| “运行”计算机内“易挥发数据”的取证问题 |
| |
| 引用本文: | 王俊. “运行”计算机内“易挥发数据”的取证问题[J]. 湖南公安高等专科学校学报, 2008, 20(1): 90-93 |
| |
| 作者姓名: | 王俊 |
| |
| 作者单位: | 西南政法大学,重庆,400031 |
| |
| 摘 要: | 当前司法实践中对现场中处于运行状态的计算机大多采用“二步式”取证的方式来收集数字证据,即先由侦查人员对涉案计算机实施关机分离和保全,尔后再移交专业机构进行数字证据司法鉴定。该方法虽保障了数字证据的原始性和证明力,但无形之中却造成了存储于RAM中的“易挥发”数据以及其他形式的潜在数字证据的丢失。而计算机信息系统中的这些“易挥发数据”可为案件的侦破提供重要线索和潜在的数字证据,因此进行现场动态分析,收集这些“易挥发数据”对数字案件侦查取证意义重大。
|
| 关 键 词: | 运行计算机 易挥发数据 现场动态分析 收集 |
| 文章编号: | 1008-7575(2008)01-0090-04 |
| 修稿时间: | 2007-11-07 |
On the Issue of Collecting Evidence from Running Computer |
| |
| WANG Jun. On the Issue of Collecting Evidence from Running Computer[J]. Journal of Huan Public Security College, 2008, 20(1): 90-93 |
| |
| Authors: | WANG Jun |
| |
| Affiliation: | WANG Jun(Southwest University of Political Science , Law,Chongqing,400031) |
| |
| Abstract: | In today's judicial practice,thetwo-stepsapproach is commonly used to collect digital evidence in running computer on crime scene,namely the investigator just implement the duty of unplug the running computer and book it into the evidence facility,from there,the investigator requests that the computer be examined by a trained digital evidence examiner.This method protects the aboriginality and integrity of digital evidence,but in anyway leads to the loss ofvolatile datastorage in RAM,as well as other forms ... |
| |
| Keywords: | running computer volatile data live analysis on-scene collection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
