建立数字证据鉴识标准作业程序暨符合ISO27037国际标准程序与实例验证——以LINE DEFSOP为例

Establish Digital Evidence Forensics Standard Operating Procedure in Line with ISO 27037 International Standard Procedures and Examples of Verification--for LINE DEFSOP Example

行动装置具有高度机动性与移动性，已成为最新型的网络犯罪工具。而利用LINE犯罪的数字证据具有高度隐匿、易消失及搜证不易等特性，是一个新形态网络犯罪的研究主题。本研究参考台湾学者林宜隆教授所提出的数字证据鉴识标准作业程序（DEFSOP），在UNE云端平台环境下建构数字证据分析与鉴识云端平台DEFSOP，提出LINE数字鉴识标准作业程序架构（LINEDEFSOP），通过DEFSOP的4大阶段（原理、准备、操作及报告阶段）。与LINE作对应探讨。经分析比较与实际案例验证表明，其符合国际标准IS（327037数字证据处理程序与林宜隆教授所提出的数字证据有效性——CIAC（适法性、完整性、正确性、一致性）原则，让架构可作为执法单位对数字证据进行鉴识、撷取及分析时之参照依据，使数字证据更具公信力与有效性。

Mobile device with a high degree of mobility and mobility has become the latest type of cybercrime tools, and the use of digital evidence crime LINE highly conceal, easy to disappear and evidence collection difficult and other characteristics. It is a new form of Internet research topics of crime. This study referenced digital evidence forensics standard operating procedures （DEFSOP） proposed by Taiwan Residents scholar Professor Lin Yi-long, constructed digital evidence analysis and forensic cloud platform DEFSOP at LINE cloud platform environment, proposed LINE digital forensics standard operating procedure architecture （LINE DEFSOP）. For the corresponding phase and LINE investi- gate DEFSOP through four stages （principle, preparation, operation and reporting）, and by analysis and comparison with actual cases verification, digital evidence is in accordance with international standard ISO 27037 digital evidence handling procedures and the effectiveness of the proposed Professor I-Lung Lin -CIAC （applicable law, completeness, correctness,consistency） principle. The architecture allows law enforcement agencies to digital evidence forensics, capture and analysis of reference when it makes digital evidence more credibility and effectiveness.