针对目前网络取证的特点和技术挑战,提出和设计了一种基于Bloom filter引擎的分布式网络取证系统.该系统以Bloom filter引擎为核心,能够实时的对网络原始数据进行过滤,映射压缩和存储,捕获完整的证据,节省存储空间,有效支持网络取证的事后分析查询.%Aiming at technical challenges of network forensics at present,a distributed network forensics system based on the Bloom filter engine was proposed and designed.The system with the Bloom filter engine as the core can filtrate,memory-map raw network data for compression,capture complete evidence,save storage space,and help with post-event investigation of network forensics.
展开▼
