The forensic sub-team of the Technology Crime Unit is divided into four teams: A, B, C, and D, and different teams have different positions for forensic identification of electronic data. Teams A and B are made up of new recruits and are responsible for general forensic matters of electronic data. Team C is responsible for forensic authentication of electronic devices such as smartphones and tablets. Finally, Team D is made up of the most experienced personnel, with at least five years of experience and a history of presence in Teams A, B and C. As a result, Team D is responsible for handling the most complex, serious and large-scale forensic matters.

Therefore, in these two cases, Qin Xiangwen, who belonged to Team A, was responsible for conducting electronic data forensics for the evidence computers involved in the case, while Luo Mengning, who belonged to Team C, was responsible for the part related to the mobile device.

Fu Liangtao and Luo Mengning each sat at the head of each side of the long table, and Pang Jitong sat next to Fu Liangtao.

As soon as he sat down, Fu Liangtao said to Luo Mengning, "Ah Ning, let's talk about Li Bingde's mobile phone analysis report first!" Speaking of this, Fu Liangtao paused, looked at Pang Jitong for a long time, and said, "Ajita...... Interested in your analysis!"

"Alright! Then I'll start with Li Bingde's mobile phone analysis!" Luo Mengning replied with a smile as she flipped through the notebook with the dark brown cover in her hand. Faintly visible, the details are neatly listed above, and it is obvious that sufficient preparations have been made for this meeting.

I only heard Luo Mengning say: "Li Bingde's mobile phone analysis report is not much different from the results of manual testing. Lee's habits of using online services and social media are similar to those we already know, and the communication records on his mobile phone confirm that his interpersonal relationships are consistent with the findings of the Campaign 1C team, and he has few friends other than his family."

"No discrepancies?" Pang Jitong couldn't help but ask suspiciously.

Luo Mengning glanced at Pang Ji and replied, "Yes."

Then, Luo Mengning turned to look at Fu Liangtao and said, "In terms of usage habits and human relationships, there is indeed no difference. I know what your doubts are...... Ah Tao, before you told me to pay special attention to the evidence about Li Bingde's close friends of the opposite sex. So, when I was analysing, I also paid special attention to the relevant evidence, especially when reviewing the content of social media communications. But nothing was found."

Hearing this, Fu Liangtao couldn't help frowning, wrote and drew in the manuscript, and asked, "So, are there any special discoveries in this analysis?"

"Yes!" Luo Mengning replied in a clear voice. Hearing this answer, Fu Liangtao and Pang Jitong both instantly lifted their spirits and sat up straight, which showed their expectations for what Luo Mengning was going to say next.

Luo Mengning continued, "When I was doing further analysis, I found a Trojan horse on Li Bingde's mobile phone. According to the design of this Trojan horse, it is supposed to be a variant of the malicious software 'Seven Points' that has been widely circulated among the hacker community."

Fu Liangtao is no stranger to this malware, which is not new and has been widely circulated since 2003. The original version of "Seven Points" has a series of features, including allowing attackers to remotely access system files, control the system's cameras and microphones, use passwords already stored in the system, change the tablecloth, and intercept sensitive information. Attackers can also receive email and instant message alerts when the user's device is connected to the network.

The malware is divided into three parts, namely the server, the client, and the server editor. The server part runs in the background of the victim's mobile phone or computer system, while the client part is operated by the attacker, allowing the attacker to remotely access or observe the victim's system. As for the server editor, this part allows the attacker to define the operational capabilities and the effectiveness of the infection. In addition, attackers are able to periodically change the connection port of the access device through the client, which makes the already stealthy Trojan more difficult to detect.

The most important point is that it is not difficult to try to infect the user's system, because the "seven points" can be sent via email or other attachments. At the same time, for this reason, this malware is very popular among the hacker community and has a certain popularity. This is especially true for hackers who only know how to use other hackers' malware products, but do not have the ability to develop their own malware.

"Have you confirmed that this variant of 'Seven Points' is not the one circulating on the Internet?" Fu Liangtao's first thought was this question, after all, it would help them determine the skill level of the malicious software author, and the possibility that the Trojan was related to the case.

Fu Liangtao thought about it, and felt that his question was not clear enough, so he continued: "I mean, have you submitted malware reports to Interpol and other jurisdictions with which we have mutual legal assistance agreements? Have you compared it with the malicious software download platforms that are open to the public on the Internet?"

Before Fu Liangtao's words fell, Luo Mengning rolled his eyes, took over angrily, and said, "Ah Tao, don't I know you yet? If I hadn't confirmed it, I wouldn't dare to discuss this discovery with you now......" In his words, he seemed to feel that Fu Liangtao's problem was a bit redundant, and his tone was unconsciously coquettish, which he had not had before.

Because of Luo Mengning's tone, Pang Jitong couldn't help but purse his lips with disdain and glanced at Fu Liangtao. Luo Mengning had a unique style with thin eyebrows and eyes, but Fu Liangtao was unmoved by Luo Mengning's attitude, and reconfirmed: "In this way, isn't this version of Seven Points circulating on the Internet?"

Fu Liangtao's businesslike tone made Luo Mengning glare at him again, and Luo Mengning changed back to a serious tone and continued: "Yes, this version of 'Seven Points' is not a version that can be taken from the Internet. Although there are many different versions on the Internet that can be accessed at will, after confirming it, I have not found the same one for the time being."

This Trojan horse program is undoubtedly a breakthrough for the investigation of Li Bingde's case.

If the Trojan horse is not circulating on the Internet, it means that the risk of Li Bingde accidentally inadvertently infecting the Trojan during his daily online activities is relatively low. It cannot be ruled out that this Trojan is circulating on the Internet on a small scale and has not yet been discovered, but because the Trojan does not have the ability to replicate itself, its transmission route is limited to other malicious software such as viruses.

In such a situation, there are pros and cons for them. The upside is that the work of finding the source of the infection is not too cumbersome, but the downside is that the people who spread the malware are relatively highly skilled.

Because of the ability to make changes to the function of the malware, it proves that the other party has a certain level of relevant technology.

"So what is the difference between this version and the version circulating on the Internet in terms of functionality?" Fu Liangtao asked. It is also helpful to understand the motivations of the attackers and to have a thorough understanding of the capabilities of the Trojan. After all, the attacker's motivation will be reflected in his needs, i.e. the functionality of the Trojan.

"That's where we pay attention. The editors of this variant have added the ability to collect keystrokes and intercept social media messages to the Trojan horse on the basis of the original." Luo Mengning replied.

The keystroke logging program runs in the background and records every keystroke entered by the user through the keyboard. As a result, most of the information collected by keystroke logging programs is personal information, credit card numbers, various login names and passwords, and other confidential information.

After hearing this, Pang Jitong couldn't help but sigh in surprise: "In this way, isn't the mobile phone completely a round-the-clock monitoring device? Who did Li Bingde offend?"