| 论计算机取证相关问题——现场动态分析,获取“易挥发”数字证据 |
| |
| 引用本文: | 王俊. 论计算机取证相关问题——现场动态分析,获取“易挥发”数字证据[J]. 中国司法鉴定, 2008, 0(1): 26-30 |
| |
| 作者姓名: | 王俊 |
| |
| 作者单位: | 西南政法大学研究生部,重庆,400031 |
| |
| 摘 要: | 由于目前计算机专业取证人员数量的不足,当前司法实践中对于现场中正处于运行状态的计算机大多采用“二步式”取证的方式来搜集数字证据。即先由侦查人员对涉案计算机实施关机分离和保全。尔后再移交专业机构进行数字证据司法鉴定。这种方式虽然保障了数字证据的原始性和证明力。但无形之中造成了存储在RAM中的“易挥发”数据以及其他形式的潜在数字证据的丢失。而计算机信息系统中的这些“易挥发数据”可以为案件的侦破提供重要线索和潜在的数字证据。因此通过对侦查人员的专业培训.实现“易挥发数据”的现场动态获取和合理保全对数字案件侦查取证意义重大。
|
| 关 键 词: | 计算机取证 现场动态分析 易挥发数据 收集 |
| 文章编号: | 1671-2072-(2008)01-0026-05 |
| 修稿时间: | 2007-09-27 |
Live Analysis on-Scene to Collect "Volatile Digital Evidence" in Running Computers |
| |
| WANG Jun. Live Analysis on-Scene to Collect "Volatile Digital Evidence" in Running Computers[J]. Chinese Journal of Forensic Sciences, 2008, 0(1): 26-30 |
| |
| Authors: | WANG Jun |
| |
| Affiliation: | WANG Jun (Graduate Faculty of Southwest University of Political Science and Law, Chongqing 400031, China) |
| |
| Abstract: | Due to lack of computer forensics professionals, the "two-steps" approach is commonly adopted to gather digital evidence in the running computer at the crime scene, that is, unplugging the running computer and booking it into evidence facilities first, then submitting it to trained digital evidence experts for examination. Although this method protects the aboriginality and integrity of digital evidence, it leads to the loss of "volatile data" stored in RAM and in other forms. The "volatile data" can often provide crucial clues and evidence for crime investigation, so it is necessary to make live analysis on-scene to acquire them. It is recommended that investigators be given professional trainings and get the live analysis skill. |
| |
| Keywords: | computer forensics live analysis on-scene volatile data collection |
| 本文献已被 维普 万方数据 等数据库收录! |
