Procedure-oriented Laboratory of Digital Forensics

in a Case Study

 

左瑞麟

政治大學資訊科學系

raylin@cs.nccu.edu.tw

 

許晉銘

政治大學資訊科學系

winterthink@gmail.com

 

高大宇*

中央警察大學資訊管理學系

* Correspondence: camel@mail.cpu.edu.tw

摘要

隨著通資訊設備普及,電腦犯罪及衍生的數位證據呈現爆炸式增長,網路使用者越來越關心資料保護及數位識議題。數位識作業包含多個階段程序,期從數位人為殘留跡證,判斷出適合解釋該犯罪事件的人、事、時、地、物之結論。本文針對數位識實驗室的數位識標準作業流程問題,描繪適合數位識實驗室環境的架構,提高識分析結果之可靠度。該有效的識環境架構,提供數位識分析人員值得信任的識分析作業過程,構建合適、友善的基礎識環境,提昇分析網路犯罪活動的效率。

 

關鍵詞: 數位識、識實驗室、數位識標準流程

 

 

Abstract

The pervasion of ICT devices has led to an explosion of computer crime and digital evidence. Internet users are becoming increasing concerned with data protection and digital forensics. Digital forensics involves several steps, and determines the who, what, when, where, how and why of digital artifact activity. This paper presents a solution to the problem of standard operation procedure at digital forensic lab, outlines a framework for digital forensic investigation environment, and increases the reliability of the forensic attribution process. The effective of the framework environment will provide trusted digital forensics support to digital forensic investigators, enable them to establish their own forensics-friendly infrastructures, and help reduce the time and effort in analyzing criminal activities on the Internet.

 

Keywords: Digital Forensics, Digital Forensic Laboratory, Standard Operation Procedure