路由器取证研究  被引量：5

作　　者：韩马剑 

机构地区：[1]河北省公安厅,河北石家庄050000

出　　处：《信息网络安全》2016年第9期51-55,共5页Netinfo Security

摘　　要：路由器作为一种普遍应用的网络设备,从其诞生就与网络犯罪纠缠在了一起,或者为网络犯罪提供网络传输,或者成为网络犯罪的对象,其存储器中通常保存有网络犯罪侦查的线索和证据。由于路由器具有自身特定的软硬件运行机制,需要通过特定的取证流程才能完整有效地提取、固定其中的电子证据。文章在介绍路由器基本功能的基础上,分析了路由器取证对网络犯罪侦查的重要作用。文章分别探讨了骨干级、企业级、接入级路由器的配置、日志等电子数据信息的查看、提取、固定的方法和流程,介绍了提取、分析路由表的要点。此外,文章还提出了智能路由器的取证方法。文章阐述了通过端口镜像技术提取、固定路由器正在转发的数据包的方法,实现了对路由器的全面取证。文章最后结合网络犯罪侦查和电子数据取证工作的基本要求和原则,针对路由器数据易丢失、不易提取固定的特性,给出了路由器取证的注意事项,以保障路由器取证的全面性、客观性和有效性。As a most commonly used network device, the router is closely intertwined with cyber crimes since its birth. The router either provides network transmission for cyber crimes or becomes the object o f cyber crimes, which there are usually some clues and evidences o f the cyber crime investigation in its memory. Because the router has hardware and software operating mechanisms of its own, specific forensic procedures are needed to extract and preserve the digital evidences completely and effectively. The article proves the important functions of routers forensic on cyber crime investigation, based on the introduction of router basic functions. The article introduces the methods and processes of checking, extracting, and preserving the configuration information and logs about backbone router, enterprise router and access router, introduces the main points of extracting and analyzing the routing table as well. The article also puts forward the method of obtaining evidences of intelligent router. The article shows the methods of extracting and preserving the data packets being transferred by router through port mirroring technologies, which achieves the complete forensic of router. At the end, according to the basic requirements and principles of cyber crime investigation and electronic data forensic work, considering the feature that the router data is easy to lose, not easy to extract, the article gives the notices to the routers forensic to ensure the comprehensiveness, objectivity and validity of digital evidences.

关 键 词：路由器 电子数据取证 网络犯罪 

分 类 号：TN915.05[电子电信—通信与信息系统] D918.2[电子电信—信息与通信工程]