CN104199962B - A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model - Google Patents

A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model Download PDF

Info

Publication number
CN104199962B
CN104199962B CN201410482826.6A CN201410482826A CN104199962B CN 104199962 B CN104199962 B CN 104199962B CN 201410482826 A CN201410482826 A CN 201410482826A CN 104199962 B CN104199962 B CN 104199962B
Authority
CN
China
Prior art keywords
evidence
web page
webpage
original web
sectional drawing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410482826.6A
Other languages
Chinese (zh)
Other versions
CN104199962A (en
Inventor
胡东辉
夏东冉
李亚东
樊玉琦
吴信东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei University of Technology
Original Assignee
Hefei University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hefei University of Technology filed Critical Hefei University of Technology
Priority to CN201410482826.6A priority Critical patent/CN104199962B/en
Publication of CN104199962A publication Critical patent/CN104199962A/en
Application granted granted Critical
Publication of CN104199962B publication Critical patent/CN104199962B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • G06F16/986Document structures and storage, e.g. HTML extensions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques

Abstract

The invention discloses a kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model, it is characterized in that system composition includes:Evidence evidence obtaining server, evidence storage server and evidence presence server;Evidence evidence obtaining server is responsible for the extraction and fixation of evidence, and evidence storage server is responsible for the storage of evidence, and evidence presence server is responsible for the reliability and generation evidence document of experimental evidence.The present invention can be collected evidence with being fixed to info web, and the evidence of acquisition is reliably stored, so that generating court evidence document is used to aid in cracking of cases.

Description

A kind of credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model and its take Card method
Technical field
It is more particularly to a kind of for web data evidence obtaining and reconnaissance method the invention belongs to electronic evidence-collecting field.
Background technology
Current existing electronic evidence-collecting technology is concentrated mainly on host electronic evidence obtaining, wherein belonging to main frame evidence acquiring technology Have:For avoiding destroying original medium and disturb safe acquiring technology to computer system files, to disk or Safety and nondestructive bad redundancy technique of other storage mediums etc..There is significant limitation in existing host electronic forensic technologies:Greatly Part Methods specific aim is stronger, lacks towards applicability of different tissues mechanism etc..Especially it is being directly used in internet net There are the following problems when page content is collected evidence:
1. the data storage medium of ICP can not be directly obtained.Many websites, which are difficult to obtain, directly obtains clothes The storage device of business device (such as some server repositories are overseas), it is difficult to evidence is directly obtained on data storage medium and is simultaneously carried out Evidence obtaining.
2. web page contents dynamic is variable, (such as BBS forums, won while user can change or delete at any time web page contents Visitor etc.).It is difficult to the storage device of server is fixed, also implies that offender can be with for the data on network When modify or delete, cause the loss of evidence of crime.
3. Web page electric evidence has fragility.Electronic evidence is expressed as binary data, is deposited in the way of data signal , and data signal is discrete, therefore deliberately or because of mistake electronic evidence is carried out change, deletion, abreviation, montage, Intercept and monitoring etc. are technically difficult to assert.
The content of the invention
The present invention is proposed a kind of based on three layers of credible webpage evidence obtaining mould to overcome the weak point that above-mentioned prior art is present The credible webpage evidence-obtaining system and its evidence collecting method of type, can be collected evidence with being fixed, and the evidence of acquisition is entered to info web The reliable storage of row, so that generating court evidence document is used to aid in cracking of cases.
The present invention adopts the following technical scheme that to solve technical problem:
A kind of the characteristics of credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model of the present invention is that composition includes: Evidence evidence obtaining server, evidence storage server and evidence presence server;
The evidence evidence obtaining server is used to collect evidence to the webpage URL addresses that user submits or to monitoring targeted website URL addresses collected evidence and monitored, and the evidence obtained is classified and fixed, formed by binary data, original Three layers of electronic evidence that web page files and original web page sectional drawing are constituted;
The bottom-up network data plane storage server for being divided into first layer of the evidence storage server, the second layer it is interior Hold the sectional drawing evidence obtaining layer storage server for crawling layer storage server and third layer, be respectively used to storage three layers of electronic evidence Binary data, original web page file and original web page sectional drawing, so as to form three layers of credible webpage Forensics Model;
The evidence presence server is used to carry out three layers of electronic evidence anti-tamper checking and generates court evidence Document.
The characteristics of evidence collecting method of the credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model of the invention be by Following steps are carried out:
Step 1, the evidence obtaining server is to received webpage URL addresses or monitors that the URL addresses of targeted website are entered Row dns resolution, obtains dns resolution result;And Hash calculation is carried out to the dns resolution result, deposited after obtaining cryptographic Hash Storage;
Step 2, URL of the evidence obtaining server by utilizing web crawlers to the webpage URL addresses or monitoring targeted website Address is crawled, and binary data, original web page file and original web page sectional drawing are obtained respectively and is stored successively and arrives the card Layer storage server and sectional drawing evidence obtaining layer storage server are crawled according to network data plane storage server, the content of storage server In, so as to form three layers of credible webpage Forensics Model in the evidence storage server;
Step 3, the evidence that the evidence presence server is submitted according to user, which is presented, asks, and is stored respectively from the evidence Obtained in server after the binary data, original web page file and original web page sectional drawing and to carry out anti-usurp by cross validation principle Change checking;
The cross validation principle is:
Step a, the binary data reduced, compared after obtaining web page files with the original web page file It is right;If comparison result is consistent, step b is performed;Otherwise step c is performed;
Step b, the original web page file reduced, obtain after webpage capture and enter with the original web page sectional drawing Row is compared;If comparison result is consistent, then it represents that the electronic evidence is not tampered with and performs step 4;Otherwise represent described original Webpage capture is tampered, and the webpage capture is substituted step 4 is performed after the original web page sectional drawing;
Step c, the web page files are reduced, obtain after checking webpage capture and to be carried out with the original web page sectional drawing Compare;If comparison result is consistent, represent that original web page file is tampered;Abandon execution step 4 after the original web page file;It is no Then represent that the binary data is tampered, abandon and step 4 is performed after the binary data;
Step 4, the user generate court evidence document to evidence presence server according to the original web page sectional drawing.
The present invention uses the credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model, is carried out for particular webpage Evidence obtaining.The present invention is during evidence obtaining, it is only necessary to which providing needs the URL of evidence obtaining webpage, and the web page files are stored without obtaining Storage medium, compared with prior art, the beneficial effects of the present invention are:
1. the whole structure of scheme:A kind of webpage evidence obtaining side based on three layers of credible webpage Forensics Model that the present invention is provided Method, accomplishes balance well in terms of security, robustness, sensitiveness, is adapted to the application in real web pages commit a crime evidence obtaining, With preferable practicality, high believable web page contents evidence obtaining service can be provided.
2. the present invention lacks the applicability towards different tissues mechanism for conventional art, provided towards different tissues structure Two kinds of evidence obtaining services, a kind of collected evidence service towards the disposable webpage of domestic consumer, and another be towards enterprise-class tools Continuation webpage monitoring and evidence obtaining service.
3. the problem of present invention can not directly obtain content provider data storage medium for internet, using by webpage Content is crawled by web crawlers and stored on local evidence server, without obtaining the net at content supplier The storage medium of page file, you can obtain the evidence needed.
4. the present invention is directed to web page contents mutability, while user can change or delete at any time web page contents (such as BBS Forum, blog), using version control function, web page contents not in the same time are stored in local evidence service plus timestamp On device, the web page contents before web page contents can also be reduced according to timestamp are deleted even if user afterwards and this are regard as evidence.
5. the fragility that the present invention has for evidence, uses in evidence storage server and distinguishes different three layers of evidences Store on physically mutually isolated server, it is ensured that the security during evidence storage, it is ensured that three parts of evidences can not be simultaneously It is tampered, remains to restore the evidence being tampered by other two parts of evidences even if final portion evidence meets with to distort.
Brief description of the drawings
Fig. 1 is the credible brief flow of webpage evidence-obtaining system based on three layers of credible webpage Forensics Model;
Fig. 2 is that three layers of evidence carry out mutual checking process figure;
Fig. 3 is to crawl system construction drawing web crawlers evidence obtaining process;
Fig. 4 is web crawlers evidence obtaining process.
Embodiment
In the present embodiment, three layers in a kind of credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model are credible It by webpage evidence obtaining Process Design is three layers that webpage Forensics Model, which is characterized in, and bottom-up is that network data plane, content are crawled respectively Layer and sectional drawing evidence obtaining layer, data acquisition is carried out in different levels, the evidence of preservation can be intersected different levels Checking;Meanwhile, restore original webpage again to acquired web pages component, and really shown in local browser Come.Bottom network data plane is responsible for recording network communication data, and these data are original binary;Content crawls layer and is responsible for Preserve webpage associated documents;Sectional drawing collects evidence layer to crawling the webpage progress sectional drawing of acquisition and saving as picture.As shown in figure 4, logical Three layers of Forensics Model of the system are crossed, evidence is via first layer binary file, to second layer web page files, until third layer Sectional drawing file, evidence becomes more directly perceived, visual, passes through three layers of evidence obtaining so that evidence more has convincingness (believable).Also for evidence, cross validation provides framework to other three layers of Forensics Model between different levels.
As shown in figure 1, the composition of credible webpage evidence-obtaining system includes:Evidence evidence obtaining server, evidence storage server and Evidence presence server;
Evidence evidence obtaining server is used to collect evidence to the webpage URL addresses that user submits or to monitoring targeted website URL is collected evidence address and monitored, and the evidence obtained is classified and fixed, and is formed by binary data, original net Three layers of electronic evidence that page file and original web page sectional drawing are constituted;
As shown in figure 3, wherein evidence obtaining server includes following three part:
1st, web crawlers.Web crawlers can imitate user and browse webpage process, under the information crawler that server is provided Come and fix as electronic evidence, web crawlers is the script or program according to the automatic crawl network information of certain rule, is utilized Web crawlers, can be oriented, selectable network data is captured.Present networks reptile uses Scrapy reptile frameworks, Scrapy is by Python quick, the high-level screen scraping developed and web crawl framework, for capturing web stations Point and the data that structuring is extracted from the page.All three layers of evidences of evidence-obtaining system are told to obtain by this reptile framework.
2nd, Version Control.Webpage can change real-time, it is therefore desirable to which each version of webpage is preserved according to the time.It is logical Version Control is crossed, the file preserved every time is kept a record.By setting the Last-Modified fields in HTTPHeader, To realize the caching technology of file, for being returned as the file that the file of 304 expression Present Globals does not change, without again It is secondary to preserve.While data space is saved, the situation of change of file on server can be also recorded at any time.
3rd, DNS cache is recorded.Record DNS query result so that even if evidence obtaining server has had been subjected to malice DNS deceptions Attack, also can correctly review error result, it is to avoid provide the information of mistake.
The bottom-up network data plane storage server for being divided into first layer of evidence storage server, the content of the second layer are climbed The sectional drawing evidence obtaining layer storage server of layer storage server and third layer is taken, is respectively used to store the binary system of three layers of electronic evidence Data, original web page file and original web page sectional drawing, so as to form three layers of credible webpage Forensics Model;
Layer storage is crawled to the network data plane storage server of first layer, the content of the second layer in evidence storage server Server and the sectional drawing of third layer evidence obtaining layer storage server are physically completely cut off, it is ensured that the security during evidence storage, Ensure that three parts of evidences can not be remained to reduce by other two parts of evidences while be tampered even if final portion evidence meets with to distort Go out the evidence being tampered.
The storage of evidence storage server evidence is carried out as follows:
1st, the target web binary data packets being collected into are stored in the by evidence evidence obtaining server by utilizing WinpCap instruments In one layer network data Layer storage server, while network data plane storage server is breathed out to the binary data packets of storage It is uncommon to calculate, and store the cryptographic Hash after obtaining.
2nd, the target web file for crawling acquisition is stored in second layer content by evidence evidence obtaining server by utilizing web crawlers Crawl in layer storage server, while content crawls layer storage server carries out Hash calculation to the web page files of storage, and deposit Cryptographic Hash after storage acquisition.
3rd, the target web sectional drawing of generation is stored in third layer sectional drawing by evidence evidence obtaining server by utilizing CutyCapt instruments In layer storage server of collecting evidence, while sectional drawing is collected evidence, layer storage server carries out Hash calculation to the sectional drawing of storage, and storage is obtained Cryptographic Hash after obtaining.
Evidence presence server is used to carry out three layers of electronic evidence anti-tamper checking and generates court evidence document.
The evidence presentation for telling evidence presence server is to carry out as follows:
1st, user submits the URL that some has fixed network address to evidence presence server;
2nd, evidence presence server sends evidence read requests to evidence storage server;
3rd, evidence storage server contrasts the evidence and corresponding cryptographic Hash of itself storage, confirms that evidence will be respective after errorless Evidence is sent to evidence presence server.
4th, evidence presence server carries out anti-tamper checking to the three layers of evidence collected by cross validation principle, confirms errorless Forensic evidence document is generated afterwards, and this document is returned into user.
A kind of evidence collecting method of the credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model is as follows Carry out:
Step 1, evidence obtaining server is to received webpage URL addresses or monitors that the URL addresses of targeted website carry out DNS Parsing, obtains dns resolution result;And Hash calculation is carried out to dns resolution result, stored after obtaining cryptographic Hash;Record DNS Query Result so that even if evidence obtaining server has had been subjected to malice DNS spoofing attacks, also can correctly review error result, Avoid providing the information of mistake.
Step 2, evidence obtaining server by utilizing web crawlers is to webpage URL addresses or monitors that the URL addresses of targeted website are carried out Crawl, binary data, original web page file and original web page sectional drawing are obtained respectively and is stored successively and arrives evidence storage server Network data plane storage server, content crawl layer storage server and sectional drawing evidence obtaining layer storage server in so that card According to three layers of credible webpage Forensics Model of formation in storage server;
Three layers of credible webpage Forensics Model are fixed by three layers of content, while three parts of evidences can be obtained:Binary data, Original web page file, original web page sectional drawing, and with following feature:
1st, for three parts of evidence copies, Hash calculation is carried out, the cryptographic Hash of acquisition is saved, it is ensured that be not tampered with, energy Enough carry out cross validation, it is ensured that evidence it is credible, even if a copy of it is tampered, remain on can rely on three between friendship Fork verification ensures the validity of related data.
2nd, for three kinds of simultaneous evidence obtaining fixed forms, it can simultaneously record to ensure to take according to different levels form Demonstrate,prove data correctness and can not being tampered property.Once a copy of it is tampered, other two parts can be used by each side Method examines its correctness, or even the evidence that recovery is tampered.
3rd, in first layer binary data packets include specific data content can by it is various parsing obtain the second layer Web page files content of evidence, but because a variety of causes gateway there may be difference to the partitioning scheme of packet, it is impossible to from second Layer web page files evidence obtains first layer binary data, thus first layer to the extraction process of the second layer be irreversible.
4th, the file such as HTTP files, CSS style, Javascript scripts and webpage capture are many-to-one relations, and by Exist in factors such as written in code customs, different HTTP files, CSS style, Javascript scripts there may be after rendering Obtain the effect of the same page, and webpage rendered sectional drawing and only includes image information, therefore second layer web page files originally It is also irreversible to the data extraction procedure of third layer webpage capture.
5th, due to two layers of information extraction can not reverse-power presence, cause only low level evidence to recover high-level card According to, and can not be from high-level Information recovering low level data.
Step 3, the evidence that evidence presence server is submitted according to user, which is presented, asks, respectively from evidence storage server Obtain after binary data, original web page file and original web page sectional drawing by the anti-tamper checking of cross validation principle progress;
As shown in Fig. 2 cross validation principle is:
Step a, the binary data of step 3 reduced, compared after obtaining web page files with original web page file It is right;If comparison result is consistent, step b is performed;Otherwise step c is performed;
Step b, the original web page file of step 3 reduced, obtain after webpage capture and enter with original web page sectional drawing Row is compared;If comparison result is consistent, then it represents that electronic evidence is not tampered with and performs step 4;Otherwise original web page sectional drawing is represented It is tampered, webpage capture is substituted step 4 is performed after original web page sectional drawing;
Step c, step a web page files are reduced, obtain after checking webpage capture and to be carried out with original web page sectional drawing Compare;If comparison result is consistent, represent that original web page file is tampered;Abandon and step 4 is performed after original web page file;Otherwise then Represent that binary data is tampered, abandon and step 4 is performed after binary data;
Anti-tamper checking includes herein below:
1st, assume only have third layer webpage capture evidence to be tampered, first layer binary system evidence can be used by simulating number Crawled according to parsing and the reptile framework of bag and retrieve second layer web page files evidence, then with original second layer web page files evidence It is compared.If both contents are just the same, prove that evidence remains unchanged effectively.Can also through the second layer webpage being reduced Documentary evidence or original second layer web page files evidence recover the third layer webpage capture evidence being tampered.
2nd, assume only have second layer web page files evidence to be tampered, first layer binary system evidence can be used first to recover the Two layers of web page files evidence go out third layer webpage capture evidence by the evidences collection recovered again, afterwards with original third layer webpage Sectional drawing evidence is contrasted.If both contents unanimously if prove that evidence is effective.
3rd, assume only have first layer binary system evidence to be tampered, because the irreversibility of first layer binary system evidences collection is led Cause can not recover first layer binary system evidence completely.It can only use after second layer web page files evidences collection and to be cut with third layer webpage Figure evidence is compared, if content is consistent, proves that evidence remains unchanged effectively.
Step 4, user generate court evidence document to evidence presence server according to original web page sectional drawing.

Claims (2)

1. a kind of credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model, it is characterized in that composition includes:Evidence takes Demonstrate,prove server, evidence storage server and evidence presence server;
The evidence evidence obtaining server is used to collect evidence to the webpage URL addresses that user submits or to monitoring targeted website URL is collected evidence address and monitored, and the evidence obtained is classified and fixed, and is formed by binary data (A1), original Three layers of electronic evidence that beginning web page files (B1) and original web page sectional drawing (C1) are constituted;
The bottom-up network data plane storage server for being divided into first layer of the evidence storage server, the content of the second layer are climbed The sectional drawing evidence obtaining layer storage server of layer storage server and third layer is taken, the two of storage three layers of electronic evidence are respectively used to Binary data (A1), original web page file (B1) and original web page sectional drawing (C1), so as to form three layers of credible webpage Forensics Model;
The evidence presence server is used for when only one layer evidence is tampered, and three layers of electronic evidence is tested by intersection Principle is demonstrate,proved to carry out anti-tamper checking and generate court evidence document according to the original web page sectional drawing (C1);
The cross validation principle is:
Step a, the binary data (A1) reduced, obtain web page files (B2) afterwards with the original web page file (B1) it is compared;If comparison result is consistent, step b is performed;Otherwise step c is performed;
Step b, the original web page file (B1) reduced, obtain webpage capture (C2) afterwards with the original web page sectional drawing (C1) it is compared;If comparison result is consistent, then it represents that the electronic evidence is not tampered with;Otherwise represent that the original web page is cut Figure (C1) is tampered, and the original web page sectional drawing (C1) is substituted with the webpage capture (C2);
Step c, the web page files (B2) are reduced, obtain checking webpage capture (C3) afterwards with the original web page sectional drawing (C1) it is compared;If comparison result is consistent, represent that original web page file (B1) is tampered;Abandon the original web page file (B1);Otherwise represent that the binary data (A1) is tampered, abandon the binary data (A1).
2. a kind of evidence obtaining of the credible webpage evidence-obtaining system based on three layers of credible webpage Forensics Model described in utilization claim 1 Method, it is characterized in that carrying out as follows:
Step 1, the evidence obtaining server is to received webpage URL addresses or monitors that the URL addresses of targeted website carry out DNS Parsing, obtains dns resolution result;And Hash calculation is carried out to the dns resolution result, stored after obtaining cryptographic Hash;
Step 2, the evidence obtaining server by utilizing web crawlers is to the webpage URL addresses or the URL addresses of monitoring targeted website Crawled, binary data (A1), original web page file (B1) and original web page sectional drawing (C1) are obtained respectively and is stored successively Network data plane storage server, content to the evidence storage server crawl layer storage server and sectional drawing evidence obtaining layer is deposited Store up in server, so as to form three layers of credible webpage Forensics Model in the evidence storage server;
Step 3, the evidence that the evidence presence server is submitted according to user, which is presented, asks, respectively from the evidence storage service Obtained in device after the binary data (A1), original web page file (B1) and original web page sectional drawing (C1), in only one layer card During according to being tampered, anti-tamper checking is carried out by cross validation principle;
The cross validation principle is:
Step a, the binary data (A1) reduced, obtain web page files (B2) afterwards with the original web page file (B1) it is compared;If comparison result is consistent, step b is performed;Otherwise step c is performed;
Step b, the original web page file (B1) reduced, obtain webpage capture (C2) afterwards with the original web page sectional drawing (C1) it is compared;If comparison result is consistent, then it represents that the electronic evidence is not tampered with and performs step 4;Otherwise institute is represented State original web page sectional drawing (C1) to be tampered, substitute the original web page sectional drawing (C1) with the webpage capture (C2) performs step afterwards 4;
Step c, the web page files (B2) are reduced, obtain checking webpage capture (C3) afterwards with the original web page sectional drawing (C1) it is compared;If comparison result is consistent, represent that original web page file (B1) is tampered;Abandon the original web page file (B1) step 4 is performed afterwards;Otherwise represent that the binary data (A1) is tampered, abandon the binary data (A1) and perform afterwards Step 4;
Step 4, the user generate court evidence document to evidence presence server according to the original web page sectional drawing (C1).
CN201410482826.6A 2014-09-19 2014-09-19 A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model Active CN104199962B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410482826.6A CN104199962B (en) 2014-09-19 2014-09-19 A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410482826.6A CN104199962B (en) 2014-09-19 2014-09-19 A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model

Publications (2)

Publication Number Publication Date
CN104199962A CN104199962A (en) 2014-12-10
CN104199962B true CN104199962B (en) 2017-09-22

Family

ID=52085255

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410482826.6A Active CN104199962B (en) 2014-09-19 2014-09-19 A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model

Country Status (1)

Country Link
CN (1) CN104199962B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580242A (en) * 2015-01-22 2015-04-29 杭州安存网络科技有限公司 Web page evidence preservation method and device
CN105791294B (en) * 2016-03-04 2020-11-03 河北腾翔科技有限公司 Method for realizing user data integrity and confidentiality
CN106203088A (en) * 2016-06-24 2016-12-07 北京奇虎科技有限公司 The method and device of acquisition of information
CN106254078A (en) * 2016-08-02 2016-12-21 冯颖 The Internet evidence collecting method, device and the Internet safety system
CN109788019A (en) * 2017-11-13 2019-05-21 重庆华龙艾迪信息技术有限公司 A kind of data processing method and proxy server
US10831856B1 (en) 2018-04-10 2020-11-10 Amdocs Development Limited System, method, and computer program for implementing trustable, unobtrusive webpage monitoring and correcting based on validation rules
CN108809943B (en) * 2018-05-14 2021-05-14 苏州闻道网络科技股份有限公司 Website monitoring method and device
CN110135201A (en) * 2019-04-28 2019-08-16 阿里巴巴集团控股有限公司 A kind of webpage evidence collecting method and device based on independent operating environment
CN110555179A (en) * 2019-09-05 2019-12-10 厦门市美亚柏科信息股份有限公司 Dynamic website script evidence obtaining method, terminal equipment and storage medium
CN112541149B (en) * 2020-12-18 2022-07-08 厦门市美亚柏科信息股份有限公司 Method and system for recovering webpage content of mobile phone

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325139A (en) * 2011-09-14 2012-01-18 福建伊时代信息科技股份有限公司 Electronic document processing method, processing system and verification system
CN102761620A (en) * 2012-07-13 2012-10-31 段杰 Electronic evidence collection and management system
CN102902703A (en) * 2012-07-19 2013-01-30 中国人民解放军国防科学技术大学 Network sensitive information-oriented screenshot discovery and locking callback method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325139A (en) * 2011-09-14 2012-01-18 福建伊时代信息科技股份有限公司 Electronic document processing method, processing system and verification system
CN102761620A (en) * 2012-07-13 2012-10-31 段杰 Electronic evidence collection and management system
CN102902703A (en) * 2012-07-19 2013-01-30 中国人民解放军国防科学技术大学 Network sensitive information-oriented screenshot discovery and locking callback method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"针对计算机信息来源的电子物证技术研究";吴丽娜;《中国优秀硕士学位论文全文数据库·社会科学Ⅰ辑》;20130515;G113-51 *

Also Published As

Publication number Publication date
CN104199962A (en) 2014-12-10

Similar Documents

Publication Publication Date Title
CN104199962B (en) A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model
Raghavan Digital forensic research: current state of the art
Gupta et al. PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications
CN103559235B (en) A kind of online social networks malicious web pages detection recognition methods
Ismail et al. A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability
CN103297394B (en) Website security detection method and device
US20140380477A1 (en) Methods and devices for identifying tampered webpage and inentifying hijacked web address
CN101895516B (en) Method and device for positioning cross-site scripting attack source
CN103118035B (en) Method and the device of analyzing web site access request parameters legal range
CN105046168A (en) Network electron evidence processing system and processing method
CN103179095A (en) Method and client device for detecting phishing websites
CN103888490A (en) Automatic WEB client man-machine identification method
US10645117B2 (en) Systems and methods to detect and notify victims of phishing activities
US20180150877A1 (en) 3rd party request-blocking bypass layer
CN103914655A (en) Downloaded file security detection method and device
CN103312692B (en) Chained address safety detecting method and device
WO2017063274A1 (en) Method for automatically determining malicious-jumping and malicious-nesting offensive websites
CN103870752A (en) Method and device for detecting Flash XSS (Cross Site Script) vulnerabilities and equipment
CN103778352A (en) Electronic evidence generation and verification method and device as well as electronic evidence generation system
CN112507264A (en) System and method for automatically realizing network electronic evidence obtaining through traceability
CN102073678B (en) System and method for analyzing information of websites
CN114157568B (en) Browser secure access method, device, equipment and storage medium
CN108322420A (en) The detection method and device of backdoor file
AlZahrani et al. Forensic analysis of Twitch video streaming activities on Android
CN113392297A (en) Method, system and equipment for crawling data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant