CN108667835A - A kind of control remote equipment carries out method, system and the storage medium of network forensics - Google Patents

A kind of control remote equipment carries out method, system and the storage medium of network forensics Download PDF

Info

Publication number
CN108667835A
CN108667835A CN201810417851.4A CN201810417851A CN108667835A CN 108667835 A CN108667835 A CN 108667835A CN 201810417851 A CN201810417851 A CN 201810417851A CN 108667835 A CN108667835 A CN 108667835A
Authority
CN
China
Prior art keywords
client
remote equipment
cloud desktop
user
evidence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810417851.4A
Other languages
Chinese (zh)
Inventor
陈艳
郭文静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Legal Notary Cloud (xiamen) Technology Co Ltd
Original Assignee
Legal Notary Cloud (xiamen) Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Legal Notary Cloud (xiamen) Technology Co Ltd filed Critical Legal Notary Cloud (xiamen) Technology Co Ltd
Priority to CN201810417851.4A priority Critical patent/CN108667835A/en
Publication of CN108667835A publication Critical patent/CN108667835A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/452Remote windowing, e.g. X-Window System, desktop virtualisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/308Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention provides method, system and storage mediums that a kind of control remote equipment carries out network forensics, which includes the first client, remote equipment and server, and this method includes:Link step, the first client are linked by cloud desktop with remote equipment;Procedure of evidence- obtaining, first client control remote equipment by the forensic applications app in cloud desktop and collect evidence.The present invention links remote equipment by cloud desktop, by client operation, the remote equipment stored after evidence obtaining generates proof data encryption user, and operation of the user on cloud desktop is subjected to record screen and encrypts storage, form the chain of evidence of consistency, the proof data is stored in third-party server, it cannot be tampered, improve the confidence level of evidence, user collects evidence after complete backed off after random remote equipment, remote equipment deletes the relevant all data of the user, the spatter property that ensure that evidence obtaining environment, to improve the safety of evidence.

Description

A kind of control remote equipment carries out method, system and the storage medium of network forensics
Technical field
The present invention relates to network evidence Techniques of preserving field, especially a kind of control remote equipment carries out the side of network forensics Method, system and storage medium.
Background technology
Currently, the illegal invasion phenomenon of network is commonplace, party, which needs to obtain corresponding evidence, could safeguard oneself Legitimate rights and interests, it is the most frequently used most easily approach to obtain electronic evidence using mobile device, but there is also larger among these Problem, the safety of spatter property and the evidence storage for environment of exactly collecting evidence, because being all the shifting that party manipulates oneself Dynamic equipment is collected evidence, it is difficult to ensure that whether equipment has an insecurity such as virus, wooden horse, and the evidence obtained it is difficult to ensure that It will not be distorted by party or be damaged by other factors.
Therefore, current electronic evidence is solid due to that can not ensure evidence taking equipment spatter property in acquisition process and evidence Primitiveness after fixed and can not tamper, lead to that user is many times caused to be difficult to using the electronic evidence that the equipment of oneself obtains As the evidence material that can be accepted and believed.
Invention content
The present invention is the defects of for the above-mentioned prior art, it is proposed that following technical solution.
A method of control remote equipment carries out network forensics, and this method includes:
Link step, the first client are linked by cloud desktop with remote equipment;
Procedure of evidence- obtaining, first client control remote equipment by the forensic applications app in cloud desktop and collect evidence.
Further, the link step includes:
Login service device step:Username and password is sent to server by first client;
Verification step:After user name password described in the server authentication passes through, a cloud table is opened for the first client Face, the first client remote access the cloud desktop;
Bind step:Cloud desktop and the one-to-one relationship of remote equipment are established by the forensic applications app in cloud desktop;
Establish the link step:The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and by institute It states IP address and is sent to the first client, first client is established the link by the IP address and the remote equipment.
Further, the procedure of evidence- obtaining includes:
Using login step:User logs in the application of at least one of remote equipment by the first client;
Cloud desktop screen records step:All behaviour carried out after cloud desktop are entered by the first client for recording user Form cloud desktop screen data recording;
User's procedure of evidence- obtaining:User is used by first client using after app evidence obtainings, and proof data is generated;
Wherein, after the user exits the remote equipment by the first client, the remote equipment removes the use Family uses trace.
Further, at least one of described remote equipment, which is applied, is:Social networking application, game application and/or payment Using;
Wherein, the social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application includes eating chicken game and king Person's honor, the payment application include Alipay, wechat, Unionpay's payment and e-Bank payment;
Wherein, first client is desktop computer, notebook computer, tablet computer or smart mobile phone, institute It is desktop computer, notebook computer, tablet computer or smart mobile phone to state remote equipment.
Further, the server includes storage unit, and the method further includes:
The cloud desktop screen data recording and proof data are stored in the storage unit of the server by storing step In;
Wherein, the storing step includes:
Cloud desktop screen data recording storing step:The of the cloud desktop screen data recording is calculated using Encryption Algorithm One data fingerprint information, together by the cloud desktop screen data recording, the first data fingerprint information and corresponding user information Capping timestamp is stored into the first memory block in the storage unit of the server;
Proof data storing step calculates the second data fingerprint information of the proof data using Encryption Algorithm, by institute It states proof data, the second data fingerprint information and corresponding user information and is capped timestamp together and stores into the server and deposit It is stored in the second memory block in storage unit, and after the proof data is encrypted single to the corresponding storage of the corresponding account of user In third memory block in member.
The invention also provides a kind of system that control remote equipment carries out network forensics, which includes the first client End, remote equipment and server, first client are linked by cloud desktop with remote equipment;After completing link, institute The first client is stated to collect evidence by the forensic applications app control remote equipments in cloud desktop.
Further, username and password is sent to server by first client, and the server receives Verified after the user name password, after the user name password passes through, for the first client open a cloud desktop, first Client remote accesses the cloud desktop, and establishes cloud desktop and one a pair of remote equipment by the forensic applications app in cloud desktop The relationship answered;
The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and the IP address is sent To the first client, first client is established the link by the IP address and the remote equipment.
Further, user logs in the application of at least one of remote equipment by the first client, and it is logical to record user It crosses the first client and enters all operations carried out after cloud desktop and form cloud desktop screen data recording, user passes through described first Client is used using after app evidence obtainings, generates proof data;
Wherein, after the user exits the remote equipment by the first client, the remote equipment removes the use Family uses trace.
Further, at least one of described remote equipment, which is applied, is:Social networking application, game application and/or payment Using;
Wherein, the social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application includes eating chicken game and king Person's honor, the payment application include Alipay, wechat, Unionpay's payment and e-Bank payment;
Wherein, first client is desktop computer, notebook computer, tablet computer or smart mobile phone, institute It is desktop computer, notebook computer, tablet computer or smart mobile phone to state remote equipment;
Wherein, the server includes storage unit, and the server calculates the cloud desktop screen using Encryption Algorithm First data fingerprint information of data recording, by the cloud desktop screen data recording, the first data fingerprint information and corresponding User information is capped timestamp and stores into the first memory block in the storage unit of the server together;The server makes The second data fingerprint information that the proof data is calculated with Encryption Algorithm, by the proof data, the second data fingerprint information Timestamp is capped together with corresponding user information to store into the second memory block in the storage unit of the server, and will It is stored into the third memory block in the corresponding storage unit of the corresponding account of user after the proof data encryption.
The invention also provides a kind of computer readable storage medium, computer program generation is stored on the storage medium Code, above-mentioned any method is executed when the computer program code is computer-executed.
The present invention technique effect be:The present invention links remote equipment by cloud desktop, and user should by client operation Remote equipment stored after evidence obtaining generates proof data encryption, and operation of the user on cloud desktop is carried out record screen simultaneously Encryption storage, forms the chain of evidence of consistency, which is stored in third-party server, cannot be tampered, improve The confidence level of evidence, user collect evidence after complete backed off after random remote equipment, and remote equipment deletes the relevant all data of the user, protect The spatter property for having demonstrate,proved evidence obtaining environment, to improve the safety of evidence.
Description of the drawings
Fig. 1 is the structure chart for the system that a kind of control remote equipment according to an embodiment of the invention carries out network forensics.
Fig. 2 is the flow chart for the method that a kind of control remote equipment according to an embodiment of the invention carries out network forensics.
Fig. 3 is the flow chart of link step according to an embodiment of the invention.
Fig. 4 is the flow chart of procedure of evidence- obtaining according to an embodiment of the invention.
Fig. 5 is the flow chart of storing step according to an embodiment of the invention.
Specific implementation mode
1-5 is specifically described below in conjunction with the accompanying drawings.
Fig. 1 shows that the system that a kind of control remote equipment 2 of the present invention carries out network forensics, the system include the first visitor Family end 1, remote equipment 2 and server 3, first client 1 are linked by cloud desktop 4 and remote equipment 2;Complete chain After connecing, first client 1 controls remote equipment 2 by the forensic applications app5 in cloud desktop 4 and collects evidence.
Cloud desktop 4 can be distributed to data space, management service, the mode for providing desktop operator, be suitable as Traditional PC can also be upgraded to network operation by the network operating system of the micro-holding Mobile solutions such as tablet, mobile phone.Based on data High in the clouds resource is distributed to each operating terminal, still falls within data platform cloud by the cloud desktop 4 in space mainly by virtualization applications Operating system.Cloud desktop 4 based on management service, mainly by SOA theories, by ESB (Enterprise Service Bus) and EBB (enterprises Industry service bus) content, be distributed to each operating terminal, belong to business platform cloud operating system.
Remote control (VNC), the VNC substantially consist of two parts, and a part is the application program of client (vncviewer);Another part is the application program (vncserver) at 3 end of server.The basic operation logic of VNC and one Remote control software under a little Windows is very alike.The 3 end application program of server of VNC is in UNIX and (SuSE) Linux OS Adaptability is very strong, and graphic user interface is very friendly, it appears that and the software interface under Windows is also much like.In any peace Having filled the computer of the Linux platform of the application program (vncviewer) of client very easily and can be mounted with to service The computer of the application program (vncserver) at 3 end of device is connected with each other.In addition, 3 end of server (vncserver) is also built-in Java web interfaces, such user can be shown the operation of other computers by 3 end of server by Netscape , such operating process and display mode compare intuitive and convenient.
First client 1 is generally desktop computer, notebook computer, tablet computer or smart mobile phone, institute It is desktop computer, notebook computer, tablet computer or smart mobile phone to state remote equipment 2 (also referred to as evidence taking equipment), excellent Selection of land, evidence taking equipment are portable equipment, such as smart mobile phone, and evidence taking equipment is more, can specifically be predicted according to historical data It is appropriate to need how many evidence taking equipment, is ensured without waiting for the time too long when user needs evidence obtaining, to ensure to use Family has evidence taking equipment that can use when needing evidence obtaining.
Before user collects evidence, needs to be registered on server 3, and obtain username and password, work as user When being collected evidence, username and password is sent to server 3, the server 3 by user by first client 1 It is verified after receiving the user name password, after the user name password passes through, a cloud table is opened for the first client 1 Face 4, the first client 1 remotely access the cloud desktop 4, and by the forensic applications app5 in cloud desktop 4 establish cloud desktop 4 with it is remote 2 one-to-one relationship of journey equipment.The process realizes 4 remote control evidence taking equipment of cloud desktop using VNC technologies, establishes the link Process can carry out automatic governing according to the service condition of evidence taking equipment, ensure that one evidence taking equipment of synchronization can only be same User uses.
The cloud desktop 4 obtains the IP address of corresponding remote equipment 2 by forensic applications app5, and the IP address is sent out It send to the first client 1, first client 1 is established the link by the IP address and the remote equipment 2.Link is established Afterwards, the first client 1 sends test data bag to remote equipment 2, to determine whether link can work normally.
User logs in the application of at least one of remote equipment 2 by the first client 1, records user and passes through the first client End 1 enters all operations carried out after cloud desktop 4 and forms 4 screen recording data of cloud desktop, and user passes through first client 1 After application app evidence obtainings, proof data is generated.At least one of described remote equipment 2 is applied:Social networking application, game Using and/or payment application.The social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application includes eating chicken game With king's honor, the payment application includes Alipay, wechat, Unionpay's payment and e-Bank payment.For example, one embodiment is one A user needs to preserve after the chat record of wechat is collected evidence, and user is linked by the first client 1 with remote equipment 2 Afterwards, forensic applications app5 is enabled, wechat is then logged on remote equipment 2 by cloud desktop 4, then starts to chat, chat Cheng Hou, when user exits remote equipment 2, forensic applications app5 prompt users preserve chat data, and user, which clicks, to be preserved Afterwards, the preservation of data after being collected evidence, forensic applications app5 can carry out evidence obtaining operation by screen interception, can also use record Sound recording audio evidence etc..In addition, after the user exits the remote equipment 2 by the first client 1, it is described remotely to set The standby 2 removing user's uses trace.This is the important inventive point of the present invention, ensure that the spatter property of evidence obtaining environment, to Improve the safety of evidence.
The server 3 includes storage unit, to form the chain of evidence of consistency, also by 4 screen recording of cloud desktop Data and proof data are stored in the storage unit of the server 3.Concrete operations are:The server 3 is calculated using encryption Method calculates the first data fingerprint information of 4 screen recording data of the cloud desktop, by 4 screen recording data of the cloud desktop, One data fingerprint information and corresponding user information be capped together timestamp store into the storage unit of the server 3 In one memory block;The server 3 calculates the second data fingerprint information of the proof data using Encryption Algorithm, by the card Timestamp is capped together according to data, the second data fingerprint information and corresponding user information to store to the storage of the server 3 In the second memory block in unit, and storage unit corresponding to the corresponding account of user is stored after the proof data is encrypted In third memory block in.4 screen recording data of cloud desktop, proof data and the proof data difference checked for user oneself There are in different memory blocks, data safety ensure that, form complete chain of evidence, improve the confidence level of electronic evidence.
Only are there is dispute or evidence obtaining platform are needed (to be set by server 3, evidence obtaining in 4 screen recording data of the cloud desktop Standby, cloud desktop 4 and forensic applications app5 are collectively referred to as evidence obtaining platform) it could be read from server 3 by administrator when providing evidence Take out, before reading can to original using Encryption Algorithm carry out operation again then with the data fingerprint information of storage into Row compares, readable if consistent to take out use;It is unusable if inconsistent.
Evident information (the evidence number that user can be stored after logging in the evidence obtaining platform in query page inquiry user oneself According to), which only provides information inquiry function of browse, does not provide the operations such as upload download, if desired provides evidence and gives government's machine It closes, can be that government bodies open the access of third party's interface according to the effective document that government bodies provide, can be government bodies at this time The download permission of relative users data file is opened, algorithm operation can be equally carried out before downloading again to original and obtain data Finger print information is compared with the data fingerprint information of storage, can successfully be downloaded if consistent;It cannot be downloaded if inconsistent.With Family oneself can only check the proof data of oneself storage and cannot distort, and ensure that data safety, this is another of the present invention Important inventive point achieves following technique effect:By client operation, the remote equipment 2 carries out evidence obtaining generation evidence number to user According to being stored after encryption, and operation of the user on cloud desktop 4 is subjected to record screen and encrypts storage, forms the evidence of consistency Chain, the proof data are stored in third-party server 3, cannot be tampered, and the confidence level of evidence is improved.
Fig. 2 shows the method that a kind of control remote equipment of the present invention carries out network forensics, this method includes:
Link step S1, the first client are linked by cloud desktop with remote equipment;
Procedure of evidence- obtaining S2, first client control remote equipment by the forensic applications app in cloud desktop and are taken Card.
First client is generally desktop computer, notebook computer, tablet computer or smart mobile phone, described Remote equipment (also referred to as evidence taking equipment) is desktop computer, notebook computer, tablet computer or smart mobile phone, preferably Ground, evidence taking equipment are portable equipment, such as smart mobile phone.Evidence taking equipment is more, specifically can predict need according to historical data It is appropriate to need how many evidence taking equipment, is ensured without waiting for the time too long when user needs evidence obtaining, to ensure user There is evidence taking equipment that can use when needing evidence obtaining.
It before user collects evidence, needs to be registered on the server, and obtain username and password, when user needs When being collected evidence, linking for the first client and remote equipment (also referred to as evidence taking equipment) is first carried out, as shown in figure 3, described Link step S1 includes:
Login service device step S11:Username and password is sent to server by first client;
Verification step S12:After user name password described in the server authentication passes through, a cloud is opened for the first client Desktop, the first client remote access the cloud desktop;
Bind step S13:Cloud desktop is established by the forensic applications app in cloud desktop to close correspondingly with remote equipment System;
Establish the link step S14:The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and The IP address is sent to the first client, first client establishes chain by the IP address and the remote equipment It connects.
The process realizes that cloud Desktop Remote controls evidence taking equipment using VNC technologies, and the process established the link can be according to evidence obtaining The service condition of equipment carries out automatic governing, ensures that one evidence taking equipment of synchronization can only be used by the same user.Link After foundation, the first client sends test data bag to remote equipment, to determine whether link can work normally.
The procedure of evidence- obtaining is the important step of the present invention, this is also the important inventive point of the present invention, as shown in figure 4, taking Demonstrate,proving step S2 includes:
Using login step S21:User logs in the application of at least one of remote equipment by the first client;
Cloud desktop screen records step S22:The institute carried out after cloud desktop is entered by the first client for recording user There is operation to form cloud desktop screen data recording;
User's procedure of evidence- obtaining S23:User is used by first client using after app evidence obtainings, and proof data is generated. After the user exits the remote equipment by the first client, the remote equipment removes the use trace of the user.
At least one of described remote equipment is applied:Social networking application, game application and/or payment application.The society Application is handed over to include QQ, wechat, footpath between fields footpath between fields and visit, the game application includes eating chicken game and king's honor, the payment application Including Alipay, wechat, Unionpay's payment and e-Bank payment.It is needed the chat of wechat for example, one embodiment is a user It is preserved after record evidence obtaining, after user is linked by the first client with remote equipment, enables forensic applications app, then lead to It crosses cloud desktop and logs in wechat on a remote device, then start to chat, after the completion of chat, when user exits remote equipment, evidence obtaining Using app prompt user chat data is preserved, user click preserve after, after being collected evidence the preservation of data, evidence obtaining answer Evidence obtaining operation can be carried out by screen interception with app, recording recording audio evidence etc. can also be used.Procedure of evidence- obtaining S2 is protected The spatter property for having demonstrate,proved evidence obtaining environment, to improve the safety of evidence.
Another important inventive point of the invention is stored to the proof data of acquisition, and the server includes storage Unit, as shown in Fig. 2, the method further includes:
The cloud desktop screen data recording and proof data are stored in the storage list of the server by storing step S3 In member.As shown in figure 5, the storing step S3 includes:
Cloud desktop screen data recording storing step S31:The cloud desktop screen data recording is calculated using Encryption Algorithm The first data fingerprint information, by the cloud desktop screen data recording, the first data fingerprint information and corresponding user information Capping timestamp is stored into the first memory block in the storage unit of the server together.
Proof data storing step S32:The second data fingerprint information of the proof data is calculated using Encryption Algorithm, it will The proof data, the second data fingerprint information and corresponding user information are capped timestamp and store into the server together In the second memory block in storage unit, and storage corresponding to the corresponding account of user is stored after the proof data is encrypted In third memory block in unit.Cloud desktop screen data recording, proof data and the proof data checked for user oneself It is respectively present in different memory blocks, ensure that data safety, form complete chain of evidence, improve the confidence level of electronic evidence.
The cloud desktop screen data recording only occur dispute or need collect evidence platform (by server, evidence taking equipment, Cloud desktop and forensic applications app are collectively referred to as evidence obtaining platform) it could be read out from server by administrator when providing evidence, Operation again can be carried out before reading using Encryption Algorithm to original to be then compared with the data fingerprint information of storage, It is readable if consistent to take out use;It is unusable if inconsistent.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit is realized can in the same or multiple software and or hardware when application.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can It is realized by the mode of software plus required general hardware platform.Based on this understanding, the technical solution essence of the application On in other words the part that contributes to existing technology can be expressed in the form of software products, the computer software product It can be stored in a storage medium, such as ROM/RAM, magnetic disc, CD, including some instructions are used so that a computer equipment (can be personal computer, server either network equipment etc.) executes the certain of each embodiment of the application or embodiment Method described in part.
It should be noted last that:Above example only illustrates and not to limitation technical scheme of the present invention, although reference Above-described embodiment describes the invention in detail, it will be understood by those of ordinary skill in the art that:It still can be to this hair It is bright to be modified or replaced equivalently, it without departing from the spirit or scope of the invention, or any substitutions, should all Cover in the scope of the claims of the present invention.

Claims (10)

1. a kind of method that control remote equipment carries out network forensics, which is characterized in that this method includes:
Link step, the first client are linked by cloud desktop with remote equipment;
Procedure of evidence- obtaining, first client control remote equipment by the forensic applications app in cloud desktop and collect evidence.
2. according to the method described in claim 1, it is characterized in that, the link step includes:
Login service device step:Username and password is sent to server by first client;
Verification step:After user name password described in the server authentication passes through, a cloud desktop is opened for the first client, the One client remote accesses the cloud desktop;
Bind step:Cloud desktop and the one-to-one relationship of remote equipment are established by the forensic applications app in cloud desktop;
Establish the link step:The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and by the IP Address is sent to the first client, and first client is established the link by the IP address and the remote equipment.
3. according to the method described in claim 2, it is characterized in that, the procedure of evidence- obtaining includes:
Using login step:User logs in the application of at least one of remote equipment by the first client;
Cloud desktop screen records step:All operation shapes carried out are entered after cloud desktop by the first client for recording user At cloud desktop screen data recording;
User's procedure of evidence- obtaining:User is used by first client using after app evidence obtainings, and proof data is generated;
Wherein, after the user exits the remote equipment by the first client, the remote equipment removes the user's Use trace.
4. method according to claim 3, the application of at least one of described remote equipment are:Social networking application, game application and/ Or payment application;
Wherein, the social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application is flourish including eating chicken game and king Credit, the payment application include Alipay, wechat, Unionpay's payment and e-Bank payment;
Wherein, first client is desktop computer, notebook computer, tablet computer or smart mobile phone, described remote Journey equipment is desktop computer, notebook computer, tablet computer or smart mobile phone.
5. method according to claim 4, which is characterized in that the server includes storage unit, and the method further includes:
The cloud desktop screen data recording and proof data are stored in the storage unit of the server by storing step;
Wherein, the storing step includes:
Cloud desktop screen data recording storing step:The first number of the cloud desktop screen data recording is calculated using Encryption Algorithm According to finger print information, the cloud desktop screen data recording, the first data fingerprint information and corresponding user information are capped together Timestamp is stored into the first memory block in the storage unit of the server;
Proof data storing step calculates the second data fingerprint information of the proof data using Encryption Algorithm, by the card It is capped timestamp together according to data, the second data fingerprint information and corresponding user information and stores into the server storage list In the second memory block in member, and stored into the corresponding storage unit of the corresponding account of user after the proof data is encrypted Third memory block in.
6. a kind of system that control remote equipment carries out network forensics, the system include the first client, remote equipment and service Device, it is characterised in that:
First client is linked by cloud desktop with remote equipment;
After completing link, first client controls remote equipment by the forensic applications app in cloud desktop and collects evidence.
7. system according to claim 6, which is characterized in that
Username and password is sent to server by first client, after the server receives the user name password It is verified, after the user name password passes through, opens a cloud desktop for the first client, the first client remote accesses should Cloud desktop, and cloud desktop and the one-to-one relationship of remote equipment are established by the forensic applications app in cloud desktop;
The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and the IP address is sent to One client, first client are established the link by the IP address and the remote equipment.
8. system according to claim 7, which is characterized in that
User logs in the application of at least one of remote equipment by the first client, records user and is entered by the first client All operations carried out after cloud desktop form cloud desktop screen data recording, and user uses application by first client After app evidence obtainings, proof data is generated;
Wherein, after the user exits the remote equipment by the first client, the remote equipment removes the user's Use trace.
9. system according to claim 8, which is characterized in that at least one of described remote equipment, which is applied, is:Social networking application, Game application and/or payment application;
Wherein, the social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application is flourish including eating chicken game and king Credit, the payment application include Alipay, wechat, Unionpay's payment and e-Bank payment;
Wherein, first client is desktop computer, notebook computer, tablet computer or smart mobile phone, described remote Journey equipment is desktop computer, notebook computer, tablet computer or smart mobile phone;
Wherein, the server includes storage unit, and the server calculates the cloud desktop screen using Encryption Algorithm and records First data fingerprint information of data, by the cloud desktop screen data recording, the first data fingerprint information and corresponding user Information is capped timestamp and stores into the first memory block in the storage unit of the server together;The server, which uses, to be added Close algorithm calculates the second data fingerprint information of the proof data, by the proof data, the second data fingerprint information and right The user information answered is capped timestamp and stores into the second memory block in the storage unit of the server together, and will be described It is stored into the third memory block in the corresponding storage unit of the corresponding account of user after proof data encryption.
10. a kind of computer readable storage medium, which is characterized in that it is stored with computer program code on the storage medium, When the computer program code is computer-executed, perform claim requires any method of 1-5.
CN201810417851.4A 2018-05-04 2018-05-04 A kind of control remote equipment carries out method, system and the storage medium of network forensics Pending CN108667835A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810417851.4A CN108667835A (en) 2018-05-04 2018-05-04 A kind of control remote equipment carries out method, system and the storage medium of network forensics

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810417851.4A CN108667835A (en) 2018-05-04 2018-05-04 A kind of control remote equipment carries out method, system and the storage medium of network forensics

Publications (1)

Publication Number Publication Date
CN108667835A true CN108667835A (en) 2018-10-16

Family

ID=63781813

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810417851.4A Pending CN108667835A (en) 2018-05-04 2018-05-04 A kind of control remote equipment carries out method, system and the storage medium of network forensics

Country Status (1)

Country Link
CN (1) CN108667835A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109819101A (en) * 2018-12-18 2019-05-28 法信公证云(厦门)科技有限公司 A kind of evidence collecting method and Specialised mobile terminal of collecting evidence
CN110351369A (en) * 2019-07-12 2019-10-18 北京联合信任技术服务有限公司 Electronic evidence security method and system
CN110414274A (en) * 2019-07-01 2019-11-05 北京联合信任技术服务有限公司 Electronic evidence security method and system
CN110807184A (en) * 2019-09-23 2020-02-18 上海意略明数字科技股份有限公司 Method for intelligently recording screen and acquiring behavior data of computer and mobile terminal user
CN111832078A (en) * 2020-06-14 2020-10-27 北京联合信任技术服务有限公司 Data acquisition verification system, data acquisition verification method, storage medium, and program product
CN112596752A (en) * 2020-12-29 2021-04-02 厦门市美亚柏科信息股份有限公司 Internet of things method and system for electronic evidence obtaining equipment
CN110245020B (en) * 2019-06-21 2022-02-15 真相网络科技(北京)有限公司 Mobile phone content forensics method and system based on multiple forensics devices
CN114500497A (en) * 2021-12-28 2022-05-13 盘石软件(上海)有限公司 Method and system for obtaining evidence of cloud mobile phone
CN115189935A (en) * 2022-07-07 2022-10-14 华北水利水电大学 Intelligent mobile device centralized investigation and evidence obtaining system and investigation and evidence obtaining method based on same

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105046168A (en) * 2015-01-21 2015-11-11 上海人科数据科技有限公司 Network electron evidence processing system and processing method
CN105338119A (en) * 2015-12-03 2016-02-17 厦门法信公证云科技有限公司 Electronic evidence fixing security system based on cloud storage
CN106059772A (en) * 2016-05-17 2016-10-26 上海凭安网络科技有限公司 Autonomous electronic evidence obtaining method and system
US20170149853A1 (en) * 2015-11-25 2017-05-25 International Business Machines Corporation Managing virtual desktop infrastructure data sharing
CN107666460A (en) * 2016-07-27 2018-02-06 真相网络科技(北京)有限公司 Long-distance intelligent evidence-obtaining system and method based on mobile Internet

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105046168A (en) * 2015-01-21 2015-11-11 上海人科数据科技有限公司 Network electron evidence processing system and processing method
US20170149853A1 (en) * 2015-11-25 2017-05-25 International Business Machines Corporation Managing virtual desktop infrastructure data sharing
CN105338119A (en) * 2015-12-03 2016-02-17 厦门法信公证云科技有限公司 Electronic evidence fixing security system based on cloud storage
CN106059772A (en) * 2016-05-17 2016-10-26 上海凭安网络科技有限公司 Autonomous electronic evidence obtaining method and system
CN107666460A (en) * 2016-07-27 2018-02-06 真相网络科技(北京)有限公司 Long-distance intelligent evidence-obtaining system and method based on mobile Internet

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109819101A (en) * 2018-12-18 2019-05-28 法信公证云(厦门)科技有限公司 A kind of evidence collecting method and Specialised mobile terminal of collecting evidence
CN110245020B (en) * 2019-06-21 2022-02-15 真相网络科技(北京)有限公司 Mobile phone content forensics method and system based on multiple forensics devices
CN110414274A (en) * 2019-07-01 2019-11-05 北京联合信任技术服务有限公司 Electronic evidence security method and system
CN110414274B (en) * 2019-07-01 2022-03-18 北京联合信任技术服务有限公司 Electronic evidence preservation method and system
CN110351369A (en) * 2019-07-12 2019-10-18 北京联合信任技术服务有限公司 Electronic evidence security method and system
CN110807184A (en) * 2019-09-23 2020-02-18 上海意略明数字科技股份有限公司 Method for intelligently recording screen and acquiring behavior data of computer and mobile terminal user
CN111832078A (en) * 2020-06-14 2020-10-27 北京联合信任技术服务有限公司 Data acquisition verification system, data acquisition verification method, storage medium, and program product
CN112596752A (en) * 2020-12-29 2021-04-02 厦门市美亚柏科信息股份有限公司 Internet of things method and system for electronic evidence obtaining equipment
CN112596752B (en) * 2020-12-29 2022-07-15 厦门市美亚柏科信息股份有限公司 Internet of things method and system for electronic evidence obtaining equipment
CN114500497A (en) * 2021-12-28 2022-05-13 盘石软件(上海)有限公司 Method and system for obtaining evidence of cloud mobile phone
CN115189935A (en) * 2022-07-07 2022-10-14 华北水利水电大学 Intelligent mobile device centralized investigation and evidence obtaining system and investigation and evidence obtaining method based on same
CN115189935B (en) * 2022-07-07 2023-10-13 华北水利水电大学 Intelligent mobile device centralized investigation evidence collection system and investigation evidence collection method based on same

Similar Documents

Publication Publication Date Title
CN108667835A (en) A kind of control remote equipment carries out method, system and the storage medium of network forensics
Ab Rahman et al. Cloud incident handling and forensic‐by‐design: cloud storage as a case study
Årnes Digital forensics
Quick et al. Cloud storage forensics
Mozumder et al. Cloud computing security breaches and threats analysis
US20200193019A1 (en) Managing data exfiltration risk
CN107852585A (en) improve the performance of packaged application program
Sindhu et al. Digital forensic investigation tools and procedures
US11489660B2 (en) Re-encrypting data on a hash chain
Crossman et al. Study of authentication with IoT testbed
US10313386B1 (en) Systems and methods for assessing security risks of users of computer networks of organizations
WO2019011187A1 (en) Method, device, and apparatus for loss reporting, removing loss report, and service management of electronic account
CN109254734A (en) A kind of date storage method, device, equipment and computer readable storage medium
Doshi et al. A review paper on security concerns in cloud computing and proposed security models
Meetei et al. Security issues in cloud computing
Dargahi et al. Investigating storage as a service cloud platform: pCloud as a case study
CN105827597A (en) Method for managing internet account number and password
GB2535579A (en) Preventing unauthorized access to an application server
KR101745948B1 (en) Apparatus for collecting history of data in cloud environment, method thereof and computer recordable medium storing the method
Bhardwaj et al. Sql injection attack detection, evidence collection, and notifying system using standard intrusion detection system in network forensics
Zeybek et al. A study on security awareness in mobile devices
Kouatli Global business vulnerabilities in cloud computing services
Malik et al. Cloud security in E-commerce applications
US10116438B1 (en) Managing use of security keys
Joshi et al. A Comprehensive Study of Vulnerability Assessment Techniques of Existing Banking Apps

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181016

RJ01 Rejection of invention patent application after publication