Method and program for forensic acquisition of evidence data through security bypass

摘要

The present invention relates to a technical idea of acquiring evidence data in a forensic manner through security bypass, and the forensic acquisition method through security bypass according to an embodiment is a link pointed to by the epole data structure that referred to the weight variable in the binder thread data structure. obtaining an access right to the kernel memory area by changing the accessible address restriction variable in the task structure data structure using Searching, overwriting the searched data of the main data structure with a new value to bypass the security function and preparing to execute the desired function, and executing the overwritten new function, evidence recorded in the security area It may include collecting data.