隨著科技時代進步,網路也提供人們許多便利性,不僅讓眾多企業帶來商機,也導致被用於犯罪的工具,使得電腦網路犯罪問題逐年累增,例如:竊取公司機密、阻斷服務攻擊、被植入惡意程式等犯罪事件發生,因此現在公司需增加一套完善的系統在犯罪事件發生後立即有效處理電腦鑑識的流程,一但犯罪事件發生,需要有追蹤犯罪電腦之作業程序的能力及技術,可以在最短的時間有效及快速地找到公司內部來源端電腦及犯罪者。本文提出的系統是由三種不同軟體所組成,先將犯罪者的電腦系統備份,並對備份完成的系統進行蒐集、分析Log、索引查詢,簡化過去繁鎖且沒效率的調查工作,並透過Cuckoo Sandbox沙盒分析,了解程式執行動向進而產生文件報表。
With the advances in the technology era, the Internet has provided tremendous convenience. Apart from bringing business opportunities for enterprises, the Internet has also become a criminal tool for unscrupulous people, which has increased the problem of cybercrime year by year, such as stealing confidential information, denial-of-service (DoS) attacks, malware implantation, and relevant crimes. Therefore, enterprises are suggested to install a comprehensive system that could implement the process of digital forensics effectively and immediately right after encountering a cybercrime. Once a cybercrime happened, it requires a processing system with sufficient capability and techniques to track the computers that involve in the crime, which enables the company to find the source computer internally and the criminal efficiently and effectively in the shortest time. The system this study offers consists of three different kinds of software, it back the computer system of the criminal up and conduct investigation processes of searching, analyzing logs, and index scanning; the system simplifies the old cumbersome and inefficient investigation process to understand the execution tendencies of the software and produce reports through Cuckoo Sandbox Analysis.
為了持續優化網站功能與使用者體驗,本網站將Cookies分析技術用於網站營運、分析和個人化服務之目的。
若您繼續瀏覽本網站,即表示您同意本網站使用Cookies。