Trojan.docx

  • Uploaded by: Beat Seeker
  • 0
  • 0
  • November 2019
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Trojan.docx as PDF for free.

More details

  • Words: 466
  • Pages: 1
Trojan Defence : A forensic view

Trojan is identical to a virus, but it doesn’t replicate itself. Trojan attack into a free game or another in the computer doing damage or allowing someone from different location to take control. It can be used to take private information or make error in the system to future use or maybe simply destruct software and data. Trojan also called as a delivery mechanism that include a payload ( spyware, adware, a backdoor, batch file) . Backdoor is a function of authentication to obtain access to a computer. How trojan are made? Trojan created by Trojanmaking kits which known as wrappers. Wrappers means that they wrap the function of malicious software or program into another carrier software or program. Attacker can easily attack the software because they have the kit to create Trojan and the step is very simple to follow. Nowadays, we used different structure of a file which compressing the space in a file LIKE WinZip or Unix. Trojan can be hold and detected by AV . To protect software from Trojan, people make AV killers. But unfortunately, technology always changes and hackers know how to attack against AV killers. There are 2 kind of Trojan, detectable and undetectable. Trojan also part into three components like server, client and creation tool / kit. Server is the backdoor itself include another modules, Client is used to control from different location and Creation tool is used to configure behaviour of the backdoor. Trojan package can do camouflage as a AV killer to disable the AV engine in the user computer. By doing that attacker can access the user computer remotely. Trojan package also can deploy as firewall killer to disable personal firewall software in user computer. There are many method to deal with this computer crime. The rationale is volatile information such as network connections and data stored in memory are lost, the evidence on the hard disk should be compact. Considering a potential Trojan defence votatile information should be gathered, can be used to help investigator investigate offline. We can collect information from suspect system but we have to make sure that is legal and have a technical perspective. We can use the investigator machine to capture traffic from the suspected machine. There are device that able to extract the traffic also analyse the machine. We also can obtain information from investigation legally. After we gain the evidences, we gather information from the system using Window Forensic Toolchest (WFT). This tool will help to automated response also collect security information. This tool will also help to sort current time, listings, network information and registry information. WFT can do all this things because WFT uses a configuration file which we can add some additional information and get some alternative techniques.

More Documents from "Beat Seeker"