摘要
目前,网络犯罪现场日益复杂,尤其是出现了各种网络应用服务器,要求侦查员能够快速识别并勘查各类应用服务器。文章提出了在局域网内如何侦查应用服务器的方法,包括网站服务器中网站源代码的获取方法、如果遭到攻击该如何在获取分析网站访问日志来定位攻击者;数据库服务器的调查重点,包括数据文件、事物日志文件、错误日志文件的获取固定方法,为办案人员快速恢复还原数据库提供帮助;文章最后通过实例验证方式介绍了调查FTP应用服务器及无盘工作站服务器登录用户及登录者操作信息的调查方法。
Currently, the network crime scene has become increasingly complex, especially the emergence of a variety of network application servers, requiring investigators to identify and explore these application servers quickly. This paper provides how to detect application servers in LAN, including the method of getting website source code and if attacked how to obtain and analysis the access logs of website to locate the attacker; Survey Highlights of database servers includes getting and fixing data files, transaction log files and error log files to help investigators recovering databases quickly; Finally, this paper presented methods of investigating FTP application servers and Diskless workstation servers viewing login user and operating information by tested in examples.
出处
《信息网络安全》
2013年第11期71-75,共5页
Netinfo Security
基金
公安部应用创新项目[2011yycxxjxy119]