| 基于木马的计算机监控和取证系统研究 |
| |
| 引用本文: | 史伟奇,张波云,刘运.基于木马的计算机监控和取证系统研究[J].计算机工程与设计,2007,28(10):2300-2302,2305. |
| |
| 作者姓名: | 史伟奇 张波云 刘运 |
| |
| 作者单位: | 湖南大学软件学院,湖南,长沙,410082;湖南公安高等专科学校计算机系,湖南,长沙,410006;国防科技大学,计算机学院,湖南,长沙,410073 |
| |
| 基金项目: | 湖南省科技攻关项目
,
公安部应用创新基金 |
| |
| 摘 要: | 阐述了常用动态取证工具和取证系统的特点,分析了取证模式及木马技术,设计了一种基于木马的计算机取证系统.通过木马的隐藏和抗查杀等关键技术的应用,取证系统能提供3种不同取证方法实现对监控目标的秘密、实时、动态取证.
|
| 关 键 词: | 木马 监控与取证 取证系统 取证代理 主动获取 电子证据 隐蔽通道 |
| 文章编号: | 1000-7024(2007)10-2300-03 |
| 修稿时间: | 2006-05-06 |
Computer monitor and forensics system based on Trojan |
| |
| SHI Wei-qi,ZHANG Bo-yun,LIU Yun.Computer monitor and forensics system based on Trojan[J].Computer Engineering and Design,2007,28(10):2300-2302,2305. |
| |
| Authors: | SHI Wei-qi ZHANG Bo-yun LIU Yun |
| |
| Affiliation: | 1. School of Software, Hunan University, Changsha 410082, China; 2. School of Computer, National University of Defense Technology, Changsha 410073, China; 3. Department of Computer, Hunan Public Security College, Changsha 410006, China |
| |
| Abstract: | First, the characters of common used dynamic computer forensics tools and forensics system are described, after the forensics model and Trojan technology are analyzed, a computer forensics system based on Trojan is designed then. By utilizing the key technologies such as the conceal of Trojan and anti-scanning, three different kinds of forensics methods are proposed to realized the secret, real-time and dynamic forensics of the monitored objects. |
| |
| Keywords: | Trojan monitor and forensics forensics system forensics agent active obtaining electronic evidences covert channel |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
