网页挖矿木马的取证方法

Research on Forensic Methods of Web Mining Trojan

网页挖矿木马因其具有较高的隐蔽性和传播性,已成为全球最主要的网络安全威胁之一。目前,针对网页挖矿木马的取证流程及技术方法仍不健全。通过梳理在Android、Windows以及Linux等不同操作系统中的取证流程,可以发现基于网络数据层、网页代码层、可信时间戳、其他木马固定的“四维取证”方法不失为一种针对网页挖矿木马的有效取证方法。

Web mining trojans have become one of the most important network security threats in the world because of their high concealment and propagation.At present,the forensics process and technical methods for web mining trojans are still not perfect.By combing through the forensics process in different operating systems such as Android,Windows and Linux,it can be found that the"four-dimensional forensics"method based on the network data layer,the web code layer,the trusted time stamp and other trojans is an effective forensics method for web mining trojans.