Abstract:

As a most commonly used network device, the router is closely intertwined with cyber crimes since its birth. The router either provides network transmission for cyber crimes or becomes the object of cyber crimes, which there are usually some clues and evidences of the cyber crime investigation in its memory. Because the router has hardware and software operating mechanisms of its own, specific forensic procedures are needed to extract and preserve the digital evidences completely and effectively. The article proves the important functions of routers forensic on cyber crime investigation, based on the introduction of router basic functions. The article introduces the methods and processes of checking, extracting, and preserving the configuration information and logs about backbone router, enterprise router and access router, introduces the main points of extracting and analyzing the routing table as well. The article also puts forward the method of obtaining evidences of intelligent router. The article shows the methods of extracting and preserving the data packets being transferred by router through port mirroring technologies, which achieves the complete forensic of router. At the end, according to the basic requirements and principles of cyber crime investigation and electronic data forensic work, considering the feature that the router data is easy to lose, not easy to extract, the article gives the notices to the routers forensic to ensure the comprehensiveness, objectivity and validity of digital evidences.

Key words: router, electronic data forensic, cyber crime