Application Layer Information Forensics Based on Packet Analysis

The work presented in this paper focuses on acquiring the original illegal information hidden in the network data traffic, to provide reliable digital evidence for the network crime cases. Directing toward the data transmission based on Web service, the paper designed a total-part type forensics modal, and implemented a passive network forensics system under the windows system. The technology and methods we applied are referred to as packet capture, packet filtration, protocol analysis, application date regeneration and so on. The system captures, disassembles, identifies and recombines the network information flow, restores the data into a standard format and makes the plaintext information of application layer reappear at last. The result of appraisal and application indicates the system can gain original transparent digital evidence and satisfy network forensics requirements, which provides strong support for solving the network crime cases.