Since the Trojan malware usually invades computing facilities secretly and eavesdrops on important information, it is very necessary to master the Trojan behavior, communication mechanisms and the way of eavesdrop, which can support the valuable intelligence clues for the network crime investigation. According to the characteristics of Trojan malware, this paper discusses the basis process of Trojan forensics investigation combing with experience of the network security department of public security organs. Meanwhile, it also introduces the common tools and methods for malware investigation. This paper describes some actual cases about the Trojan malware investigation technology involved the application in the network crime.%木马等恶意软件已经成为网络违法犯罪分子经常利用的作案工具。勘查木马恶意软件可以掌握木马行为、传播机理和信息窃取途径,进而为涉网案件侦办工作提供有价值的情报线索。文章简要分析了木马的功能特点、工作机理和关键技术,针对木马恶意软件的技术特点,紧密结合公安机关网络安全保卫部门的工作实际,研究探讨了木马勘查取证的基本流程、常用工具与方法,并用实例讲述了木马勘查分析技术在涉网案件侦办中的应用。
展开▼
