ABSTRACT:The telecommunication-and-internet fraud cases have occurred frequently in recent years. Offenders played volatile and tricky swindles to reach their goals. Some of the criminals pretended to be the ofifcial persons of public security, procuratorate and court to get trusted from the victims who were then instigated to log onto a speciifc website where a long-range control program or Trojan was to be introduced into the victims’ computers. Thus, the victims’ computers were able to be remotely operated and the accounts of these victims’ E-bank be broken into, resulting in their money in the bank to be stolen. It is really of certain dififculty to conduct the forensic electronic analysis about such cases because they are prone to be categorized into those implanted Trojan ones during the process of authentication which will be involved into a program decompiling, code tracking among the multiple tested links, thereby making the case analysis even more complex. In the case reported here, the dynamic simulation was recruited to imitate the victim’s computer, and then the time sequence was analyzed of the EEG (electroencephalography) operant behavior in the course of crime. With obtainment of the sequence of the event by the above implementation, the key evidence and clue of the case were dug up so that the case was truly restored and solved.%近年来,国内电信、网络诈骗案件频发,诈骗手法多变;其中犯罪分子冒充国家公、检、法机关工作人员利用电话骗取受害人的信任,指使受害人登录指定网站、安装远程控制程序或木马,远程操作受害人的计算机,登录受害人的网银账户,盗取受害人资金的案件发案率较高。对此类案件的电子物证取证分析存在一定的难度,鉴定过程中易将此类案件归为计算机植入木马类案件进行分析,分析过程中会涉及到程序的反编译、程序代码的跟踪执行等多个检验环节,使案件分析变得复杂。本文报道一案例,在分析过程中首先采用动态仿真模拟出受害人的计算机,然后利用时间线技术分析案发时的计算机操作行为,通过电子物证取证分析,还原了案发时计算机的操作行为,为案件的侦查提供了有力支撑。最后本文就此类案件的电子物证取证分析方法进行探讨。
展开▼
