Computer foreman overview
Reposted from: High Energy in Chinese Academy of Sciences
With the continuous development of information technology, computers are increasingly involved in people's work and life, and the computer-related court cases (such as e-commerce disputes, computer crime, etc.) continue. A new evidence - existing electronic evidence in computer and related peripherals (including network media), gradually become one of new litigation evidence. A large number of computer crimes - such as theft and destruction of commercial confidential information, computer fraud, damage to the government, military website - the proceedings of the case need to extract data existing in the computer system, and even need to be deleted, encrypted or The destroyed file is resorial. Many of the electronic evidence itself and the forensic process have different characteristics of traditional license and forensic methods, and new research topics have been put forward in the field of judicial and computer science. As a cross-science in the field of computer fields and law: Computer Forensics is gradually known as the focus of research and attention. So what is computer forensics? As a professional and senior person in computer forensics, Judd Robbins has given the following definitions: L Computer forensics is just the application of computer surveys and analysis techniques to potential, legally effective evidence, and acquisition. New Technologies is a professional computer emergency response and computer forensics consulting firm, which extends this definition: l Computer forensics include protection, confirmation, extraction, and archiving of computer evidence stored in magnetic media encoding information. The SANS company is attributed as follows: l Computer forensics are using software and tools, comprehensively check the computer system in accordance with some pre-defined programs to extract and protect evidence about computer crime. Therefore, computer forensics can refer to the process of confirmation, protection, extraction, and archiving that can be accepted, sufficiently reliable, and persuasive, existing in computer and related peripherals. Let us first explore the characteristics of electronic evidence. The role of evidence in judicial prove is no doubt, it is the crime of judge and non-crime. During the development of human judicial prove, the proven method and means experienced two major transformations. The first time is a prove to transition from "God's Capacity". The second time is a prove to transition from the "human card" to the proven to "physical evidence" or "scientific evidence" [1]. During a long history, the use of the identification of the license in judicial activities has been in the state of random and dispersion. Until the 18th century, science and technology related to the physical evidence gradually formed system and scale, and the role of physical evidence in judicial prove is more and more important. With the sharpness of science and technology, the technical level of various identification as the core of personal identification is endless. For example, after the handwriting method, the human measuring method, after the fingerprint identification method, footprint identification, teeth identification, sound identification, lip identification, etc., continuously expand the "weapon library" of judicial certificates. In particular, the DNA genetic gene identification technology in the 1980s has brought a new leap in judicial proven. The emergence of electronic evidence is a challenge to traditional evidence rules. As with traditional evidence, electronic evidence must be: l trusted; L is accurate; L is complete; l to convince the judge; L is in compliance with laws and regulations; electronic evidence is also associated with traditional evidence Some features: l The computer data is not changed in time; l Computer data is not visible directly, and you must use the appropriate tool; l Collect the process of computer data, it may cause a very serious changes to the original data because open files, Print files, etc. are generally not atomic operations; L Electronic evidence is caused by technology development, because computer and telecommunications technology has developed very rapidly, so forensic procedures and procedures must constantly adjust the advancement of technology. Computer evidence is in court, it is reported that there is a history of more than 10 years in my country is only in the United States in China.
