How to catch the hacker intrusion site
divided by time, a crime is constituted by three parts the motive of the crime, the crime method and the consequences of the crime, so the detection also can start from these three parts respectively.
finally is the consequences, suspect computer crime always has its purpose, is nothing more than the name, the name often love to show off, but for profit is not abnormal income and expenditure, which will form a flaw, motivation and methods before, often can lock object.
followed by the crime analysis method, we can draw a lot of conclusions, is similar to everyone to see the "crime scene investigation" in the blood, trajectory and DNA are analyzed, such as the 12306 happened not long ago drag library events, through comparison and analysis of the published database, get the attacker is to use existing "third party library workers" attacks hit the library "conclusion, this feature tracking through" third party social library to obtain criminal suspects. Another example of the attack tools (such as Trojans) analysis, language can draw the suspect’s platform, if the third party is to download, so we know often go to the website, these can be clues to solve the case. (of the United States several times China published evidence of hacking, of which there are a large number of tools for support
if the high IQ antisocial criminals, purely out of interest in random crime, this is the most headache.
actually happened a case: it was a denial of service attack game company, and then sell "denial of service" defence equipment, the attacker is very confident of their own technology, also did not leave traces of what, but the motivation analysis is very easy to lock the suspect, a raid directly got the evidence.
if the attacker did not leave a trace, is in fact equivalent to left traces, we can determine who is experienced master, not many people can fit the characteristics of the industry, can greatly shorten the suspect list.
first look at the motives, most difficult to solve is the motive of crime, such as walking in the street temporarily made a case, after coming home to turn over a new leaf, this case will often become "unsolved", unless the parties voluntarily admit or commit crimes again. Most of the crimes are motivated, conflict, benefit, show off the famous quarrel and so on, cases of computer crime, the detection process is often the first to analyze the motivation: denial of service attack, it will not be a competitor? Or before the altercation dispute users? Non normal turnover of employees? Wait, have the motivation by listing the suspects list, can effectively reduce the scope for further detection.
technology in computer can solve crimes in the role is enormous, in addition to said before "trace analysis", but also by the attack path tracing directly locate the attacker. In addition.