摘要:
本文分析了传统计算机取证技术在分析恶意代码取证方面的薄弱环节和难点,提出了一个基于4级受信机制的计算机取证分析模型的可疑终端的恶意代码取证方法和以4级受信机制为基础的恶意代码分析原则。阐述了对可疑终端计算机的静态取证手段,并以4级受信体制为例,通过大量数据测试和验证,证明了4级受信应用在可疑终端的恶意代码取证中的可行性、准确率和效率。
苗得雨,康学斌,肖新光. 基于4级受信机制的可疑终端的恶意代码取证与分析[J]. 电信科学, 2011, 27(1): 105-109.
Deyu Miao,Xuebin Kang,Xinguang Xiao. Analysis and Forensics of Malware in Suspicious Computer Based on Four Class Trust Model Abstract This paper analyzes the weaknesses and difficulties of traditional computer forensics technology in the field of analyzing the malicious code evidentiary,proposes a suspicious computer forensics model based on four class trust mechanism. It describes a static forensics method for the suspicious terminals and by large amounts of experiments,shows the feasibility,accuracy and efficiency of four class trust mechanism in the application of malicious code forensics.[J]. Telecommunications Science, 2011, 27(1): 105-109.