On Computer Forensics And Its Specifications

Computer Forensics emerged in the 1960s.The United States and other developed Western countries began to study Computer Forensics in the 1980s and achieved many results in evidence-collecting ideology,theory,technique and method.Nowadays,the vast majority of legal departments in the United States have their own computer forensic laboratory,computer forensic experts who were authorized to use special technology to extract electronic evidence relating to computer crime and illegal computer activities through recognizing, collecting,preserving and analyzing those potential electronic evidence storage in computer and peripheral devices,after doing this,the experts submit these electronic evidence to the Court to support the Court ruling.In recent years,relevant departments in China have been aware of the importance of Computer Forensics,started theoretical exploration and forensic technology research,but up to now,the research on Compute Forensics is still lack of integrality in China.Therefore,make it clear that what the researching scope of Computer Forensics is,meanwhile,recognize and resolve the problems of Computer Forensics in China through a multi-level and multi-angle study is of great importance to the resolution of "the difficult evidence -collecting" and "the hard verdict" in computer crimes and illegal computer activities in judicial practice,furthermore,it means a lot to deal with the challenge of the unceasingly rising number of these illegal and criminal activities.In view of Computer Forensics involved in the knowledge of computer science,law and criminal investigation,the author started this article from technical,procedural and legal point.First of all,the author clearly defined what Computer Forensics is basis on comparison research;Secondly,as far as the study on computer forensic technology be concerned,the author mainly confirmed the scope of computer forensic technology,introduced several common computer forensic techniques,discussed some popular anti-forensic skills at present and brought forward a some countermeasures form the micro and macro level;Futhermore,as the Computer Forensics procedure be concerned,the author put forward the model design of Computer Forensics procedure;In the last part of this article,the author analyzed the law relevant to Computer Forensics form the three perspective of substantive law, procedural law and the evidence law,and also made specifically improving proposals in view of the problems of relevant legislation in China.Specifically speaking,the full text can be divided into six parts.At the very beginning of this dissertation,I started this paper with the concept of Computer Forensics,the classification of Computer Forensics,the technical and legal demand,the content of Computer Forensics researching,as well as the status in quo of Computer Forensics researching in domestic and abroad.Computer Forensics is a process of recognizing,collecting,preserving, analyzing,archiving and presenting electronic evidence that storaged in computer system and other peripheral devices relating to the activities of intruding,assaulting,destructing information systems of the computer and other computer crimes,as well as the illegal activities executed by using computer system and internet in the civil and commercial field,in this process, professional personnel who were authorized to do Computer Forensics through using software and hardware toolkits according with legal proceedings to obtain reliable and persuasible electronic evidence that can be accepted by the court;Computer Forensics can be divided into general and complex Computer Forensics in accordance with the difficulty level,as well as can be divided into internal and external forensics from the perspective of forensic scope;Furthermore,Computer Forensics can be divided into forensics after the case and forensics in the case according to the difference of forensic time;In addition,Computer Forensics can be divided into static and dynamic forensics according to the distinction of forensic state;The technical requirements of Computer Forensics include:1.don't make directly technical analysis on data to ensure its aboriginality;2.it is necessary to ensure that the absolute security and reliability of the information network system and its ancillary equipment that used in electronic evidence analyzing;3.make digital signature before data analysis;4.give the whole process of Computer Forensics a detail,specific records and archiving,etc;the legal requirements of Computer Forensics are:requirement to the main-body of Computer Forensics,procedural requirement,toolkits requirement,and the coordination of related rights conflict in Computer Forensics;The content of Computer Forensics including:Computer Forensics technology,evidence-gathering procedures,evidence-collecting law,evidence-gathering toolkits and Comput -er Forensics norms.In the second part,the author introduced Computer Forensics technology specifically.According to the Evidence Research Working Group(DFRWS) framework,the content of Computer Forensics technology research including the six following:evidence identification technology,evidence preservation technology,evidence collection technology,evidence inspection technology, evidence analysis technology and the skill of taking evidence to the court.The technologies commonly used in Computer Forensics are data replication,data recovery/fix,data decryption,hidden data emerging,log analysis,comparison search technology,data mining,data present,honey-pot and honey-network technology,network data packets interception,attack source tracking,digital digest,digital signature and digital time-stamp technology,etc.The third part of this article focused on the techniques and methods of Computer Anti-Forensics,and put forward a number of countermeasures;the common Computer Anti-Forensics technology can be summed up in three categories:data hiding,data deleting and data encryption.At the micro-level, according with the different anti-forensic methods,the professional personnel can choose the different strategies.Viewing from the macro level,the countermeasures for Computer Anti-Forensics should consider from these three aspects:1.the transformation of forensic ways(combine the static forensics with dynamic forensics);2.In-depth study and successive innovation of Computer Forensics technology;3.the protection of secure operation system.In partâ…£,the author pointed out the problems existing in current Computer Forensics Process Model,proposed specific scheme for the building of Enhanced Computer Forensics Process Model,discussed the rationality and practicality of this forensic process model.In the fifth chapter,the author introduced the software and hardware toolkits of Computer Forensics.According to the difference of researching purpose at the initial phase,Computer Forensics software can be divided into non-exclusive software and exclusive software;Computer Forensics hardware devices are mainly the following:Forensic Drive Duplicator and Computer Forensics Investigation Bin,and so on.Cause of starting late,nowadays,our country's Computer Forensics research is still pre-mature,especially in computer forensic procedure and forensic standardization.Therefore,in the last part of this dissertation,the author analyzed the legislation of foreign countries relating to Computer Forensics and put forward specifically improving proposals with an eye to the problems exist in the current law of China.In my opinion,use the western developed countries' experience for reference,meanwhile,revise and improve our country's relevant substantive law,procedural law and the evidence law, furthermore,enact "Computer Forensics Law" individually to give a guidance and criterion for Computer Forensics are ideal choice to make the target of a standardizing Computer Forensics in China comes true at early days.