随着计算机网络的发展,计算机犯罪现象呈现越来越严重化的趋势,为了获取犯罪证据,计算机取证问题近年也成为计算机领域的热门话题。针对目前对网络攻击取证多采用案发后再采集证据的不足,重点讨论了主动取证的工作模式,即在网络攻击的过程中完成预警和取证工作,HoneyPot就是解决此问题的一种技术。 With the development of computer networks, the phenomenon of computer crime is becoming more and more serious. In order to obtain criminal evidence, the issue of computer forensics has also become a hot topic in the computer field in recent years. Aiming at the shortcomings of using more evidence after cyber attack, this paper focuses on the working mode of proactive evidence collection. That is to say, early warning and forensics work are completed in the process of cyberattack. HoneyPot is a technique to solve this problem.