Current network forensics systems are static and not real-time. In order to overcome the shortages, a dynamical network forensics model based on artificial immune theory and multi-agent theory, referred to as DNF, is introduced here. Comparing with traditional computer forensics methods, the new method provides the capacity that gathering real-time evidence dynamically as soon as network intrusions take place and saving the evidence in a safe way to prepare for the collection and analysis of the original evidence. In this paper, architecture of the model and the definitions of its components inspired by the immunity theory are given out. The experiment shows that it is able to insure the authenticity, integrality and validity of the digital evidence, and it is a new method for dynamic computer forensics.
展开▼
