摘要： 设计了一种新的基于远程控制技术的计算机取证系统，提供了3种不同取证方法动态获取控制目标的电子证据，研究了文件隐藏、进程隐藏、注册表修改隐藏、端口反弹、数据加密等关键技术。实验表明，该系统能动态获取网上不同监控对象的电子证据，是当前取证技术的一种新思路。

关键词: 计算机取证, 远程控制, 电子证据, 动态获取

Abstract: A novel computer forensics system based on remote control technology is present. By using three different ways of evidence-obtaining and evidence-controlling for different subjects, the system can realize objective of dynamic obtaining electronic evidence of the monitored subjects, including the research on the key technologies of process hiding and file hiding, register modifying and hiding, ports back-bouncing, and data encrypting about the system as well. Experimental result shows that the system realizes the active obtaining evidence to the monitored subjects on the network by different applications, and it demonstrates that this is a new technical thinking in the current computer forensics technology.

Key words: computer forensics, remote control, electronic evidences, dynamic obtaining

中图分类号: 

• TP393