摘要 |
PROBLEM TO BE SOLVED: To provide digital forensics capable of efficiently executing identification of an illicit actor in a method capable of verifying evidential property with the reliability of identification being hardly influenced by human elements. SOLUTION: Continuous monitoring 1 is performed in the stage of network forensics 12, and filtered 2 in a predetermined condition to detect abnormality. In the event of abnormality 4, log analysis 5 is performed to the abnormality to narrow down the outline of the abnormality and an object terminal. An examination object terminal 6 that is the narrowing down result by the network forensics 12 is obtained, and the process is transferred to the stage of computer forensics 13, in which perpetuation of evidence 7 of the narrowed down terminal is performed, and analysis 8 is executed to data for the perpetuation of evidence. In the analysis 8, examination priority order is determined in reference to a log analysis result 5 to efficiently progress the examination. An evidence report 9 for the fact obtained by the analysis 8 is finally created. COPYRIGHT: (C)2006,JPO&NCIPI |