Traditional Culture Encyclopedia - Traditional virtues - How to collect electronic data evidence
How to collect electronic data evidence
1. relates to the protection of computer systems. (1) blocked the computer involved at the first time. (2) Copy the original data of the hard disk, CD and other storage media of the computer involved, and try to avoid operating in the original computer to avoid data loss. It is necessary to use a hard disk copying machine to copy the entire hard disk involved. (3) The advanced computer forensics exploration box is used to collect evidence, which has the characteristics of wide application, convenient carrying, standardization and specialization. (4) The contents that should be recorded during the on-site forensics investigation include: computer users, computer status, whether the computer is connected to the network, the personnel who perform forensics on site, the brand and model of the computer, the serial number of the computer hard disk, computer peripherals, etc.
2. Determine the evidence. (1) Use the search tool to conduct a series of keyword searches to find the most important information. (2) Find out the deleted, hidden and encrypted information with the help of professional delete format recovery tools. Note that the exchange files of Windows system and the unallocated space on the hard disk often contain evidence that suspects are easy to ignore. (3) Using data decryption technology and password decryption technology, the protected information in electronic media is forcibly accessed to obtain information. (4) Verify the collected data with the data preliminarily determined by the police handling the case. (5) The collected original data should be backed up.
3. Extract the analysis data. (1) Use a professional forensic analysis platform to analyze file attributes, file abstracts and logs. The analysis platform should have the necessary functions such as data recovery, data repair, multi-format support and information retrieval. (2) Make an analysis report related to the case to obtain conclusive evidence.
4. filing. Conclusion and electronic evidence should be strictly preserved and backed up. Investigators must register when checking.
Legal basis:
Provisions of the Supreme People's Court, the Supreme People's Procuratorate and the Ministry of Public Security on Several Issues Concerning the Collection, Extraction, Examination and Judgment of Electronic Data in Criminal Cases Article 8 If the original storage medium of electronic data can be seized after collection and extraction, the original storage medium shall be seized and sealed, and a written record shall be made to record the sealed state of the original storage medium.
The original storage medium of electronic data shall be sealed, and it shall be guaranteed that electronic data cannot be added, deleted or modified without releasing the sealed state. Before and after sealing, the sealed original storage medium should be photographed to clearly reflect the sealing or sealing.
When storing storage media with wireless communication functions such as mobile phones, measures such as signal shielding, signal blocking or power off should be taken.
- Previous article:How to adjust the camera shutter?
- Next article:The origin and implication of multicolored rope
- Related articles
- From the laws of ancient and modern architectural beauty, do you see why the landmark art in the East and the West will affect people's hearts?
- English masters, there are additional points!
- Why is comedy called ten kinds of juggling?
- What is the technological process of beer production?
- What kinds of rings are there in gynecology?
- Homeschooling, what is homeschooling? What is homeschooling? As a first time mom what should I do to homeschool?
- How to hand-draw the interior plan
- How much does it cost to send express mail from Suzhou to Guangzhou?
- Buy gold jewelry which brand is more formal?
- Find the Young's Tai Ji Chuan Spectrum of Formula 37 (Graphic and Text Combination)