Computer forensics is the crucial technology against computer crimes in network security. However, existing forensics methods or technology are inefficient and their stringencies are very poor. This paper proposed a novel dynamic computer forensics model based on artificial immune and real-time network fatalness (COMEM), which can vivify the crime scene. The definitions of self, non-self, and immunocyte in the network transactions were first given. Then, with the evolvement of mature detector and immature detector, the real-time network fatalness evaluation equations were built up, which can exactly compute holistic and each network attack of the host and network. Finally, computer forensics were carried out according to the value of real-time network fatalness and attack intensity. Both the theory analysis and experimental results prove that COMEM can primely reproduce the crime scene and acquire efficient evidences with low technique require to the technicians, which will provide a novel method for the computer forensics.

• 出版日期2012-6
• 单位广州大学; 乐山师范学院