Dynamically real-time computer forensics paradiam with immune

Computer forensics is the crucial technology against computer crimes. However, existing forensics methods or technology are inefficient and their stringencies are poor. This paper proposed a novel dynamic computer forensics model (DAIP) based on artificial immune and real-time network fatalness, which can vivify the crime scene. The definitions of self, non-self, and immunocyte in the network transactions were first given. Then, with the evolvement of mature detector and immature detector, the real-time network fatalness evaluation equations were built up, which can exactly compute holistic and each network attack of the host and network. Finally, computer forensics was carried out according to the value of real-time network fatalness and attack intensity. Both the theory analysis and experimental results prove that DAIP can primly reproduce the crime scene and acquire efficient evidence with low technique require to the technicians, which will provide a novel method for the computer forensics in the future application.