DDCFS: A Distributed Dynamic Computer Forensic System Based on Network

With the increasing development of information technology, the computer crime problem is getting even serious. However traditional computer forensic that employs the static investigation after security events has inherent limitations. The authenticity, effectiveness and timeliness of the evidence are difficult to meet real needs. In order to solve the existing problems which static forensics technology has, this paper presents the design and implementation of DDCFS: a distributed dynamic computer forensics system based on network. Comparing with the traditional tools of the forensic system, it employs the work of gathering evidences of criminal actions before they occur or just they are ongoing, which avoid the evidence chain lose caused by traditional static forensic. It can improve the efficiency of the work of gathering evidences; enhance data integrity and timeliness of evidences. This paper describes the architecture, function and forensic procedure of DDCFS, and the implementation of the core module.