鉴定木马程序来源的两种方法

›› 2009 ›› Issue (03): 79-82.

鉴定木马程序来源的两种方法

黄步根;黄政;赵兵;

江苏警官学院公安科技系;南京市公安局网警支队;

Two Methods for Identifying the Origin of Trojan Code

HUANG Bu-gen1, HUANG Zheng2, ZHAO Bing2(1.Department of Forensic Science, Jiangsu Police Institute, Nanjing 210012, China;2.Department of Network Security, Nanjing Municipal Public Security Bureau, Nanjing 210005, China)

摘要/Abstract

摘要： 分析木马源程序自身的特征,提出两种鉴别目标代码宿源的方法:根据其机器码和注册码的计算方式或者根据收信地址的保存方式和加密计算方式和参数进行鉴别。上述方法客观而高效。

关键词: 木马, 目标程序, 电子证据鉴定

Abstract: After analyzing the characteristics of Trojan source code, two methods for identifying the Trojan objective code are proposed.One is based on the algorithm for calculating the machine code and the register code, and the other is based on the storing method of the receiver address and the encryption algorithm and parameters.The two methods are objective and efficient.

Key words: Trojan, objective code, electronic evidence identification

黄步根;黄政;赵兵;. 鉴定木马程序来源的两种方法[J]. , 2009(03): 79-82.

HUANG Bu-gen;HUANG Zheng;ZHAO Bing(.Department of Forensic Science;Jiangsu Police Institute;Nanjing 00;China;.Department of Network Security;Nanjing Municipal Public Security Bureau;Nanjing 000;China). Two Methods for Identifying the Origin of Trojan Code[J]. , 2009(03): 79-82.

[1]	秦玉海, 杨嵩, 候世恒. Android平台木马的检验鉴定[J]. , 2017, 92(3): 52-55.
[2]	台治强. 规制电子证据鉴定的几个基本问题 [J]. 中国司法鉴定, 2012, 61(2): 82-83.