计算机网络取证和调查的科学研究

[摘要] 认为针对计算机犯罪，现代的调查是对电子证据进行智能相关性分析，并发掘同一事件不同证据之间的联系；而证据分析又包括电子数据证据的分析、对收集的数据和备份进行查找、分折、归类，以及犯罪现场重建等。提出犯罪现场重建是计算机网络犯罪调查的重要部分。通过理论和实验分析，将取证科学应用到网络犯罪调查上，并以P2P网络调查作为例子，分析如何通过调查取证来寻找数据的第一个上传者。认为只有将恰当的法证科学适时应用到电子证据取证调查中，才能够更好地重构犯罪场景，还原案件真相并实现法律正义。

[关键词] 电子证据；调查；法证科学；犯罪现场重构

[Abstract] For computer related crimes, modern digital investigation emphasizes analysis of the relationship between different digital evidence with the goal of determining how different pieces of digital evidence appear in a single event. Digital evidence analysis includes searching, classification, analysis, and event reconstruction. Event reconstruction is the most important part of cybercrime investigation. By theoretical and experimental analysis, one can apply forensic science to cybercrime scene reconstruction. We demonstrate how to apply forensic science in cybercrime investigation involving the peer-to-peer network, with the objective of identifying the first uploader in the peer-to-peer network. By applying forensic science to cybercrime investigation, the digital investigator should be able to reconstruct the crime scene more efficiently.

[Keywords] digital evidence; investigation; forensic science; crime scene reconstruction