CN109165308A - A kind of remote evidence obtaining system based on cloud computing - Google Patents
A kind of remote evidence obtaining system based on cloud computing Download PDFInfo
- Publication number
- CN109165308A CN109165308A CN201810857124.XA CN201810857124A CN109165308A CN 109165308 A CN109165308 A CN 109165308A CN 201810857124 A CN201810857124 A CN 201810857124A CN 109165308 A CN109165308 A CN 109165308A
- Authority
- CN
- China
- Prior art keywords
- remote terminal
- evidence
- unit
- data
- forensic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000012545 processing Methods 0.000 claims abstract description 31
- 238000004891 communication Methods 0.000 claims abstract description 25
- 238000004458 analytical method Methods 0.000 claims abstract description 21
- 238000004374 forensic analysis Methods 0.000 claims abstract description 4
- 238000010191 image analysis Methods 0.000 claims description 6
- 238000013523 data management Methods 0.000 claims description 3
- 238000000034 method Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/26—Government or public services
Landscapes
- Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Health & Medical Sciences (AREA)
- Economics (AREA)
- General Health & Medical Sciences (AREA)
- Human Resources & Organizations (AREA)
- Development Economics (AREA)
- Educational Administration (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Medical Treatment And Welfare Office Work (AREA)
Abstract
The invention discloses a kind of remote evidence obtaining systems based on cloud computing, comprising: one or more remote terminals, the remote terminal carry out forensics analysis by evidence equipment of the virtual forensic tools to remote zone when evidence equipment is connected;Demand processing result is provided to remote terminal according to the requirement of remote terminal with long-range processing forensic tools;Investigation center system, it includes: forensic analysis system that the investigation center, which proposes trust, processing and demand processing result;Legal medical expert's server system provides virtual forensic tools, and the relaying data communications between remote terminal and evidence-taking and analysis system to remote terminal.
Description
Technical field
The present invention relates to field of cloud computer technology, in particular to a kind of remote evidence obtaining system based on cloud computing.
Background technique
Cloud computing is similar to traditional C/S model, and service incoming end is the end Client, and service providing end is
The end Server.Cloud evidence obtaining (cloud forensics) refer in cloud computing environment for the fixation of digital evidence,
It extracts, analyze and identifies.It is mainly used for capturing the trace left after offender's invasion cloud computing environment and is presented as evidence
Judicial department.Current cloud forensic technologies, are divided into two kinds: the first be collected evidence with incoming end based on.Such as black hat in 2011
In conference, OWADE forensic tools (the Doing forensics in of the Elie professor Bursztein proposition of Stanford University
the cloud age OWADE:beyond files recovery forensic);Second is collected evidence with service providing end
Based on.Procedure of evidence- obtaining are as follows: extract virtual machine image file → load of image file local → and collected evidence using forensic tools.
From the point of view of angle of collecting evidence, there is two big key characteristics for cloud computing: scale greatly and dynamic change (such as cloud elasticity expansion
Open up characteristic).The above characteristic increases the difficulty of cloud evidence obtaining, and cloud evidence obtaining at least faces following four major problem: first problem is cloud
Middle Data Physical storage place is uncertain.For example, some may be dispersed in one or more service using generated data
In device.Second Problem is that logically related data may disperse to store.For example, certain is applied while being deployed in different services
On device, and this may then be dispersed in different servers using generated data.Third problem is to forensic data
Scale is big, and really information relevant to crime is seldom, it may be necessary to divide more VM (virtual machine) and/or physical disk
Analysis.4th problem is the variation that the resilient expansion mechanism requirement evidence obtaining of cloud can adapt to the scale of system in time, i.e. elasticity evidence obtaining.
Summary of the invention
The invention proposes a kind of remote evidence obtaining systems based on cloud computing, comprising:
One or more remote terminals, the remote terminal is when evidence equipment is connected by virtual forensic tools to long-range
The evidence equipment in region carries out forensics analysis;With
Long-range processing forensic tools provide demand processing result to remote terminal according to the requirement of remote terminal;
Investigation center system, the investigation center propose trust and include:
Forensic analysis system, processing and demand processing result;
Legal medical expert's server system provides virtual forensic tools to remote terminal, and in remote terminal and evidence-taking and analysis system
Between relaying data communications.
The system, the evidence-taking and analysis system include:
Support the communication unit connecting with evidence obtaining server system and data communication;
Image generation unit is generated by using the data flow from remote terminal sent by evidence obtaining server system
Image forensic, and store the image forensic;
Unit of analysis uses legal medical expert's image analysis evidence;
Search unit carries out evidence search using image forensic;
Legal medical expert's server system is transferred to by evidence obtaining server system and by evidence obtaining server system by information is controlled
Remote unit.
The system, the investigation center system include:
Demand processing result is provided to remote terminal;It needs to handle remote terminal;
Laboratory/distributed system, resource needed for expansible evidence obtaining server system operation is provided.
The system, the expansible evidence obtaining server system include:
It supports and the connection of remote terminal and the communication unit of data communication;
Access controller controls the access authority of remote terminal;
Virtualization unit only provides virtual forensic tools when remote Manager has access authority;
Image generation unit generates image forensic by using the data flow from remote terminal;
Unit of analysis uses legal medical expert's image analysis evidence;
Search unit carries out evidence search using image forensic;
According to the analytical unit of image forming unit, analytical unit and search unit, to the control message of remote terminal,
The system, the expansible evidence obtaining server system include:
Server functions support the communication with remote terminal, and provide virtual forensic tools to remote terminal;
The Data Format Transform of multi-source data is internal form and generates image forensic by data input cell;
Data processing unit carries out evidence search and analysis to image forensic according to the request from remote terminal;
Data outputting unit provides the processing result of data processing unit to remote terminal;
Data Management Unit stores data in storage equipment or reads data under the control of data processing unit
Numerical data proves unit, demonstrate,proves to the data inputted from remote terminal and from the data that remote terminal provides
It is bright.
The system, the expansible evidence obtaining server system are the evidence obtaining services of cloud computing mode.
The system, the server functions include:
It supports and the connection of remote terminal and the communication unit of data communication;
Access controller controls the access authority of remote terminal;
Virtualization unit only provides virtual forensic tools when remote terminal has access authority;And
Support the processor controller of multiple remote terminal access.
Detailed description of the invention
From following description with reference to the accompanying drawings it will be further appreciated that the present invention.Component in figure is not drawn necessarily to scale,
But it focuses on and shows in the principle of embodiment.In the figure in different views, identical appended drawing reference is specified to be corresponded to
Part.
Fig. 1 is the schematic diagram of the remote evidence obtaining system of the invention based on cloud computing.
Specific embodiment
In order to enable the objectives, technical solutions, and advantages of the present invention are more clearly understood, below in conjunction with embodiment, to this
Invention is further elaborated;It should be appreciated that described herein, the specific embodiments are only for explaining the present invention, and does not have to
It is of the invention in limiting.To those skilled in the art, after access is described in detail below, other systems of the present embodiment
System, method and/or feature will become obvious.All such additional systems, method, feature and advantage are intended to be included in
It in this specification, is included within the scope of the invention, and by the protection of the appended claims.In description described in detail below
The other feature of the disclosed embodiments, and these characteristic roots will be apparent according to described in detail below.
As shown in Figure 1, for the invention proposes a kind of remote evidence obtaining systems based on cloud computing, comprising:
One or more remote terminals, the remote terminal is when evidence equipment is connected by virtual forensic tools to long-range
The evidence equipment in region carries out forensics analysis;With
Long-range processing forensic tools provide demand processing result to remote terminal according to the requirement of remote terminal;
Investigation center system, the investigation center propose trust and include:
Forensic analysis system, processing and demand processing result;
Legal medical expert's server system provides virtual forensic tools to remote terminal, and in remote terminal and evidence-taking and analysis system
Between relaying data communications.
The system, the evidence-taking and analysis system include:
Support the communication unit connecting with evidence obtaining server system and data communication;
Image generation unit is generated by using the data flow from remote terminal sent by evidence obtaining server system
Image forensic, and store the image forensic;
Unit of analysis uses legal medical expert's image analysis evidence;
Search unit carries out evidence search using image forensic;
Legal medical expert's server system is transferred to by evidence obtaining server system and by evidence obtaining server system by information is controlled
Remote unit.
The system, the investigation center system include:
Demand processing result is provided to remote terminal;It needs to handle remote terminal;
Laboratory/distributed system, resource needed for expansible evidence obtaining server system operation is provided.
The system, the expansible evidence obtaining server system include:
It supports and the connection of remote terminal and the communication unit of data communication;
Access controller controls the access authority of remote terminal;
Virtualization unit only provides virtual forensic tools when remote Manager has access authority;
Image generation unit generates image forensic by using the data flow from remote terminal;
Unit of analysis uses legal medical expert's image analysis evidence;
Search unit carries out evidence search using image forensic;
According to the analytical unit of image forming unit, analytical unit and search unit, to the control message of remote terminal,
The system, the expansible evidence obtaining server system include:
Server functions support the communication with remote terminal, and provide virtual forensic tools to remote terminal;
The Data Format Transform of multi-source data is internal form and generates image forensic by data input cell;
Data processing unit carries out evidence search and analysis to image forensic according to the request from remote terminal;
Data outputting unit provides the processing result of data processing unit to remote terminal;
Data Management Unit stores data in storage equipment or reads data under the control of data processing unit
Numerical data proves unit, demonstrate,proves to the data inputted from remote terminal and from the data that remote terminal provides
It is bright.
The system, the expansible evidence obtaining server system are the evidence obtaining services of cloud computing mode.
The system, the server functions include:
It supports and the connection of remote terminal and the communication unit of data communication;
Access controller controls the access authority of remote terminal;
Virtualization unit only provides virtual forensic tools when remote terminal has access authority;And
Support the processor controller of multiple remote terminal access.
Although describing the present invention by reference to various embodiments above, but it is to be understood that of the invention not departing from
In the case where range, many changes and modifications can be carried out.Therefore, be intended to foregoing detailed description be considered as it is illustrative and
It is unrestricted, and it is to be understood that following following claims (including all equivalents) is intended to limit spirit and model of the invention
It encloses.The above embodiment is interpreted as being merely to illustrate the present invention rather than limit the scope of the invention.It is reading
After the content of record of the invention, technical staff can be made various changes or modifications the present invention, these equivalence changes and
Modification equally falls into the scope of the claims in the present invention.
Claims (7)
1. a kind of remote evidence obtaining system based on cloud computing characterized by comprising
One or more remote terminals, the remote terminal is when evidence equipment is connected by virtual forensic tools to remote zone
Evidence equipment carry out forensics analysis;With
Long-range processing forensic tools provide demand processing result to remote terminal according to the requirement of remote terminal;
Investigation center system, the investigation center propose trust and include:
Forensic analysis system, processing and demand processing result;
Legal medical expert's server system provides virtual forensic tools to remote terminal, and between remote terminal and evidence-taking and analysis system
Relaying data communications.
2. the system as claimed in claim 1, which is characterized in that the evidence-taking and analysis system includes:
Support the communication unit connecting with evidence obtaining server system and data communication;
Image generation unit generates evidence obtaining by using the data flow from remote terminal sent by evidence obtaining server system
Image, and store the image forensic;
Unit of analysis uses legal medical expert's image analysis evidence;
Search unit carries out evidence search using image forensic;
Legal medical expert's server system is transferred to remotely by evidence obtaining server system and by evidence obtaining server system by information is controlled
Unit.
3. system as claimed in claim 2, which is characterized in that the investigation center system includes:
Demand processing result is provided to remote terminal;It needs to handle remote terminal;
Laboratory/distributed system, resource needed for expansible evidence obtaining server system operation is provided.
4. system as claimed in claim 3, which is characterized in that the expansible evidence obtaining server system includes:
It supports and the connection of remote terminal and the communication unit of data communication;
Access controller controls the access authority of remote terminal;
Virtualization unit only provides virtual forensic tools when remote Manager has access authority;
Image generation unit generates image forensic by using the data flow from remote terminal;
Unit of analysis uses legal medical expert's image analysis evidence;
Search unit carries out evidence search using image forensic;
According to the analytical unit of image forming unit, analytical unit and search unit, to the control message of remote terminal.
5. system as claimed in claim 3, which is characterized in that the expansible evidence obtaining server system includes:
Server functions support the communication with remote terminal, and provide virtual forensic tools to remote terminal;
The Data Format Transform of multi-source data is internal form and generates image forensic by data input cell;
Data processing unit carries out evidence search and analysis to image forensic according to the request from remote terminal;
Data outputting unit provides the processing result of data processing unit to remote terminal;
Data Management Unit stores data in storage equipment or reads data under the control of data processing unit
Numerical data proves unit, proves to the data inputted from remote terminal and from the data that remote terminal provides.
6. system as claimed in claim 5, which is characterized in that the expansible evidence obtaining server system is cloud computing mode
Evidence obtaining service.
7. system as claimed in claim 5, which is characterized in that the server functions include:
It supports and the connection of remote terminal and the communication unit of data communication;
Access controller controls the access authority of remote terminal;
Virtualization unit only provides virtual forensic tools when remote terminal has access authority;And
Support the processor controller of multiple remote terminal access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810857124.XA CN109165308A (en) | 2018-07-31 | 2018-07-31 | A kind of remote evidence obtaining system based on cloud computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810857124.XA CN109165308A (en) | 2018-07-31 | 2018-07-31 | A kind of remote evidence obtaining system based on cloud computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109165308A true CN109165308A (en) | 2019-01-08 |
Family
ID=64898426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810857124.XA Withdrawn CN109165308A (en) | 2018-07-31 | 2018-07-31 | A kind of remote evidence obtaining system based on cloud computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109165308A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602162A (en) * | 2019-08-06 | 2019-12-20 | 苏州龙信信息科技有限公司 | Terminal evidence obtaining method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20090127544A (en) * | 2008-06-09 | 2009-12-14 | 한국과학기술원 | The system for recogniging of user touch pattern using touch sensor and accelerometer sensor |
| US20110153748A1 (en) * | 2009-12-18 | 2011-06-23 | Electronics And Telecommunications Research Institute | Remote forensics system based on network |
-
2018
- 2018-07-31 CN CN201810857124.XA patent/CN109165308A/en not_active Withdrawn
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20090127544A (en) * | 2008-06-09 | 2009-12-14 | 한국과학기술원 | The system for recogniging of user touch pattern using touch sensor and accelerometer sensor |
| US20110153748A1 (en) * | 2009-12-18 | 2011-06-23 | Electronics And Telecommunications Research Institute | Remote forensics system based on network |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602162A (en) * | 2019-08-06 | 2019-12-20 | 苏州龙信信息科技有限公司 | Terminal evidence obtaining method, device, equipment and storage medium |
| CN110602162B (en) * | 2019-08-06 | 2022-11-01 | 苏州龙信信息科技有限公司 | Terminal evidence obtaining method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110008045B (en) | Method, device and equipment for aggregating microservices and storage medium | |
| US20110153748A1 (en) | Remote forensics system based on network | |
| US11240224B2 (en) | Systems, methods and apparatuses for identity access management and web services access | |
| US10819770B2 (en) | Content snip capture and sharing | |
| CN114144798A (en) | Security incident investigation event capture | |
| CN111949850B (en) | Multi-source data acquisition method, device, equipment and storage medium | |
| CN111629165B (en) | Alarm video processing method, device, equipment and storage medium | |
| CN112347165B (en) | Log processing method and device, server and computer readable storage medium | |
| CN114207614A (en) | Safety investigation platform | |
| CN111259282A (en) | URL duplicate removal method and device, electronic equipment and computer readable storage medium | |
| CN113285945B (en) | Communication security monitoring method, device, equipment and storage medium | |
| CN110232136A (en) | A kind of big data processing system based on cloud computing | |
| CN109165308A (en) | A kind of remote evidence obtaining system based on cloud computing | |
| Jambhekar et al. | Cloud computing security with collaborating encryption | |
| CN104933077A (en) | Rule-based multi-file information analysis method | |
| CN116432210B (en) | File management method and system based on security protection | |
| CN114175067A (en) | Incident survey workspace generation and survey control | |
| KR20110070767A (en) | Remote forensics system based on network | |
| CN113778709B (en) | Interface calling method, device, server and storage medium | |
| CN115309802A (en) | User distribution thermodynamic diagram acquisition method and device, electronic equipment and storage medium | |
| CN113542238B (en) | Zero trust-based risk judging method and system | |
| CN108075932B (en) | Data monitoring method and device | |
| US11835989B1 (en) | FPGA search in a cloud compute node | |
| CN111835852B (en) | Method for transmitting data between WEB page and FTP server and related equipment thereof | |
| CN117725441A (en) | Rights management method and device, readable storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20190108 |