The Study Of Digital Forensics Based On Rootkit Technology

The openness,virtuality,and rapidity of information technology determine the characteristics of cases,covertness,cross-regionality,infringement of the object's indefiniteness,and the seriousness of the consequences of violations.As a result,the People's Court has encountered many new situations and new problems in the process of handling all types of conflicts and disputes involving the Internet in accordance with the law.Among them,there are both problems in the determination of facts and problems in the application of laws.Electronic data forensics is an evolving field of research.The traditional post-forensics technology has been unable to adapt to the rapid development of information technology requirements due to the inability to timely detect crimes and prevent crimes.In order to fight crimes more quickly and effectively,it is necessary to collect and fix electronic data at the first time and at the first site.Real-time forensics is an effective way to solve such problems.Rootkit is a kind of real-time forensics technology.It can monitor the system online,capture the intruder's behavior and record it.Compared with other real-time monitoring tools,it can lurk in the system kernel and has more control over the operating system and the underlying hardware,which has the advantage of greater concealment.Although rootkit technology is a neutral technology,there is no good or bad in itself,but many hacking software also use this technology to invade the system,so there is no lack of rootkit technology in the malware.Because the rootkit-basedelectronic data forensics technology has powerful control functions as hacking software,the use of rootkits for forensics may be controversial.Whether the electronic data obtained based on Rootkit technology can be used as evidence in court is a question that needs to be explored.Therefore,while studying the use of Rootkit technology for forensics,it is necessary to think about its legitimacy.At present,there are few research results on the integration of real-time forensics technology and law by domestic and foreign scholars.In view of this,this paper takes Rootkit technology as the basic point and combines domestic and foreign scholars' research and interpretation on real-time forensics technology and evidence law,procedural law,cyber security law and other fields.It seeks to comprehensively,systematically,and comprehensively discuss the legality and effectiveness of electronic data obtained using Rootkit technology.This article first introduces the development status of electronic data forensics and related theories of electronic data and rootkit technology,and combines the international standards of forensics and the relevant provisions of China's “Network Security Law”,respectively,from the legal process of legality and technology.From the perspective of legitimacy analysis on operational procedures,the procedural rules for rootkit capture data are analyzed.The acquisition of electronic data evidence is mainly based on investigation organs in criminal cases,supplemented by social institutions;in civil cases,the parties themselves need to provide evidence.Regardless of the types of cases,the electronic data evidence obtained using Rootkit technology is the perfection and supplement of traditional electronic data,especially in the face of difficult and miscellaneous cases.When using the rootkit technology,the forensics subject is strictly regulated to ensure that the rootkit is only used for monitoring and forensics within a reasonable range of the law,and it is also important to not misuse and misuse.At the same time,the subject of forensics using Rootkit technology is strictly regulated to ensure that the rootkit is only used for monitoring and forensics within a reasonable range of laws.Then,the article conducts a demonstration of the objectivity,relevance and legitimacy of the electronic data captured by the Rootkit forensics technology.Through the application of analog private recording of audiovisual materials in judicial practice,the legitimacy of the capture of evidence by Rootkit technology is determined.Then discuss other legal issues involved in Rootkit forensics technology,including illegal evidence exclusion rules and issues involving privacy.Finally,the article looks into the prospects for the development of electronic data forensics.Electronic data forensics will exist in all aspects of social politics and economic life.It is an emerging and challenging field.Faced with the rapid development of information technology and the improvement of cybercrime techniques,the development of forensic technology will also advance with the times.Future stand-alone forensic tools will be replaced by a distributed integrated forensics system,supplemented by big data mining technology for in-depth analysis,and combined with artificial intelligence technology for intelligent automatic correlation,collision,and comparison.In order to reflect the real criminal process of cybercriminals.In this paper,through the research and analysis of Rootkit technology,as well as the study of the legality of the rootkit as a forensic means,the rootkit as a new forensics technology has gradually entered the field of vision,in order to provide new ideas for solving such problems.