摘要
网络入侵型案件的侦查与取证工作较为复杂,涉及网站架构、日志分析、恶意代码分析等多种知识。办理此类型案件时,采用合适的侦查与分析方法,可以提高破案率与侦办效率。总结提出了网络入侵型案件的侦查思路与分析方法,将传统的入侵线索侦查与木马逆向分析相结合,结合实战案例,对网站的源代码文件与网站服务器日志文件进行分析,成功定位入侵者植入在网站源文件中的木马程序,并利用逆向分析的方法确定木马程序的功能,对此类案件的侦查与取证工作具有借鉴作用。
The investigation and forensic work of network intrusion cases is relatively complex,involving a variety of knowledge such as website architecture,log analysis,malicious code analysis and so on.When dealing with such cases,using appropriate investigation and analysis methods can improve the rate of solving cases and the efficiency of investigation.Summarizing and putting forward the investigation thinking and analysis method of network intrusion cases.Combining intrusion clue detection with trojan horse reverse analysis,and combining with actual cases,the source code files and server log files of the website are analyzed,and the trojan horse program embedded in the source files of the website is successfully located.The trojan horse program is processed and determined by using the reverse analysis method.The methods can be used for reference in the investigation and forensic work of such cases.
作者
刘禄源
Liu Luyuan(Department of Cyber Crime Investigation,Criminal Investigation Police University of China,Shenyang 110035, China)
出处
《信息技术与网络安全》
2019年第8期33-37,共5页
Information Technology and Network Security
基金
中国刑事警察学院研究生创新能力提升项目(2018YCYB20)
关键词
网络入侵
线索收集
木马
逆向分析
network intrusion
collection of clues
trojan horse program
reverse analysis
