| With the development of computer technologies and widely use of Internet, the quantity of computer crimes increases quickly. Because of the hidden nature of computer crime and the characteristics of anonymity, making the investigation of computer-related crime is very difficult. The backward judicial means, to a certain extent, contributed to the arrogance of computer-related crime. Computer crimes should be punished by law, and one of the key problems is the development of network-based computer technology.This paper studied several key technologies of achieving dynamic LAN evidence covertly, in the condition of knowing none of basic information with target LAN.First, this paper studied the technology of Blind LAN configuration information. It mainly discussed how to get the network configuration information and domain account information, then sensing live host and its operating system types and open port, final locating domain controllers. Second, this paper expounded getting the highest authority of target LAN and code implant technology. It mainly contributed to get the highest authority (domain controller or SYSTEM permissions of important server) in target LAN, and remote implantation evidence code, making the use of loopholes in Windows operating system and Microsoft SQL database system, network services weak password settings and ARP sniffer.Third, this paper studied the technologies of hidden operation and deletion evidence code itself. For the purpose of running evidence code under cover, it provided the techniques for replacing loaded DLLs of shared Svchost services for evidence code, deleting the evidence code itself, and avoiding active defense system detecting by bypassing register monitor.Fourth, it talks about technologies to get user's sensitive data and information, such as EFS certificate, automatic login password and mail data. |
PDF Full Text Request