| 鉴定木马程序来源的两种方法 |
| |
| 引用本文: | 黄步根,黄政,赵兵. 鉴定木马程序来源的两种方法[J]. 中国司法鉴定, 2009, 0(3): 79-82 |
| |
| 作者姓名: | 黄步根 黄政 赵兵 |
| |
| 作者单位: | 1. 江苏警官学院,公安科技系,南京,210012
2. 南京市公安局,网警支队,南京,210005 |
| |
| 摘 要: | 分析木马源程序自身的特征,提出两种鉴别目标代码宿源的方法:根据其机器码和注册码的计算方式或者根据收信地址的保存方式和加密计算方式和参数进行鉴别。上述方法客观而高效。
|
| 关 键 词: | 木马 目标程序 电子证据鉴定 |
Two Methods for Identifying the Origin of Trojan Code |
| |
| HUANG Bu-gen,HUANG Zheng,ZHAO Bing. Two Methods for Identifying the Origin of Trojan Code[J]. Chinese Journal of Forensic Sciences, 2009, 0(3): 79-82 |
| |
| Authors: | HUANG Bu-gen HUANG Zheng ZHAO Bing |
| |
| Affiliation: | 1. Department of Farensic Science, Jiangsu Police Institute, Nanjing 210012, Chino; 2. Department of Network Security, Nanjing Municipal Public Security Bureau, Nanjing 210005, China) |
| |
| Abstract: | After analyzing the characteristics of Trojan source code, two methods for identifying the Trojan objective code are proposed. One is based on the algorithm for calculating the machine code and the register code, and the other is based on the storing method of the receiver address and the encryption algorithm and parameters. The two methods are objective and efficient. |
| |
| Keywords: | Trojan objective code electronic evidence identification |
| 本文献已被 维普 万方数据 等数据库收录! |
|
