|
English
|
正體中文
|
简体中文
|
全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42804511
線上人數 : 1063
|
|
|
資料載入中.....
|
請使用永久網址來引用或連結此文件:
http://ir.lib.ncu.edu.tw/handle/987654321/59908
|
題名: | 資料外洩行為鑑識分析之研究 – 以微軟視窗作業系統為例 |
作者: | 楊志強;Yang,Chi-Chiang |
貢獻者: | 資訊管理學系在職專班 |
關鍵詞: | 數位證據;數位鑑識;資訊安全;鑑識程序;Digital Evidence;Digital Forensics;Forensic Procedures;Information Security |
日期: | 2013-05-19 |
上傳時間: | 2013-06-19 15:26:17 (UTC+8) |
出版者: | 國立中央大學 |
摘要: | 當企業需面對各種新法規的規範,如沙賓法案、新版個資法等法規的祭出,加上現代經濟模式創新,公司無不投入大量心力從事產品創新,是故大量的研發經費與人力投入研發,如何保護公司研發機密資料?加上一些國際級大公司及政府機關受駭客攻擊事件頻傳,機密資料洩漏與商譽資金的損失一件比一件重大,各大企業無不紛紛重新審視企業內部的網路安全機制,從公司電腦主機的機密資料保護,也加上各種網路資訊安全保護措施,進而採取各種加密技術等等,無不想進一步防止資安事件的發生。也因為如此,國外行之有年的數位鑑識科學,近幾年也漸漸受到政府及企業的重視,因為資安事件能防則防,如果資安事件發生了,也需要有能力知道到底發生了甚麼事、如何發生的、影響範圍多大、如何估計損失與採取立即的防範措施與事後檢討長期的解決方案。本研究以一般企業使用最多的電腦系統MS-Windows作業系統為研究平台,透過以實作方式,進行資料洩漏管道的案例模擬,以數位鑑識工具探討與分析各種資料洩漏行為在電腦上留下那些跡證。加上數位鑑識的採證流程探討,進行數位證據的採證,並以時間序列來分析各種不同型態的證據、事件時間與該行為關係之間的差異性,佐以文獻探討,期能導出鑑識結果與提出相關建議供企業資安單位參考。研究結果發現透過檔案資料時間異動記錄大多可以在作業系統上找出相關跡證,只是需要在不同的工具間進行人、事、時、地、物的證據比對,而資料洩漏行為需看該行為是否在作業系統稽核紀錄上是否有相對應的稽核設定。此方面企業可以視個別業務單位的需要,啟用作業系統相關的稽核機制,進行資料保護稽核措施,或者編列預算,評估與採購國際法庭認可的商業資安軟體,可以補足並提供企業必要時的證據。Enterprises are confronted with regulations, such as Sarbanes-Oxley Act and the new Personal Privacy law in Taiwan, as well as the requirement of increasing R&D investment in product innovation. In order to protect the confidential financial, personal and R&D information, multinational companies and government agencies, with growing attacks by hackers, all have to re-examine their internal network security for the protection of confidential information, e.g. evaluating data encryption technology to prevent information leakage. Moreover, the government and businesses have realized the importance of digital forensics in recent years. They need to have such capabilities as knowing when and how a hacking event happened, its impact and damage and what immediate and long-term solutions to take.In this study, MS-Windows 7 operating system was used as the research platform, on which traces of data leakage cases were analyzed by various digital forensics tools. By collecting and analyzing evidences from different sources with time stamped, this study was able to validate the forensics results and make recommendations for information security departments of the government and business organizations. It is found that the time related records of files contained in the operating system are not enough to put all relevant, indirect evidences together. The research recommends the organizations, depending on their needs, can enable related audit trails or adopt commercial security products, recognized by international courts, for more solid evidence establishment. |
顯示於類別: | [資訊管理學系碩士在職專班 ] 博碩士論文
|
文件中的檔案:
檔案 |
描述 |
大小 | 格式 | 瀏覽次數 |
index.html | | 0Kb | HTML | 1060 | 檢視/開啟 |
|
在NCUIR中所有的資料項目都受到原著作權保護.
|
::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::