capture (C2) afterwards with the original web page sectional drawing
(C1) it is compared;If comparison result is consistent, then it represents that the electronic evidence is not tampered with and performs step 4;Otherwise institute is represented
State original web page sectional drawing (C1) to be tampered, substitute the original web page sectional drawing (C1) with the webpage capture (C2) performs step afterwards
4;
Step c, the web page files (B2) are reduced, obtain checking webpage capture (C3) afterwards with the original web page sectional drawing
(C1) it is compared;If comparison result is consistent, represent that original web page file (B1) is tampered;Abandon the original web page file
(B1) step 4 is performed afterwards;Otherwise represent that the binary data (A1) is tampered, abandon the binary data (A1) and perform afterwards
Step 4;
Step 4, the user generate court evidence document to evidence presence server according to the original web page sectional drawing (C1).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410482826.6A CN104199962B (en) | 2014-09-19 | 2014-09-19 | A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410482826.6A CN104199962B (en) | 2014-09-19 | 2014-09-19 | A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104199962A CN104199962A (en) | 2014-12-10 |
CN104199962B true CN104199962B (en) | 2017-09-22 |
Family
ID=52085255
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410482826.6A Active CN104199962B (en) | 2014-09-19 | 2014-09-19 | A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104199962B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580242A (en) * | 2015-01-22 | 2015-04-29 | 杭州安存网络科技有限公司 | Web page evidence preservation method and device |
CN105791294B (en) * | 2016-03-04 | 2020-11-03 | 河北腾翔科技有限公司 | Method for realizing user data integrity and confidentiality |
CN106203088A (en) * | 2016-06-24 | 2016-12-07 | 北京奇虎科技有限公司 | The method and device of acquisition of information |
CN106254078A (en) * | 2016-08-02 | 2016-12-21 | 冯颖 | The Internet evidence collecting method, device and the Internet safety system |
CN109788019A (en) * | 2017-11-13 | 2019-05-21 | 重庆华龙艾迪信息技术有限公司 | A kind of data processing method and proxy server |
US10831856B1 (en) | 2018-04-10 | 2020-11-10 | Amdocs Development Limited | System, method, and computer program for implementing trustable, unobtrusive webpage monitoring and correcting based on validation rules |
CN108809943B (en) * | 2018-05-14 | 2021-05-14 | 苏州闻道网络科技股份有限公司 | Website monitoring method and device |
CN110135201A (en) * | 2019-04-28 | 2019-08-16 | 阿里巴巴集团控股有限公司 | A kind of webpage evidence collecting method and device based on independent operating environment |
CN110555179A (en) * | 2019-09-05 | 2019-12-10 | 厦门市美亚柏科信息股份有限公司 | Dynamic website script evidence obtaining method, terminal equipment and storage medium |
CN112541149B (en) * | 2020-12-18 | 2022-07-08 | 厦门市美亚柏科信息股份有限公司 | Method and system for recovering webpage content of mobile phone |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102325139A (en) * | 2011-09-14 | 2012-01-18 | 福建伊时代信息科技股份有限公司 | Electronic document processing method, processing system and verification system |
CN102761620A (en) * | 2012-07-13 | 2012-10-31 | 段杰 | Electronic evidence collection and management system |
CN102902703A (en) * | 2012-07-19 | 2013-01-30 | 中国人民解放军国防科学技术大学 | Network sensitive information-oriented screenshot discovery and locking callback method |
-
2014
- 2014-09-19 CN CN201410482826.6A patent/CN104199962B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102325139A (en) * | 2011-09-14 | 2012-01-18 | 福建伊时代信息科技股份有限公司 | Electronic document processing method, processing system and verification system |
CN102761620A (en) * | 2012-07-13 | 2012-10-31 | 段杰 | Electronic evidence collection and management system |
CN102902703A (en) * | 2012-07-19 | 2013-01-30 | 中国人民解放军国防科学技术大学 | Network sensitive information-oriented screenshot discovery and locking callback method |
Non-Patent Citations (1)
Title |
---|
"针对计算机信息来源的电子物证技术研究";吴丽娜;《中国优秀硕士学位论文全文数据库·社会科学Ⅰ辑》;20130515;G113-51 * |
Also Published As
Publication number | Publication date |
---|---|
CN104199962A (en) | 2014-12-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104199962B (en) | A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model | |
Raghavan | Digital forensic research: current state of the art | |
Gupta et al. | PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications | |
CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
Ismail et al. | A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability | |
CN103297394B (en) | Website security detection method and device | |
US20140380477A1 (en) | Methods and devices for identifying tampered webpage and inentifying hijacked web address | |
CN101895516B (en) | Method and device for positioning cross-site scripting attack source | |
CN103118035B (en) | Method and the device of analyzing web site access request parameters legal range | |
CN105046168A (en) | Network electron evidence processing system and processing method | |
CN103179095A (en) | Method and client device for detecting phishing websites | |
CN103888490A (en) | Automatic WEB client man-machine identification method | |
US10645117B2 (en) | Systems and methods to detect and notify victims of phishing activities | |
US20180150877A1 (en) | 3rd party request-blocking bypass layer | |
CN103914655A (en) | Downloaded file security detection method and device | |
CN103312692B (en) | Chained address safety detecting method and device | |
WO2017063274A1 (en) | Method for automatically determining malicious-jumping and malicious-nesting offensive websites | |
CN103870752A (en) | Method and device for detecting Flash XSS (Cross Site Script) vulnerabilities and equipment | |
CN103778352A (en) | Electronic evidence generation and verification method and device as well as electronic evidence generation system | |
CN112507264A (en) | System and method for automatically realizing network electronic evidence obtaining through traceability | |
CN102073678B (en) | System and method for analyzing information of websites | |
CN114157568B (en) | Browser secure access method, device, equipment and storage medium | |
CN108322420A (en) | The detection method and device of backdoor file | |
AlZahrani et al. | Forensic analysis of Twitch video streaming activities on Android | |
CN113392297A (en) | Method, system and equipment for crawling data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |