共查询到20条相似文献,搜索用时 281 毫秒
2.
为了保证网络证据的可采性,网络取证在遵循证据的客观性、关联性和合法性三个基本原则之外,还必须遵守一定的程序和步骤。国内外学者建立了诸多网络取证过程模型,但是从网络发展趋势来看,网络取证模型不必强调统一、通用性,应该针对特定的环境分别制定网络取证过程模型。 相似文献
3.
网络取证中的若干问题研究 总被引:1,自引:0,他引:1
为了保证网络证据的可采性,网络取证在遵循证据的客观性、关联性和合法性三个基本原则之外,还必须遵守一定的程序和步骤.国内外学者建立了诸多网络取证过程模型,但是从网络发展趋势来看,网络取证模型不必强调统一、通用性,应该针对特定的环境分别制定网络取证过程模型. 相似文献
4.
为了保证网络证据的可采性,网络取证在遵循证据的客观性、关联性和合法性三个基本原则之外,还必须遵守一定的程序和步骤.国内外学者建立了诸多网络取证过程模型,但是从网络发展趋势来看,网络取证模型不必强调统一、通用性,应该针对特定的环境分别制定网络取证过程模型. 相似文献
5.
为了保证网络证据的可采性,网络取证在遵循证据的客观性、关联性和合法性三个基本原则之外,还必须遵守一定的程序和步骤.国内外学者建立了诸多网络取证过程模型,但是从网络发展趋势来看,网络取证模型不必强调统一、通用性,应该针对特定的环境分别制定网络取证过程模型. 相似文献
6.
视频取证技术研究进展 总被引:1,自引:0,他引:1
由于近年来多媒体采集设备和影像处理工具的普及和广泛应用,人们可以轻易对图像和视频进行篡改。利用恶意篡改的图像和视频进行敲诈勒索的案件日益增多,判断监控系统拍摄或者网上下载的图像和视频的原始性和真实性成了迫切需要解决的问题。之前的研究工作多集中在图像取证领域,对视频取证的研究近几年刚刚开始。和图像相比,视频数据量大,数据格式复杂,存储压缩因子高,对取证算法的计算要求高;不过,由于视频在编码方式、时空特性、篡改手段上都有着鲜明的特点,视频取证有更为丰富的研究内容和更为广阔的应用前景。研究人员利用视频采集和压缩编码过程中的特性,以及篡改手段带来的痕迹,对视频篡改检测方法进行了相关探索,取得了一些成果。先前的综述文献大都集中在图像取证领域,只有少数细节涉及到视频取证分析,本文对视频取证技术进行了综述。鉴于某些图像取证技术可用于视频单帧图像取证分析,本文第一部分首先介绍了图像取证相关技术如相机参数、压缩和物理几何不一致取证等。接着对已经提出的视频取证技术,按照采集、压缩和篡改方式进行分类,对它们的原理和优缺点进行了综述,并对反取证技术的相关研究工作进行了介绍。第二部分重点介绍视频采集过程以及辨识视频采集设备的一些方法。第三部分对因编码参数、编码标准以及压缩次数等视频编码过程的不同而遗留的痕迹进行了探讨。第四部分将介绍基于检测视频采集和编码痕迹不一致的取证分析方法,以及揭示篡改遗留痕迹的方法。图像视频压缩检测取证方法的发展始终伴随着相应反取证方法的研究,因此第五部分对视频反取证方法做了介绍。视频取证已经逐渐成为一个研究热点,得到越来越多的研究和关注,仍有许多未知的领域等待更加深入的研究和探索。 相似文献
7.
8.
网络传销犯罪案件具有涉案人员众多、涉案金额巨大、运作模式新型等特点,侦查取证难度较大。网络传销犯罪案件要在全案证据和核心证据、构成要件证据、犯罪嫌疑人供述、证人证言、被害人陈述等证据的收集中,紧密围绕构建定案证据体系展开,突出取证重点,紧扣取证核心,缜密开展侦查取证,同时,还要注意证据的合法性等问题。 相似文献
9.
随着计算机深入千家万户,成为人们工作和生活不可缺少的一部分之后,计算机犯罪也以网络入侵、网络诈骗、网络盗窃和盗用知识产权等各种形式出现。打击计算机犯罪的关键是如何将犯罪者留在计算机及相关设备中的“电子痕迹”作为有效的诉讼证据提供给法庭,以便将犯罪者绳之以法,成为目前人们研究、关注及迫切解决的技术问题,这即是计算机电子证据取证技术。它是取证技术人员使用软件和工具,全面地检查计算机系统,以提取有关计算机犯罪的电子证据,并对该证据进行的确定、收集、保护、分析、归档以及法庭出示的过程。1电子证据的特点计算机电子… 相似文献
10.
论网络监控取证的法律规制 总被引:1,自引:0,他引:1
网络监控是当前司法实践中一种全新的取证措施,在世界范围内得到了广泛运用,同时也引发了一系列的法律障碍。对网络监控取证进行法律规制,首先需要明确相应的程序,这种取证措施应当至少包含“授权”、“证据收集”、“证据分析与提交报告”三个阶段。其次,网络监控取证需要重点解决以下四个法律问题:明确审批主体与审批标准、合理界定监控的范围、厘清所获证据的证据能力、实现与隐私权保护的价值平衡。 相似文献
11.
《Digital Investigation》2014,11(2):102-110
Anti-forensics has developed to prevent digital forensic investigations, thus forensic investigations to prevent anti-forensic behaviors have been studied in various area. In the area of user activity analysis, “IconCache.db” files contain icon cache information related to applications, which can yield meaningful information for digital forensic investigations such as the traces of deleted files. A previous study investigated the general artifacts found in the IconCache.db file. In the present study, further features and structures of the IconCache.db file are described. We also propose methods for analyzing anti-forensic behaviors (e.g., time information related to the deletion of files). Finally, we introduce an analytical tool that was developed based on the file structure of IconCache.db. The tool parses out strings from the IconCache.db to assist an analyst. Therefore, an analyst can more easily analyze the IconCache.db file using the tool. 相似文献
12.
Anti-forensic technology can play an effective role in protecting information, but it can make forensic investigations difficult. Specifically, file-wiping permanently erases evidence, making it challenging for investigators to determine whether a file ever existed and prolonging the investigation process. To address this issue, forensic researchers have studied anti-forensic techniques that detect file-wiping activities. Many previous studies have focused on the effects of file-wiping tools on $MFT, $LogFile, and $DATA, rather than on Windows artifacts. Additionally, previous studies that have examined Windows artifacts have considered different artifacts, making it difficult to study them in a comprehensive manner. To address this, we focused on analyzing traces in 13 Windows artifacts of 10 file-wiping tools' operations in the Windows operating system comprehensively. For our experiments, we installed each file-wiping tool on separate virtual machines and checked the traces that the tools left behind in each artifact. We then organized the results in a database format. Our analysis revealed that most of the tools left traces on other artifacts, except for JumpList, Open&SavePidlMRU, and lnk. There were also some cases where traces remained on the other three artifacts. Based on our research, forensic investigators can quickly identify whether a file-wiping tool has been used, and it can assist in decision-making for evidence collection and forensic triage. 相似文献
13.
Recently, several new resampling operators have been proposed and successfully invalidate the existing resampling detectors. However, the reliability of such anti-forensic techniques is unaware and needs to be investigated. In this paper, we focus on the forensic identification of digital image resampling operators including the traditional type and the anti-forensic type which hides the trace of traditional resampling. Various resampling algorithms involving geometric distortion (GD)-based, dual-path-based and postprocessing-based are investigated. The identification is achieved in the manner of semi non-intrusive, supposing the resampling software could be accessed. Given an input pattern of monotone signal, polarity aberration of GD-based resampled signal's first derivative is analyzed theoretically and measured by effective feature metric. Dual-path-based and postprocessing-based resampling can also be identified by feeding proper test patterns. Experimental results on various parameter settings demonstrate the effectiveness of the proposed approach. 相似文献
14.
This paper investigates whether computer forensic tools (CFTs) can extract complete and credible digital evidence from digital crime scenes in the presence of file system anti-forensic (AF) attacks. The study uses a well-established six stage forensic tool testing methodology based on black-box testing principles to carry out experiments that evaluate four leading CFTs for their potential to combat eleven different file system AF attacks. Results suggest that only a few AF attacks are identified by all the evaluated CFTs, while as most of the attacks considered by the study go unnoticed. These AF attacks exploit basic file system features, can be executed using simple tools, and even attack CFTs to accomplish their task. These results imply that evidences collected by CFTs in digital investigations are not complete and credible in the presence of AF attacks. The study suggests that practitioners and academicians should not absolutely rely on CFTs for evidence extraction from a digital crime scene, highlights the implications of doing so, and makes many recommendations in this regard. The study also points towards immediate and aggressive research efforts that are required in the area of computer forensics to address the pitfalls of CFTs. 相似文献
15.
Lydia ter Haar-Pomp Marinus Spreen Beate Volker Stefan Bogaerts 《The journal of forensic psychiatry & psychology》2019,30(1):53-75
This study explored to what extent the composition and structure of personal networks of personality-disordered forensic psychiatric patients changed before and after forced confinement in a forensic psychiatric centre. Semi-structured in-depth interviews with 36 patients and selected members of their networks were examined. During forensic psychiatric treatment, patients reported a decrease in network size, in the number of high-risk network members, and in the number of social ties between these high-risk network members. Personal relationships were of shorter duration, with lower levels of contact frequency and reciprocity. No changes were observed in the patients’ companionship, practical and emotional support networks. During forensic psychiatric treatment, patients reported some new relationships, especially with persons outside the forensic psychiatric centre. Information on compositional and structural personal network factors over time helps forensic mental health professionals to properly assess and manage the important dynamic social network conditions associated with recidivism. 相似文献
16.
17.
《Science & justice》2022,62(2):229-238
Forensic soil comparisons can be of high evidential value in a forensic case, but become complex when multiple methods and factors are considered. Bayesian networks are well suited to support forensic practitioners in complex casework. This study discusses the structure of a Bayesian network, elaborates on the in- and output data and evaluates two examples, one using source level propositions and one using activity level propositions. These examples can be applied as a template to construct a case specific network and can be used to assess sensitivity of the target output to different factors and identify avenues for research. 相似文献
18.
There are an abundance of measures available to the standard digital device users which provide the opportunity to act in an anti-forensic manner and conceal any potential digital evidence denoting a criminal act. Whilst there is a lack of empirical evidence which evaluates the scale of this threat to digital forensic investigations leaving the true extent of engagement with such tools unknown, arguably the field should take proactive steps to examine and record the capabilities of these measures. Whilst forensic science has long accepted the concept of toolmark analysis as part of criminal investigations, ‘digital tool marks’ (DTMs) are a notion rarely acknowledged and considered in digital investigations. DTMs are the traces left behind by a tool or process on a suspect system which can help to determine what malicious behaviour has occurred on a device. This article discusses and champions the need for DTM research in digital forensics highlighting the benefits of doing so. 相似文献
19.
嗜尸性昆虫的准确鉴定是应用昆虫判断死亡时间的先决条件,但是昆虫的鉴定只有相关类群的昆虫专家能够鉴定。DNA条形码(DNA Barcoding)技术是利用一个或少数几个DNA片段对地球上现有物种进行识别和鉴定的一项新技术。这一技术给生物分类研究带来了空前的繁荣,同时也给法医昆虫学中各昆虫种类的鉴别研究带来新的动力。 相似文献