What Is Computer Evidence?
Computer evidence [1] , also known as electronic evidence, is the key basis for computer crime trials and sentencing.
- Computer evidence [2]
- Computer crime [3]
- [5]
- [6]
- The related application of computer evidence is very extensive. In court attendance, you can prove your own opinion by presenting computer evidence; in various electronic forensics laboratories, you can extract the corresponding computer evidence to make an identification report.
- Internationally, computer evidence has been in court for more than 30 years. In 1984, the United States FBI established the Computer Analysis Response Group (CART). The Scientific Working Group on Digital Evidence Group (Evidence) proposed the relevant standards and basic principles of digital evidence at the International High-Tech Crime and Forensics Conference held in London, England, in October 1999. Around 2000, experts proposed a centralized and typical forensic process model, namely Process model (Basic Process Model), process abstract model (An Abstract Process Model), law enforcement process model (Law Enforcement Process Model) and other process models; foreign NTI, Computer Forensics Incl, Guidance Software and many other professional computer research institutions and The company has developed products such as Encase, DIBS, and Flight Server; more than 70% of the legal departments in the United States have their own electronic forensics laboratories; in 2008, the European Institute of Law (ENFSI) published checksums referring to men for computer evidence officers report.
- In November 2005, China established an electronic forensics expert committee in Beijing and held the first computer forensics technology seminar. In August 2007, the second computer forensics technology seminar was held in Urumqi, Xinjiang. Since 2995, the CCFC Computer Forensics Technology Summit and Summit Forum has also been very active, and a considerable number of activities are held every year. In 2007 and 2009, at the International Anti-Terrorism Police Equipment Exhibition held in Beijing, hardware and software such as electronic forensics began to become bright spots.
- A large number of electronic forensics laboratories and electronic forensics workers have emerged in China. This is also closely related to electronic forensics and computer forensics.
- Computer evidence is widely used. Here, the author will take computer evidence in the process of judicial appraisal in the case of "Panda Burning Incense" as an example.
- It is expanded as follows:
- (From the material files of Hubei Danping Forensic Laboratory)
- · Experimental environment for making and transmitting Trojan virus
- Software tools for writing virus code
- · Write multiple virus source code and executable files generated by the code
- · Game account and login passwords on other people's computers obtained directly or indirectly through Trojan software
- · Trojan virus code and price of Trojan generator sold
- · Favorite URLs left when browsing related technical materials and historical records left when visiting virus source code multiple times
- (The above are forensic identification steps)
- Figure 1: Related code
- For example, extract the client and server programs of the "Panda Burning Incense" Trojan virus of the target inspection material, and at the same time, extract its source program code files.
- Figure 2: Related Ads
- Then extract relevant information such as advertisements and profit database, and through related analysis, it can be considered that the ultimate purpose of the "whboy" Trojan virus maker is to obtain economic benefits by selling "the Trojan horse program designed by himself and the information obtained by the Trojan horse".
- The entire appraisal report was prepared in accordance with the relevant content of Article 286 of the Criminal Law, "Intentionally making and spreading destructive programs such as computer viruses, which affect the normal operation of computer systems, and the consequences are serious, and punished in accordance with the provisions of paragraph 1." "Intentionally produced" and "Intentional dissemination and illegal profit" evidence.
- The entire appraisal report was accepted by the court, and finally the suspect was sentenced.
- (Note : This material is from the real case of Hubei Police Officer College Electronic Data Forensics Laboratory)