摘要
在计算机取证分析及证据呈示阶段,人们对电子证据的真实性、可信性难以进行准确判断和度量,导致取证所得电子证据常常受到质疑或者不予采信。提出电子证据擦除行为可能性的度量方法,用于对电子数据是否在被固定之前就有过数据擦除的行为进行判断、辩论。结合操作复杂度模型,基于行为复杂程度度量电子证据擦除行为发生的概率。以盗版文件共享为案例,计算与已找到的相关部分证据被擦除的可能性,以及该证据下该电脑被用于制作和上传种子文件到P2P网络的概率,帮助取证调查人员、律师、法官等确定证据推理的可信性。
In the traditional analysis phase of computer forensics,there is no good way to measure the credibility of digital evidence, thus the forensics data will be easily questioned. Research of a measurement method of the data erase can help to judge and debate that whether the digital evidence have been erased before fixed. Combined with the operational complexity model, we measured the probability whether the digital evidence have been erased. This method can be used in the BT case, to calculate the probability that the related evidence have been erased and the probability that the sized computer was used to make the initial seeder to share the pirated file on a Bit Torrent network. According tO the probability, the investigators, lawyer and i udge can determine the credibility of evidence reasoning.
作者
王也
陈龙
WANG Ye CHEN Long(Institute of Computer Forensics, Chongqing University of Posts and Telecommunications, Chongqing 400065, Chin)
出处
《计算机科学》
CSCD
北大核心
2016年第B12期84-88,共5页
Computer Science
基金
本文受国家社会科学基金项目(14BFX156),重庆市教委科学技术研究项目(KJ1400428)资助.
关键词
计算机反取证
数据擦除
操作复杂度模型
电子证据
Computer anti-forensics,Data erase,Operational complexity model,Digital evidence
