电子邮件真实性鉴定方法探索

2012年3月14日通过的《刑事诉讼法》中将“电子数据”确立为一种证据种类。由于电子数据容易复制和修改,通常需要对其进行真实性鉴定后才能作为证据采信。我国电子数据司法鉴定相关技术的研究起步较晚,体系建设不完全。通过选取电子数据真实性鉴定中最常见的电子邮件,结合实际案例中积累的实践经验,对电子邮件真实性鉴定方法进行一系列的探索和归纳．旨在促进行业内技术交流,推进研究成果向实际应用的转化。     

系统鉴定法检验可疑文件真伪1例

1案例资料 1．1简要案情 2004年,临江某木业公司持一份该公司与长春市某家具有限公司签定的关于还款与质量处理协议,起诉至法院,要求家具有限公司偿还拖欠的货款。家具有限公司对《协议》的真伪产生疑义,提请鉴定。法院将此协议送我单位鉴定。     

利用邮件头分析电子邮件的真伪

目的通过分析电子邮件头,鉴别电子邮件的真伪,为电子邮件的真实性鉴定提供一些技术方法。方法运用邮件头的关键字段的构建机制对电子邮件的邮件头进行分析处理。结果示例邮件的邮件头的多处关键字段按照邮件传递时间和邮件传递地址的分析,不符合正常规律,系伪造的电子邮件。结论利用邮件头分析电子邮件不仅为确保电子邮件证据的证据效力提供了强有力的支持,也为获取破案的线索提供了条件。     

图像真伪鉴定内涵

伪造图像检验日益成为一个研究和应用的热点。但是目前针对图像的真伪及其鉴定方法还没有较清晰的界定。尤其在物证鉴定领域,在方法相对缺乏,而实际需求日趋增长的情况下,如何有效地对具体案件检材进行检验是我们在司法活动中遇到的巨大挑战。本文根据作者在相关检验中所遇问题做出的一些思考,结合工作实际,对图像真伪鉴定的内涵进行探讨。     

电子邮件

瑞士加强对垃圾电子邮件的管理力度，新型垃圾邮件风波再起，新加坡颁布反垃圾邮件法最高罚65万。     

法医学鉴定中伪造病历问题分析

由于人员素质的问题,医院方某些人员为了利益驱动,或推卸医疗责任,可能在各种病历资料中进行添加、更换、涂改,以达到损人利已的目的。在法医学鉴定中,应注意鉴别,其关键是重视当事人的质疑,鉴定人员细致审查。同时,防范这类行为则是更为重要的。建议加强从业人员的教育,规范病历书写、管理制度,加强责任追究,加大处罚力度。     

电子邮件

中国反垃圾邮件有成效从中国发出的垃圾邮件仅占全球垃圾邮件的7．5％；浙江立法拟对擅发广告电邮者罚款；德国专家告诫网民勿在个人网站公布电邮地址；     

鉴定——揭开珠宝真伪之谜

本文著重介绍了我国珠宝玉石鉴定工作的发展和现状.随著珠宝玉石市场日益繁荣,合成宝石和人工处理宝玉石大量投放市场,一些不法之徒乘机以假乱真,以次充好,谋取暴利,诈骗案件屡有发生.本文通过剖析一些案例,说明珠宝玉石鉴定对于规范市场,保护消费者和守法经营者利益,维护法制权威,起著至关重要的作用.     

注意委托鉴定要求以外的伪造现象

作为物证鉴定技术的文件检验,其根本目的是揭露案件事实真相,为打击犯罪和维护公民的合法权益提供法律保障。但在实际检案中有时会遇到这种情况：如果按照委托单位的鉴定要求进行检验,得出的鉴定结论却恰恰与案件事实相反,作者在检案中就遇到这种情况,举例如下：１９９８年７月５日,黄山市徽州公安分局刑警大队送来一份共４页的打印合同,最后一页有双方的签名和印章,要求鉴定签名印章的真伪。通过检验,很快认定签名及印章均为真实。但根据案情反映这份合同疑点很大,于是对该４页合同进行全面分析,结果发现前３页文件的打印机与第…     

论电子邮件证据

电子邮件(英文名称为Email)不以传统的通信方式为媒介,而是通过通信网络邮寄的函件,是人们使用国际互联网进行信息交换的途径之一.由于它能在极短的时间内,以很低廉的价格迅速传递大量的文字、声音、图像和视频等数据信息,因此电子邮件已被现代社会广泛接受,已成为人们相互传递信息的重要方式.这也必然会使电子邮件成为证据使用.但法律制订的滞后性造成其与新生事物之间的不衔接、不配套,这也必然会引起对电子邮件证据相关问题的争论.     

The legal aspects of corporate e-mail investigations

The undertaking of e-mail investigations was previously limited mainly to law enforcement agencies. However, UK organisations are increasingly undertaking e-mail investigation activities for incidents such as fraud, accessing or distributing indecent images and harassment amongst others. Organisations are also increasingly using computer forensic analysts to search through e-mail archives in order to gather evidence relating to e-mail misuse. In this paper we examine the legal aspects of UK corporate e-mail investigations.     

Advanced Framework for Digital Forensic Technologies and Procedures*

Abstract: Recent trends in global networks are leading toward service‐oriented architectures and sensor networks. On one hand of the spectrum, this means deployment of services from numerous providers to form new service composites, and on the other hand this means emergence of Internet of things. Both these kinds belong to a plethora of realms and can be deployed in many ways, which will pose serious problems in cases of abuse. Consequently, both trends increase the need for new approaches to digital forensics that would furnish admissible evidence for litigation. Because technology alone is clearly not sufficient, it has to be adequately supported by appropriate investigative procedures, which have yet become a subject of an international consensus. This paper therefore provides appropriate a holistic framework to foster an internationally agreed upon approach in digital forensics along with necessary improvements. It is based on a top‐down approach, starting with legal, continuing with organizational, and ending with technical issues. More precisely, the paper presents a new architectural technological solution that addresses the core forensic principles at its roots. It deploys so‐called leveled message authentication codes and digital signatures to provide data integrity in a way that significantly eases forensic investigations into attacked systems in their operational state. Further, using a top‐down approach a conceptual framework for forensics readiness is given, which provides levels of abstraction and procedural guides embellished with a process model that allow investigators perform routine investigations, without becoming overwhelmed by low‐level details. As low‐level details should not be left out, the framework is further evaluated to include these details to allow organizations to configure their systems for proactive collection and preservation of potential digital evidence in a structured manner. The main reason behind this approach is to stimulate efforts on an internationally agreed “template legislation,” similarly to model law in the area of electronic commerce, which would enable harmonized national implementations in the area of digital forensics.     

Forensic investigation of cross platform massively multiplayer online games: Minecraft as a case study

Minecraft, a Massively Multiplayer Online Game (MMOG), has reportedly millions of players from different age groups worldwide. With Minecraft being so popular, particularly with younger audiences, it is no surprise that the interactive nature of Minecraft has facilitated the commission of criminal activities such as denial of service attacks against gamers, cyberbullying, swatting, sexual communication, and online child grooming. In this research, there is a simulated scenario of a typical Minecraft setting, using a Linux Ubuntu 16.04.3 machine (acting as the MMOG server) and Windows client devices running Minecraft. Server and client devices are then examined to reveal the type and extent of evidential artefacts that can be extracted.     

Forensic analysis of video file formats

Video file format standards define only a limited number of mandatory features and leave room for interpretation. Design decisions of device manufacturers and software vendors are thus a fruitful resource for forensic video authentication. This paper explores AVI and MP4-like video streams of mobile phones and digital cameras in detail. We use customized parsers to extract all file format structures of videos from overall 19 digital camera models, 14 mobile phone models, and 6 video editing toolboxes. We report considerable differences in the choice of container formats, audio and video compression algorithms, acquisition parameters, and internal file structure. In combination, such characteristics can help to authenticate digital video files in forensic settings by distinguishing between original and post-processed videos, verifying the purported source of a file, or identifying the true acquisition device model or the processing software used for video processing.     

网络电子证据取证技术与反取证技术研究

随着网络技术的发展,计算机网络犯罪现象日趋严重。为了有效地打击网络犯罪行为,完善网络电子证据立法基础,取证技术专家不仅要研究网络取证相关技术,同时还必须对网络反取证技术充分进行研究。通过研究反取证技术来促进取证技术的提高,这样才能在网络取证过程中拓宽思路,提高获取有效证据的效率。     

司法鉴定技术准入标准问题研究

司法鉴定科学的发展史表明,鉴定科学的产生是以一般科学技术的发展为前提的,司法鉴定科学的发展也是以一般科学技术的发展为条件的。没有自然科学、技术科学的飞速发展,现代司法鉴定技术也不能得到真正的发展。而司法鉴定中所应用的科学技术必须是稳定成熟并已被证实为科学的,才能被吸纳。然而,由于我国司法鉴定制度的不完善,     

BitTorrent Sync: First Impressions and Digital Forensic Implications

With professional and home Internet users becoming increasingly concerned with data protection and privacy, the privacy afforded by popular cloud file synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming under scrutiny in the press. A number of these services have recently been reported as sharing information with governmental security agencies without warrants. BitTorrent Sync is seen as an alternative by many and has gathered over two million users by December 2013 (doubling since the previous month). The service is completely decentralised, offers much of the same synchronisation functionality of cloud powered services and utilises encryption for data transmission (and optionally for remote storage). The importance of understanding BitTorrent Sync and its resulting digital investigative implications for law enforcement and forensic investigators will be paramount to future investigations. This paper outlines the client application, its detected network traffic and identifies artefacts that may be of value as evidence for future digital investigations.