论文部分内容阅读
近年来网络犯罪数量呈快速上升的势头,但是却缺乏一种有效的取证方法来处理这些案件。调查人员通常依靠调查大量繁琐的源代码来了解犯罪模型及提取证据,但这种方式需要很多的人力与时间,并可能导致人为错误。为了克服调查人员可能出现的这些潜在错误,我们在本文中提出了一种半自动的方法来解决这些问题。该方法集成了用户视图(基于取证调查人员的高级别研究)和系统视图(基于对源代码的自动分析),来帮助调查人员精确调查的范围。本文应用此方法分析了一个真实案件,证明了方法的可行性,同时帮助调查人员高效地确定了调查范围和犯罪模型。可见这种半自动方法可以对大量有多个来源的电子证据进行有效分析,提高了网络犯罪案件取证的效率和可靠性。
The number of cybercrime has shown a rapid increase in recent years, but there is a lack of an effective way to obtain evidence to handle these cases. Investigators often rely on investigating a large amount of cumbersome source code to understand criminal models and extract evidence, but this method requires a lot of manpower and time, and may lead to human error. To overcome these potential errors that investigators may encounter, we propose a semi-automated approach to address these issues in this article. The approach integrates user views (based on high-level forensics investigators’ research) and system views (based on automated analysis of source code) to help investigators pinpoint the extent of the investigation. This article uses this method to analyze a real case, proving the feasibility of the method and helping investigators to efficiently determine the scope of the investigation and the crime model. It can be seen that this semi-automatic method can effectively analyze a large number of electronic evidence with multiple sources and improve the efficiency and reliability of evidence-gathering in cybercrime cases.