CN108667835A - A kind of control remote equipment carries out method, system and the storage medium of network forensics - Google Patents
A kind of control remote equipment carries out method, system and the storage medium of network forensics Download PDFInfo
- Publication number
- CN108667835A CN108667835A CN201810417851.4A CN201810417851A CN108667835A CN 108667835 A CN108667835 A CN 108667835A CN 201810417851 A CN201810417851 A CN 201810417851A CN 108667835 A CN108667835 A CN 108667835A
- Authority
- CN
- China
- Prior art keywords
- client
- remote equipment
- cloud desktop
- user
- evidence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Technology Law (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides method, system and storage mediums that a kind of control remote equipment carries out network forensics, which includes the first client, remote equipment and server, and this method includes:Link step, the first client are linked by cloud desktop with remote equipment;Procedure of evidence- obtaining, first client control remote equipment by the forensic applications app in cloud desktop and collect evidence.The present invention links remote equipment by cloud desktop, by client operation, the remote equipment stored after evidence obtaining generates proof data encryption user, and operation of the user on cloud desktop is subjected to record screen and encrypts storage, form the chain of evidence of consistency, the proof data is stored in third-party server, it cannot be tampered, improve the confidence level of evidence, user collects evidence after complete backed off after random remote equipment, remote equipment deletes the relevant all data of the user, the spatter property that ensure that evidence obtaining environment, to improve the safety of evidence.
Description
Technical field
The present invention relates to network evidence Techniques of preserving field, especially a kind of control remote equipment carries out the side of network forensics
Method, system and storage medium.
Background technology
Currently, the illegal invasion phenomenon of network is commonplace, party, which needs to obtain corresponding evidence, could safeguard oneself
Legitimate rights and interests, it is the most frequently used most easily approach to obtain electronic evidence using mobile device, but there is also larger among these
Problem, the safety of spatter property and the evidence storage for environment of exactly collecting evidence, because being all the shifting that party manipulates oneself
Dynamic equipment is collected evidence, it is difficult to ensure that whether equipment has an insecurity such as virus, wooden horse, and the evidence obtained it is difficult to ensure that
It will not be distorted by party or be damaged by other factors.
Therefore, current electronic evidence is solid due to that can not ensure evidence taking equipment spatter property in acquisition process and evidence
Primitiveness after fixed and can not tamper, lead to that user is many times caused to be difficult to using the electronic evidence that the equipment of oneself obtains
As the evidence material that can be accepted and believed.
Invention content
The present invention is the defects of for the above-mentioned prior art, it is proposed that following technical solution.
A method of control remote equipment carries out network forensics, and this method includes:
Link step, the first client are linked by cloud desktop with remote equipment;
Procedure of evidence- obtaining, first client control remote equipment by the forensic applications app in cloud desktop and collect evidence.
Further, the link step includes:
Login service device step:Username and password is sent to server by first client;
Verification step:After user name password described in the server authentication passes through, a cloud table is opened for the first client
Face, the first client remote access the cloud desktop;
Bind step:Cloud desktop and the one-to-one relationship of remote equipment are established by the forensic applications app in cloud desktop;
Establish the link step:The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and by institute
It states IP address and is sent to the first client, first client is established the link by the IP address and the remote equipment.
Further, the procedure of evidence- obtaining includes:
Using login step:User logs in the application of at least one of remote equipment by the first client;
Cloud desktop screen records step:All behaviour carried out after cloud desktop are entered by the first client for recording user
Form cloud desktop screen data recording;
User's procedure of evidence- obtaining:User is used by first client using after app evidence obtainings, and proof data is generated;
Wherein, after the user exits the remote equipment by the first client, the remote equipment removes the use
Family uses trace.
Further, at least one of described remote equipment, which is applied, is:Social networking application, game application and/or payment
Using;
Wherein, the social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application includes eating chicken game and king
Person's honor, the payment application include Alipay, wechat, Unionpay's payment and e-Bank payment;
Wherein, first client is desktop computer, notebook computer, tablet computer or smart mobile phone, institute
It is desktop computer, notebook computer, tablet computer or smart mobile phone to state remote equipment.
Further, the server includes storage unit, and the method further includes:
The cloud desktop screen data recording and proof data are stored in the storage unit of the server by storing step
In;
Wherein, the storing step includes:
Cloud desktop screen data recording storing step:The of the cloud desktop screen data recording is calculated using Encryption Algorithm
One data fingerprint information, together by the cloud desktop screen data recording, the first data fingerprint information and corresponding user information
Capping timestamp is stored into the first memory block in the storage unit of the server;
Proof data storing step calculates the second data fingerprint information of the proof data using Encryption Algorithm, by institute
It states proof data, the second data fingerprint information and corresponding user information and is capped timestamp together and stores into the server and deposit
It is stored in the second memory block in storage unit, and after the proof data is encrypted single to the corresponding storage of the corresponding account of user
In third memory block in member.
The invention also provides a kind of system that control remote equipment carries out network forensics, which includes the first client
End, remote equipment and server, first client are linked by cloud desktop with remote equipment;After completing link, institute
The first client is stated to collect evidence by the forensic applications app control remote equipments in cloud desktop.
Further, username and password is sent to server by first client, and the server receives
Verified after the user name password, after the user name password passes through, for the first client open a cloud desktop, first
Client remote accesses the cloud desktop, and establishes cloud desktop and one a pair of remote equipment by the forensic applications app in cloud desktop
The relationship answered;
The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and the IP address is sent
To the first client, first client is established the link by the IP address and the remote equipment.
Further, user logs in the application of at least one of remote equipment by the first client, and it is logical to record user
It crosses the first client and enters all operations carried out after cloud desktop and form cloud desktop screen data recording, user passes through described first
Client is used using after app evidence obtainings, generates proof data;
Wherein, after the user exits the remote equipment by the first client, the remote equipment removes the use
Family uses trace.
Further, at least one of described remote equipment, which is applied, is:Social networking application, game application and/or payment
Using;
Wherein, the social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application includes eating chicken game and king
Person's honor, the payment application include Alipay, wechat, Unionpay's payment and e-Bank payment;
Wherein, first client is desktop computer, notebook computer, tablet computer or smart mobile phone, institute
It is desktop computer, notebook computer, tablet computer or smart mobile phone to state remote equipment;
Wherein, the server includes storage unit, and the server calculates the cloud desktop screen using Encryption Algorithm
First data fingerprint information of data recording, by the cloud desktop screen data recording, the first data fingerprint information and corresponding
User information is capped timestamp and stores into the first memory block in the storage unit of the server together;The server makes
The second data fingerprint information that the proof data is calculated with Encryption Algorithm, by the proof data, the second data fingerprint information
Timestamp is capped together with corresponding user information to store into the second memory block in the storage unit of the server, and will
It is stored into the third memory block in the corresponding storage unit of the corresponding account of user after the proof data encryption.
The invention also provides a kind of computer readable storage medium, computer program generation is stored on the storage medium
Code, above-mentioned any method is executed when the computer program code is computer-executed.
The present invention technique effect be:The present invention links remote equipment by cloud desktop, and user should by client operation
Remote equipment stored after evidence obtaining generates proof data encryption, and operation of the user on cloud desktop is carried out record screen simultaneously
Encryption storage, forms the chain of evidence of consistency, which is stored in third-party server, cannot be tampered, improve
The confidence level of evidence, user collect evidence after complete backed off after random remote equipment, and remote equipment deletes the relevant all data of the user, protect
The spatter property for having demonstrate,proved evidence obtaining environment, to improve the safety of evidence.
Description of the drawings
Fig. 1 is the structure chart for the system that a kind of control remote equipment according to an embodiment of the invention carries out network forensics.
Fig. 2 is the flow chart for the method that a kind of control remote equipment according to an embodiment of the invention carries out network forensics.
Fig. 3 is the flow chart of link step according to an embodiment of the invention.
Fig. 4 is the flow chart of procedure of evidence- obtaining according to an embodiment of the invention.
Fig. 5 is the flow chart of storing step according to an embodiment of the invention.
Specific implementation mode
1-5 is specifically described below in conjunction with the accompanying drawings.
Fig. 1 shows that the system that a kind of control remote equipment 2 of the present invention carries out network forensics, the system include the first visitor
Family end 1, remote equipment 2 and server 3, first client 1 are linked by cloud desktop 4 and remote equipment 2;Complete chain
After connecing, first client 1 controls remote equipment 2 by the forensic applications app5 in cloud desktop 4 and collects evidence.
Cloud desktop 4 can be distributed to data space, management service, the mode for providing desktop operator, be suitable as
Traditional PC can also be upgraded to network operation by the network operating system of the micro-holding Mobile solutions such as tablet, mobile phone.Based on data
High in the clouds resource is distributed to each operating terminal, still falls within data platform cloud by the cloud desktop 4 in space mainly by virtualization applications
Operating system.Cloud desktop 4 based on management service, mainly by SOA theories, by ESB (Enterprise Service Bus) and EBB (enterprises
Industry service bus) content, be distributed to each operating terminal, belong to business platform cloud operating system.
Remote control (VNC), the VNC substantially consist of two parts, and a part is the application program of client
(vncviewer);Another part is the application program (vncserver) at 3 end of server.The basic operation logic of VNC and one
Remote control software under a little Windows is very alike.The 3 end application program of server of VNC is in UNIX and (SuSE) Linux OS
Adaptability is very strong, and graphic user interface is very friendly, it appears that and the software interface under Windows is also much like.In any peace
Having filled the computer of the Linux platform of the application program (vncviewer) of client very easily and can be mounted with to service
The computer of the application program (vncserver) at 3 end of device is connected with each other.In addition, 3 end of server (vncserver) is also built-in
Java web interfaces, such user can be shown the operation of other computers by 3 end of server by Netscape
, such operating process and display mode compare intuitive and convenient.
First client 1 is generally desktop computer, notebook computer, tablet computer or smart mobile phone, institute
It is desktop computer, notebook computer, tablet computer or smart mobile phone to state remote equipment 2 (also referred to as evidence taking equipment), excellent
Selection of land, evidence taking equipment are portable equipment, such as smart mobile phone, and evidence taking equipment is more, can specifically be predicted according to historical data
It is appropriate to need how many evidence taking equipment, is ensured without waiting for the time too long when user needs evidence obtaining, to ensure to use
Family has evidence taking equipment that can use when needing evidence obtaining.
Before user collects evidence, needs to be registered on server 3, and obtain username and password, work as user
When being collected evidence, username and password is sent to server 3, the server 3 by user by first client 1
It is verified after receiving the user name password, after the user name password passes through, a cloud table is opened for the first client 1
Face 4, the first client 1 remotely access the cloud desktop 4, and by the forensic applications app5 in cloud desktop 4 establish cloud desktop 4 with it is remote
2 one-to-one relationship of journey equipment.The process realizes 4 remote control evidence taking equipment of cloud desktop using VNC technologies, establishes the link
Process can carry out automatic governing according to the service condition of evidence taking equipment, ensure that one evidence taking equipment of synchronization can only be same
User uses.
The cloud desktop 4 obtains the IP address of corresponding remote equipment 2 by forensic applications app5, and the IP address is sent out
It send to the first client 1, first client 1 is established the link by the IP address and the remote equipment 2.Link is established
Afterwards, the first client 1 sends test data bag to remote equipment 2, to determine whether link can work normally.
User logs in the application of at least one of remote equipment 2 by the first client 1, records user and passes through the first client
End 1 enters all operations carried out after cloud desktop 4 and forms 4 screen recording data of cloud desktop, and user passes through first client 1
After application app evidence obtainings, proof data is generated.At least one of described remote equipment 2 is applied:Social networking application, game
Using and/or payment application.The social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application includes eating chicken game
With king's honor, the payment application includes Alipay, wechat, Unionpay's payment and e-Bank payment.For example, one embodiment is one
A user needs to preserve after the chat record of wechat is collected evidence, and user is linked by the first client 1 with remote equipment 2
Afterwards, forensic applications app5 is enabled, wechat is then logged on remote equipment 2 by cloud desktop 4, then starts to chat, chat
Cheng Hou, when user exits remote equipment 2, forensic applications app5 prompt users preserve chat data, and user, which clicks, to be preserved
Afterwards, the preservation of data after being collected evidence, forensic applications app5 can carry out evidence obtaining operation by screen interception, can also use record
Sound recording audio evidence etc..In addition, after the user exits the remote equipment 2 by the first client 1, it is described remotely to set
The standby 2 removing user's uses trace.This is the important inventive point of the present invention, ensure that the spatter property of evidence obtaining environment, to
Improve the safety of evidence.
The server 3 includes storage unit, to form the chain of evidence of consistency, also by 4 screen recording of cloud desktop
Data and proof data are stored in the storage unit of the server 3.Concrete operations are:The server 3 is calculated using encryption
Method calculates the first data fingerprint information of 4 screen recording data of the cloud desktop, by 4 screen recording data of the cloud desktop,
One data fingerprint information and corresponding user information be capped together timestamp store into the storage unit of the server 3
In one memory block;The server 3 calculates the second data fingerprint information of the proof data using Encryption Algorithm, by the card
Timestamp is capped together according to data, the second data fingerprint information and corresponding user information to store to the storage of the server 3
In the second memory block in unit, and storage unit corresponding to the corresponding account of user is stored after the proof data is encrypted
In third memory block in.4 screen recording data of cloud desktop, proof data and the proof data difference checked for user oneself
There are in different memory blocks, data safety ensure that, form complete chain of evidence, improve the confidence level of electronic evidence.
Only are there is dispute or evidence obtaining platform are needed (to be set by server 3, evidence obtaining in 4 screen recording data of the cloud desktop
Standby, cloud desktop 4 and forensic applications app5 are collectively referred to as evidence obtaining platform) it could be read from server 3 by administrator when providing evidence
Take out, before reading can to original using Encryption Algorithm carry out operation again then with the data fingerprint information of storage into
Row compares, readable if consistent to take out use;It is unusable if inconsistent.
Evident information (the evidence number that user can be stored after logging in the evidence obtaining platform in query page inquiry user oneself
According to), which only provides information inquiry function of browse, does not provide the operations such as upload download, if desired provides evidence and gives government's machine
It closes, can be that government bodies open the access of third party's interface according to the effective document that government bodies provide, can be government bodies at this time
The download permission of relative users data file is opened, algorithm operation can be equally carried out before downloading again to original and obtain data
Finger print information is compared with the data fingerprint information of storage, can successfully be downloaded if consistent;It cannot be downloaded if inconsistent.With
Family oneself can only check the proof data of oneself storage and cannot distort, and ensure that data safety, this is another of the present invention
Important inventive point achieves following technique effect:By client operation, the remote equipment 2 carries out evidence obtaining generation evidence number to user
According to being stored after encryption, and operation of the user on cloud desktop 4 is subjected to record screen and encrypts storage, forms the evidence of consistency
Chain, the proof data are stored in third-party server 3, cannot be tampered, and the confidence level of evidence is improved.
Fig. 2 shows the method that a kind of control remote equipment of the present invention carries out network forensics, this method includes:
Link step S1, the first client are linked by cloud desktop with remote equipment;
Procedure of evidence- obtaining S2, first client control remote equipment by the forensic applications app in cloud desktop and are taken
Card.
First client is generally desktop computer, notebook computer, tablet computer or smart mobile phone, described
Remote equipment (also referred to as evidence taking equipment) is desktop computer, notebook computer, tablet computer or smart mobile phone, preferably
Ground, evidence taking equipment are portable equipment, such as smart mobile phone.Evidence taking equipment is more, specifically can predict need according to historical data
It is appropriate to need how many evidence taking equipment, is ensured without waiting for the time too long when user needs evidence obtaining, to ensure user
There is evidence taking equipment that can use when needing evidence obtaining.
It before user collects evidence, needs to be registered on the server, and obtain username and password, when user needs
When being collected evidence, linking for the first client and remote equipment (also referred to as evidence taking equipment) is first carried out, as shown in figure 3, described
Link step S1 includes:
Login service device step S11:Username and password is sent to server by first client;
Verification step S12:After user name password described in the server authentication passes through, a cloud is opened for the first client
Desktop, the first client remote access the cloud desktop;
Bind step S13:Cloud desktop is established by the forensic applications app in cloud desktop to close correspondingly with remote equipment
System;
Establish the link step S14:The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and
The IP address is sent to the first client, first client establishes chain by the IP address and the remote equipment
It connects.
The process realizes that cloud Desktop Remote controls evidence taking equipment using VNC technologies, and the process established the link can be according to evidence obtaining
The service condition of equipment carries out automatic governing, ensures that one evidence taking equipment of synchronization can only be used by the same user.Link
After foundation, the first client sends test data bag to remote equipment, to determine whether link can work normally.
The procedure of evidence- obtaining is the important step of the present invention, this is also the important inventive point of the present invention, as shown in figure 4, taking
Demonstrate,proving step S2 includes:
Using login step S21:User logs in the application of at least one of remote equipment by the first client;
Cloud desktop screen records step S22:The institute carried out after cloud desktop is entered by the first client for recording user
There is operation to form cloud desktop screen data recording;
User's procedure of evidence- obtaining S23:User is used by first client using after app evidence obtainings, and proof data is generated.
After the user exits the remote equipment by the first client, the remote equipment removes the use trace of the user.
At least one of described remote equipment is applied:Social networking application, game application and/or payment application.The society
Application is handed over to include QQ, wechat, footpath between fields footpath between fields and visit, the game application includes eating chicken game and king's honor, the payment application
Including Alipay, wechat, Unionpay's payment and e-Bank payment.It is needed the chat of wechat for example, one embodiment is a user
It is preserved after record evidence obtaining, after user is linked by the first client with remote equipment, enables forensic applications app, then lead to
It crosses cloud desktop and logs in wechat on a remote device, then start to chat, after the completion of chat, when user exits remote equipment, evidence obtaining
Using app prompt user chat data is preserved, user click preserve after, after being collected evidence the preservation of data, evidence obtaining answer
Evidence obtaining operation can be carried out by screen interception with app, recording recording audio evidence etc. can also be used.Procedure of evidence- obtaining S2 is protected
The spatter property for having demonstrate,proved evidence obtaining environment, to improve the safety of evidence.
Another important inventive point of the invention is stored to the proof data of acquisition, and the server includes storage
Unit, as shown in Fig. 2, the method further includes:
The cloud desktop screen data recording and proof data are stored in the storage list of the server by storing step S3
In member.As shown in figure 5, the storing step S3 includes:
Cloud desktop screen data recording storing step S31:The cloud desktop screen data recording is calculated using Encryption Algorithm
The first data fingerprint information, by the cloud desktop screen data recording, the first data fingerprint information and corresponding user information
Capping timestamp is stored into the first memory block in the storage unit of the server together.
Proof data storing step S32:The second data fingerprint information of the proof data is calculated using Encryption Algorithm, it will
The proof data, the second data fingerprint information and corresponding user information are capped timestamp and store into the server together
In the second memory block in storage unit, and storage corresponding to the corresponding account of user is stored after the proof data is encrypted
In third memory block in unit.Cloud desktop screen data recording, proof data and the proof data checked for user oneself
It is respectively present in different memory blocks, ensure that data safety, form complete chain of evidence, improve the confidence level of electronic evidence.
The cloud desktop screen data recording only occur dispute or need collect evidence platform (by server, evidence taking equipment,
Cloud desktop and forensic applications app are collectively referred to as evidence obtaining platform) it could be read out from server by administrator when providing evidence,
Operation again can be carried out before reading using Encryption Algorithm to original to be then compared with the data fingerprint information of storage,
It is readable if consistent to take out use;It is unusable if inconsistent.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit is realized can in the same or multiple software and or hardware when application.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can
It is realized by the mode of software plus required general hardware platform.Based on this understanding, the technical solution essence of the application
On in other words the part that contributes to existing technology can be expressed in the form of software products, the computer software product
It can be stored in a storage medium, such as ROM/RAM, magnetic disc, CD, including some instructions are used so that a computer equipment
(can be personal computer, server either network equipment etc.) executes the certain of each embodiment of the application or embodiment
Method described in part.
It should be noted last that:Above example only illustrates and not to limitation technical scheme of the present invention, although reference
Above-described embodiment describes the invention in detail, it will be understood by those of ordinary skill in the art that:It still can be to this hair
It is bright to be modified or replaced equivalently, it without departing from the spirit or scope of the invention, or any substitutions, should all
Cover in the scope of the claims of the present invention.
Claims (10)
1. a kind of method that control remote equipment carries out network forensics, which is characterized in that this method includes:
Link step, the first client are linked by cloud desktop with remote equipment;
Procedure of evidence- obtaining, first client control remote equipment by the forensic applications app in cloud desktop and collect evidence.
2. according to the method described in claim 1, it is characterized in that, the link step includes:
Login service device step:Username and password is sent to server by first client;
Verification step:After user name password described in the server authentication passes through, a cloud desktop is opened for the first client, the
One client remote accesses the cloud desktop;
Bind step:Cloud desktop and the one-to-one relationship of remote equipment are established by the forensic applications app in cloud desktop;
Establish the link step:The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and by the IP
Address is sent to the first client, and first client is established the link by the IP address and the remote equipment.
3. according to the method described in claim 2, it is characterized in that, the procedure of evidence- obtaining includes:
Using login step:User logs in the application of at least one of remote equipment by the first client;
Cloud desktop screen records step:All operation shapes carried out are entered after cloud desktop by the first client for recording user
At cloud desktop screen data recording;
User's procedure of evidence- obtaining:User is used by first client using after app evidence obtainings, and proof data is generated;
Wherein, after the user exits the remote equipment by the first client, the remote equipment removes the user's
Use trace.
4. method according to claim 3, the application of at least one of described remote equipment are:Social networking application, game application and/
Or payment application;
Wherein, the social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application is flourish including eating chicken game and king
Credit, the payment application include Alipay, wechat, Unionpay's payment and e-Bank payment;
Wherein, first client is desktop computer, notebook computer, tablet computer or smart mobile phone, described remote
Journey equipment is desktop computer, notebook computer, tablet computer or smart mobile phone.
5. method according to claim 4, which is characterized in that the server includes storage unit, and the method further includes:
The cloud desktop screen data recording and proof data are stored in the storage unit of the server by storing step;
Wherein, the storing step includes:
Cloud desktop screen data recording storing step:The first number of the cloud desktop screen data recording is calculated using Encryption Algorithm
According to finger print information, the cloud desktop screen data recording, the first data fingerprint information and corresponding user information are capped together
Timestamp is stored into the first memory block in the storage unit of the server;
Proof data storing step calculates the second data fingerprint information of the proof data using Encryption Algorithm, by the card
It is capped timestamp together according to data, the second data fingerprint information and corresponding user information and stores into the server storage list
In the second memory block in member, and stored into the corresponding storage unit of the corresponding account of user after the proof data is encrypted
Third memory block in.
6. a kind of system that control remote equipment carries out network forensics, the system include the first client, remote equipment and service
Device, it is characterised in that:
First client is linked by cloud desktop with remote equipment;
After completing link, first client controls remote equipment by the forensic applications app in cloud desktop and collects evidence.
7. system according to claim 6, which is characterized in that
Username and password is sent to server by first client, after the server receives the user name password
It is verified, after the user name password passes through, opens a cloud desktop for the first client, the first client remote accesses should
Cloud desktop, and cloud desktop and the one-to-one relationship of remote equipment are established by the forensic applications app in cloud desktop;
The cloud desktop obtains the IP address of corresponding remote equipment by forensic applications app, and the IP address is sent to
One client, first client are established the link by the IP address and the remote equipment.
8. system according to claim 7, which is characterized in that
User logs in the application of at least one of remote equipment by the first client, records user and is entered by the first client
All operations carried out after cloud desktop form cloud desktop screen data recording, and user uses application by first client
After app evidence obtainings, proof data is generated;
Wherein, after the user exits the remote equipment by the first client, the remote equipment removes the user's
Use trace.
9. system according to claim 8, which is characterized in that at least one of described remote equipment, which is applied, is:Social networking application,
Game application and/or payment application;
Wherein, the social networking application includes QQ, wechat, footpath between fields footpath between fields and visits, and the game application is flourish including eating chicken game and king
Credit, the payment application include Alipay, wechat, Unionpay's payment and e-Bank payment;
Wherein, first client is desktop computer, notebook computer, tablet computer or smart mobile phone, described remote
Journey equipment is desktop computer, notebook computer, tablet computer or smart mobile phone;
Wherein, the server includes storage unit, and the server calculates the cloud desktop screen using Encryption Algorithm and records
First data fingerprint information of data, by the cloud desktop screen data recording, the first data fingerprint information and corresponding user
Information is capped timestamp and stores into the first memory block in the storage unit of the server together;The server, which uses, to be added
Close algorithm calculates the second data fingerprint information of the proof data, by the proof data, the second data fingerprint information and right
The user information answered is capped timestamp and stores into the second memory block in the storage unit of the server together, and will be described
It is stored into the third memory block in the corresponding storage unit of the corresponding account of user after proof data encryption.
10. a kind of computer readable storage medium, which is characterized in that it is stored with computer program code on the storage medium,
When the computer program code is computer-executed, perform claim requires any method of 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810417851.4A CN108667835A (en) | 2018-05-04 | 2018-05-04 | A kind of control remote equipment carries out method, system and the storage medium of network forensics |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810417851.4A CN108667835A (en) | 2018-05-04 | 2018-05-04 | A kind of control remote equipment carries out method, system and the storage medium of network forensics |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108667835A true CN108667835A (en) | 2018-10-16 |
Family
ID=63781813
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810417851.4A Pending CN108667835A (en) | 2018-05-04 | 2018-05-04 | A kind of control remote equipment carries out method, system and the storage medium of network forensics |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108667835A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109819101A (en) * | 2018-12-18 | 2019-05-28 | 法信公证云(厦门)科技有限公司 | A kind of evidence collecting method and Specialised mobile terminal of collecting evidence |
CN110351369A (en) * | 2019-07-12 | 2019-10-18 | 北京联合信任技术服务有限公司 | Electronic evidence security method and system |
CN110414274A (en) * | 2019-07-01 | 2019-11-05 | 北京联合信任技术服务有限公司 | Electronic evidence security method and system |
CN110807184A (en) * | 2019-09-23 | 2020-02-18 | 上海意略明数字科技股份有限公司 | Method for intelligently recording screen and acquiring behavior data of computer and mobile terminal user |
CN111832078A (en) * | 2020-06-14 | 2020-10-27 | 北京联合信任技术服务有限公司 | Data acquisition verification system, data acquisition verification method, storage medium, and program product |
CN112596752A (en) * | 2020-12-29 | 2021-04-02 | 厦门市美亚柏科信息股份有限公司 | Internet of things method and system for electronic evidence obtaining equipment |
CN110245020B (en) * | 2019-06-21 | 2022-02-15 | 真相网络科技(北京)有限公司 | Mobile phone content forensics method and system based on multiple forensics devices |
CN114500497A (en) * | 2021-12-28 | 2022-05-13 | 盘石软件(上海)有限公司 | Method and system for obtaining evidence of cloud mobile phone |
CN115189935A (en) * | 2022-07-07 | 2022-10-14 | 华北水利水电大学 | Intelligent mobile device centralized investigation and evidence obtaining system and investigation and evidence obtaining method based on same |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105046168A (en) * | 2015-01-21 | 2015-11-11 | 上海人科数据科技有限公司 | Network electron evidence processing system and processing method |
CN105338119A (en) * | 2015-12-03 | 2016-02-17 | 厦门法信公证云科技有限公司 | Electronic evidence fixing security system based on cloud storage |
CN106059772A (en) * | 2016-05-17 | 2016-10-26 | 上海凭安网络科技有限公司 | Autonomous electronic evidence obtaining method and system |
US20170149853A1 (en) * | 2015-11-25 | 2017-05-25 | International Business Machines Corporation | Managing virtual desktop infrastructure data sharing |
CN107666460A (en) * | 2016-07-27 | 2018-02-06 | 真相网络科技(北京)有限公司 | Long-distance intelligent evidence-obtaining system and method based on mobile Internet |
-
2018
- 2018-05-04 CN CN201810417851.4A patent/CN108667835A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105046168A (en) * | 2015-01-21 | 2015-11-11 | 上海人科数据科技有限公司 | Network electron evidence processing system and processing method |
US20170149853A1 (en) * | 2015-11-25 | 2017-05-25 | International Business Machines Corporation | Managing virtual desktop infrastructure data sharing |
CN105338119A (en) * | 2015-12-03 | 2016-02-17 | 厦门法信公证云科技有限公司 | Electronic evidence fixing security system based on cloud storage |
CN106059772A (en) * | 2016-05-17 | 2016-10-26 | 上海凭安网络科技有限公司 | Autonomous electronic evidence obtaining method and system |
CN107666460A (en) * | 2016-07-27 | 2018-02-06 | 真相网络科技(北京)有限公司 | Long-distance intelligent evidence-obtaining system and method based on mobile Internet |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109819101A (en) * | 2018-12-18 | 2019-05-28 | 法信公证云(厦门)科技有限公司 | A kind of evidence collecting method and Specialised mobile terminal of collecting evidence |
CN110245020B (en) * | 2019-06-21 | 2022-02-15 | 真相网络科技(北京)有限公司 | Mobile phone content forensics method and system based on multiple forensics devices |
CN110414274A (en) * | 2019-07-01 | 2019-11-05 | 北京联合信任技术服务有限公司 | Electronic evidence security method and system |
CN110414274B (en) * | 2019-07-01 | 2022-03-18 | 北京联合信任技术服务有限公司 | Electronic evidence preservation method and system |
CN110351369A (en) * | 2019-07-12 | 2019-10-18 | 北京联合信任技术服务有限公司 | Electronic evidence security method and system |
CN110807184A (en) * | 2019-09-23 | 2020-02-18 | 上海意略明数字科技股份有限公司 | Method for intelligently recording screen and acquiring behavior data of computer and mobile terminal user |
CN111832078A (en) * | 2020-06-14 | 2020-10-27 | 北京联合信任技术服务有限公司 | Data acquisition verification system, data acquisition verification method, storage medium, and program product |
CN112596752A (en) * | 2020-12-29 | 2021-04-02 | 厦门市美亚柏科信息股份有限公司 | Internet of things method and system for electronic evidence obtaining equipment |
CN112596752B (en) * | 2020-12-29 | 2022-07-15 | 厦门市美亚柏科信息股份有限公司 | Internet of things method and system for electronic evidence obtaining equipment |
CN114500497A (en) * | 2021-12-28 | 2022-05-13 | 盘石软件(上海)有限公司 | Method and system for obtaining evidence of cloud mobile phone |
CN115189935A (en) * | 2022-07-07 | 2022-10-14 | 华北水利水电大学 | Intelligent mobile device centralized investigation and evidence obtaining system and investigation and evidence obtaining method based on same |
CN115189935B (en) * | 2022-07-07 | 2023-10-13 | 华北水利水电大学 | Intelligent mobile device centralized investigation evidence collection system and investigation evidence collection method based on same |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108667835A (en) | A kind of control remote equipment carries out method, system and the storage medium of network forensics | |
Ab Rahman et al. | Cloud incident handling and forensic‐by‐design: cloud storage as a case study | |
Årnes | Digital forensics | |
Quick et al. | Cloud storage forensics | |
Mozumder et al. | Cloud computing security breaches and threats analysis | |
US20200193019A1 (en) | Managing data exfiltration risk | |
CN107852585A (en) | improve the performance of packaged application program | |
Sindhu et al. | Digital forensic investigation tools and procedures | |
US11489660B2 (en) | Re-encrypting data on a hash chain | |
Crossman et al. | Study of authentication with IoT testbed | |
US10313386B1 (en) | Systems and methods for assessing security risks of users of computer networks of organizations | |
WO2019011187A1 (en) | Method, device, and apparatus for loss reporting, removing loss report, and service management of electronic account | |
CN109254734A (en) | A kind of date storage method, device, equipment and computer readable storage medium | |
Doshi et al. | A review paper on security concerns in cloud computing and proposed security models | |
Meetei et al. | Security issues in cloud computing | |
Dargahi et al. | Investigating storage as a service cloud platform: pCloud as a case study | |
CN105827597A (en) | Method for managing internet account number and password | |
GB2535579A (en) | Preventing unauthorized access to an application server | |
KR101745948B1 (en) | Apparatus for collecting history of data in cloud environment, method thereof and computer recordable medium storing the method | |
Bhardwaj et al. | Sql injection attack detection, evidence collection, and notifying system using standard intrusion detection system in network forensics | |
Zeybek et al. | A study on security awareness in mobile devices | |
Kouatli | Global business vulnerabilities in cloud computing services | |
Malik et al. | Cloud security in E-commerce applications | |
US10116438B1 (en) | Managing use of security keys | |
Joshi et al. | A Comprehensive Study of Vulnerability Assessment Techniques of Existing Banking Apps |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181016 |
|
RJ01 | Rejection of invention patent application after publication |