WO2022134160A1 - Tamperproof evidence obtaining method, system and apparatus, storage medium, and electronic device - Google Patents

Tamperproof evidence obtaining method, system and apparatus, storage medium, and electronic device Download PDF

Info

Publication number
WO2022134160A1
WO2022134160A1 PCT/CN2020/141205 CN2020141205W WO2022134160A1 WO 2022134160 A1 WO2022134160 A1 WO 2022134160A1 CN 2020141205 W CN2020141205 W CN 2020141205W WO 2022134160 A1 WO2022134160 A1 WO 2022134160A1
Authority
WO
WIPO (PCT)
Prior art keywords
evidence
target
forensic
file
forensics
Prior art date
Application number
PCT/CN2020/141205
Other languages
French (fr)
Chinese (zh)
Inventor
匡立中
蔡亮
李伟
张帅
陈威涛
Original Assignee
杭州趣链科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州趣链科技有限公司 filed Critical 杭州趣链科技有限公司
Publication of WO2022134160A1 publication Critical patent/WO2022134160A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the present disclosure generally relates to the field of blockchain technology, and more particularly, to a tamper-resistant forensics method, system, apparatus, storage medium, and electronic device.
  • the implementation method is as follows: using the sensor of the mobile phone to collect evidence such as taking pictures and videos, storing the corresponding forensic files in the mobile phone, and transmitting the forensic files from the inside of the mobile phone to the back-end server.
  • This method of forensics has the following problems: the evidence file will be stored in the mobile phone and then transmitted from the mobile phone, so the user can replace or tamper with the evidence file before the evidence file is stored in the mobile phone and transmitted to the server.
  • the evidence files transmitted to the back-end server are not real evidence files, that is, the authenticity of the evidence files cannot be guaranteed.
  • the present disclosure relates to a tamper-resistant forensics method, the method comprising:
  • the terminal device receives the forensic instruction
  • the terminal device collects the target evidence in response to the forensics instruction, obtains the string file corresponding to the target evidence, and obtains the forensics parameters when collecting the target evidence;
  • the terminal device binds the string file corresponding to the target evidence with the forensic parameters and sends it to the server.
  • acquiring target evidence in response to the forensic instruction includes:
  • the forensic method used to obtain the evidence of the target to be collected according to the forensic instruction
  • Control the forensics collection module to collect the target evidence according to the forensics method, and generate a string file corresponding to the target evidence;
  • the string file corresponding to the target evidence is used to generate the target forensics file corresponding to the target evidence, and the file type of the target forensics file is related to the forensics method.
  • the forensic parameters include forensic time information and/or forensic space information.
  • the forensic collection module is controlled to collect the target evidence according to the evidence collection method, and a character string file corresponding to the target evidence is generated, including:
  • Control the camera module to shoot the target evidence, and generate the first character string file corresponding to the target evidence
  • the first string file is used to generate the first target forensics file corresponding to the target evidence
  • the file type of the first target forensic file is a picture.
  • the forensic collection module is controlled to collect the target evidence according to the evidence collection method, and a string file corresponding to the target evidence is generated, including:
  • the second string file is used to generate the second target forensic file corresponding to the target evidence
  • the file type of the second target forensic file is a video file.
  • the forensic collection module is controlled to collect the target evidence according to the evidence collection method, and a string file corresponding to the target evidence is generated, including:
  • Control the recording module to record the target evidence, and generate the third string file of the target evidence
  • the third string file is used to generate the third target forensics file corresponding to the target evidence
  • the file type of the third target forensic file is an audio file.
  • the forensic collection module is controlled to collect the target evidence according to the evidence collection method, and a string file corresponding to the target evidence is generated, including:
  • Control the screen recording module to record the target evidence, and generate the fourth string file of the target evidence
  • the fourth string file is used to generate the fourth target forensics file corresponding to the target evidence
  • the file type of the fourth target forensic file is a screen recording file.
  • Target evidence is generated by the end device.
  • the string file corresponding to the target evidence is bound with the corresponding forensics parameters and sent to the server, including:
  • the continuous substring file corresponding to the target evidence and the bound sub-forensic parameters are sent to the server in real-time and in the form of streaming;
  • the string file corresponding to the target evidence includes consecutively obtained substring files
  • Sub-forensics parameters are forensic parameters when obtaining the corresponding sub-string file.
  • the present disclosure relates to a tamper-proof forensics method, which is applied to the server side, and the method includes:
  • the present disclosure relates to a tamper-resistant forensic system comprising:
  • the terminal device is used to receive the forensic instruction, collect the target evidence in response to the forensic instruction, obtain the corresponding string file, and obtain the forensics parameters when collecting the target evidence, and bind the string file corresponding to the target evidence with the corresponding forensics parameters. sent to the server; and
  • the server side is used to receive the string file and forensics parameters of the target evidence sent by the terminal device, generate the corresponding target forensics file according to the string file of the target evidence, use a hash algorithm to obtain the hash value of the target forensics file, and convert the target After the hash value of the evidence is bound to the forensic parameters, it is sent to the blockchain for on-chain evidence storage.
  • the present disclosure relates to a tamper-resistant forensics device, which is applied to terminal equipment, and the device includes:
  • the instruction receiving module is used to receive the forensic instruction
  • the string file acquisition module is used to collect the target evidence in response to the forensic instruction, and obtain the string file corresponding to the target evidence;
  • a parameter acquisition module used to acquire forensic parameters when collecting target evidence
  • the first sending module is used to bind the string file corresponding to the target evidence with the corresponding forensic parameters and send it to the server.
  • the present disclosure relates to a tamper-proof forensics device, which is applied to a server, and the device includes:
  • the receiving module is used to receive the string file and forensic parameters of the target evidence sent by the terminal device;
  • the string file and forensic parameters of the target evidence are obtained by the terminal device receiving the forensic instruction and collecting the target evidence in response to the forensic instruction;
  • the forensic file generation module is used to generate the corresponding target forensic file according to the string file of the target evidence
  • a calculation module for obtaining the hash value of the target forensic file by adopting a hash algorithm
  • the second sending module is used to bind the hash value of the target evidence with the forensic parameters and send it to the blockchain for on-chain storage.
  • the present disclosure relates to a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, causes the processor to execute the tamper-proof forensics method of the present disclosure.
  • the present disclosure relates to an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor executes the tamper-proof forensics method of the present disclosure when executing the program.
  • the terminal device receives the forensic instruction, collects the target evidence in response to the forensic instruction, obtains the string file corresponding to the target evidence, and obtains the forensics parameters when collecting the target evidence, and converts the string file corresponding to the target evidence to the target evidence.
  • the forensic parameters are bound, they are sent to the server.
  • the server generates the corresponding target forensics file according to the string file of the target evidence, uses the hash algorithm to obtain the hash value of the target forensics file, and combines the hash value of the target evidence with the forensics parameters. After binding, send it to the blockchain for on-chain deposit.
  • the target evidence obtained through the present disclosure will not be stored in the terminal device, but will be directly transmitted to the server side, preventing users from tampering with the target evidence using the terminal device, ensuring the authenticity of the evidence, and at the same time through the blockchain Storing the hash of the target evidence further ensures that the evidence cannot be tampered with or replaced. Prevent evidence from being tampered with after storage to achieve the effect of preserving evidence.
  • FIG. 1 is a schematic flowchart of a tamper-proof forensics method provided by an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of a tamper-proof forensics method provided by another embodiment of the present disclosure
  • FIG. 3 is a sequence diagram of a tamper-proof forensics method provided by an embodiment of the present disclosure
  • FIG. 4 is a sequence diagram of a tamper-proof forensics method according to another embodiment of the present disclosure.
  • Transaction which is equivalent to the computer term "transaction”.
  • Transaction includes operations that need to be submitted to the blockchain network for execution, not just transactions in a business context.
  • transaction is used, and embodiments of the present disclosure follow this convention.
  • the Deploy transaction is used to install the specified smart contract to the node in the blockchain network and is ready to be invoked;
  • the Invoke transaction is used to append the transaction record in the blockchain by invoking the smart contract, And operate the state database of the blockchain, including update operations (including adding, deleting, and modifying key-value pairs in the state database) and query operations (that is, querying key-value pairs in the state database).
  • Blockchain is a storage structure of encrypted and chained transactions formed by blocks.
  • Blockchain Network a set of nodes that incorporate new blocks into the blockchain through consensus.
  • Ledger is a general term for blockchain (also known as ledger data) and a state database synchronized with the blockchain, where the blockchain records transactions in the form of files in the file system; the state database It records transactions in the blockchain in the form of different types of key (Key) value (Value) pairs to support fast query of transactions in the blockchain.
  • Key key
  • Value value
  • Smart Contracts also known as Chaincode or application code
  • the nodes execute the smart contracts called in the received transactions to update the state database.
  • Consensus is a process in the blockchain network, which is used to reach an agreement on the transactions in the block among the multiple nodes involved, and the agreed block will be appended to the block chain.
  • the mechanisms for achieving consensus include Proof of Work (PoW, Proof of Work), Proof of Stake (PoS, Proof of Stake), Proof of Equity Authorization (DPoS, Delegatd Proof-of-Stake), Proof of Elapsed Time (PoET, Proof of Elapsed Time), etc.
  • FIG. 1 is a schematic flowchart of a tamper-proof forensics method provided by an embodiment of the present disclosure. Referring to Figure 1, the method is applied to a terminal device, including the following steps:
  • S100A Receive a forensic instruction.
  • a forensics application (forensics APP or forensics application software) is installed on the terminal device.
  • the interface of the forensics application is provided with multiple forensic options, and the user can collect target evidence according to different forensic methods by selecting different forensic options.
  • the target forensic files finally generated from the target evidence collected by different forensics methods have different file types or storage types.
  • the target evidence is an event that occurs in the real world or an objective thing that actually exists.
  • the target evidence is events or things that exist in the real world, such as the scene of a traffic accident, fraudulent text messages, chat records or voices, and fake products that can be collected, captured, and recorded.
  • the forensic instruction is an instruction sent by the user to the terminal device by operating the forensic application in order to collect the target evidence.
  • the forensic instruction is used to instruct the terminal device how to collect the evidence of the forensic target.
  • Target evidence can be stored in different file types by forensic applications.
  • the target evidence can be collected in the form of pictures and stored as a picture file
  • the target evidence can also be collected in the form of video and stored as a video file
  • the target evidence can also be collected in the form of audio and stored as an audio file.
  • the target evidence is collected in the form of screen recording and stored as a screen recording file.
  • the specific forensic method for collecting and storing the target evidence is determined by the properties of the target evidence and the user's desired storage form.
  • the target evidence can be collected and stored in the form of video or pictures, and if the target evidence is an event with sound, it can also be collected and stored in the form of audio.
  • the target evidence is generated by an electronic product (such as a terminal device), such as chat records or transaction records, etc.
  • the target evidence can be collected and stored in the form of screen recording or screen capture.
  • the forensic method in which the target evidence is finally obtained also needs to be determined according to the user's wishes.
  • the terminal device may be an electronic device with a collection function, such as a mobile phone, a tablet, a notebook computer, a smart watch, and a sports bracelet.
  • S200A In response to the forensics instruction, collect target evidence, obtain a string file corresponding to the target evidence, and obtain evidence collection parameters when collecting the target evidence.
  • the terminal device After the terminal device responds to the forensics instruction, it calls its own forensics collection module to collect the target evidence according to the instruction of the forensics instruction, and the terminal device collects the target evidence and generates a string file corresponding to the target evidence.
  • the string file is written in a computer language and is not easily understood by the user, and is used to generate the target forensics file corresponding to the target evidence.
  • String files can be generated from the memory of the terminal device.
  • the target forensic file is an electronic file that is easy to be understood by the user and can truly restore or reflect the target evidence.
  • the target forensics file is a photo file of the target evidence, or a video file of the target evidence, or a screen recording file of the target evidence.
  • the corresponding photo file, video video file or screen recording file can be generated.
  • the mobile phone controls the camera module to collect the target object in front of the camera.
  • the processing module of the mobile phone will first generate a string file corresponding to the target object. After the acquisition is completed, the processing module of the mobile phone will process the string file. Compile to obtain the image file or video file of the target thing.
  • the image file or the video file is the target forensic file of the target thing.
  • Forensic parameters include forensic time information and/or forensic space information when collecting target evidence.
  • the forensic time information is the collection time of collecting the target evidence or the completion time of completing the evidence collection
  • the forensic space information is the geographic location information of the collected target evidence.
  • the geographic location information includes latitude and longitude.
  • S300A The terminal device binds the string file corresponding to the target evidence with the forensic parameters and sends it to the server.
  • the terminal device can send the string file and the forensic parameters to the server in a real-time manner, that is, while collecting and generating, and send it at the same time; or send it at one time after the collection is completed.
  • the specific sending method is determined according to the forensic method, which is determined by the forensic instruction sent by the user.
  • the terminal device collects the target evidence and obtains the string file corresponding to the target evidence, the terminal device does not generate the target forensics file corresponding to the target evidence according to the string file. Therefore, the terminal device does not store the target forensic file, and the user cannot modify the target forensic file through the terminal device, nor can the target forensic file be replaced. Therefore, it is preliminarily guaranteed that the electronic file of the target evidence, that is, the target forensic file will not be tampered or replaced by the user in the middle, preventing The user maliciously tampered with the evidence obtained by using the loophole to ensure the authenticity of the evidence.
  • FIG. 2 is a schematic flowchart of a tamper-proof forensics method provided by another embodiment of the present disclosure. Referring to Figure 2, the method is applied to the server side and includes the following steps:
  • S100B Receive the character string file of the target evidence and the corresponding evidence collection parameters sent by the terminal device.
  • S200B Generate a corresponding target forensic file according to the character string file of the target evidence.
  • Target forensic documents are documents that are accepted by the public and are easily understood by the public. For example, picture files, video files, audio files, screen recording files, etc.
  • a target forensic file is a visual representation or electronic storage of the target's evidence.
  • S300B Use the hash algorithm to obtain the hash value of the target forensic file.
  • the server uses the SHA-256 function to convert the binary file into a hexadecimal hash value, and the hexadecimal hash value is the target evidence. hash value.
  • the server side binds the hash value of the target evidence with the forensic parameters, and sends it to the blockchain to store the evidence on the chain.
  • On-chain evidence storage is to take the hash value and forensic parameters corresponding to the target evidence as the extra field in a transaction on the blockchain, and bind the hash value in the above transaction with the forensic parameters and send it to the blockchain, so that The consensus of all authorized nodes on the blockchain is synchronized, so that the deposit certificate is fixed and cannot be tampered with.
  • the target evidence Due to the non-tampering characteristics of the blockchain, by storing the hash value and forensic parameters of the target evidence on the blockchain, the target evidence can be further prevented from being tampered with and the authenticity of the target evidence can be guaranteed.
  • step S200A specifically includes:
  • S210A Obtain the evidence collection method adopted for collecting the target evidence according to the evidence collection instruction.
  • the terminal device is provided with a variety of forensic collection modules, such as a camera module, a camera module, a recording module, a screen recording module, and a screen capture module, which are not limited to this.
  • the camera module and the camera module can be integrated into one camera module.
  • the terminal device obtains the forensic instruction through the forensic application program, and the forensic instruction carries the information of the forensic method. For example, if the forensic instruction is photo forensics, the forensics method is to take photos. If the forensic instruction is video forensics, the forensics method is to take video forensics. If the forensic instruction is to obtain evidence by recording, the method of obtaining evidence is to obtain evidence by recording. If the forensic instruction is to take screen-recording, the forensic method is to take screen-recording. If the forensic instruction is to take screenshots, the forensics method is to take screenshots.
  • S220A Determine the forensic collection module to be called according to the forensic method.
  • the terminal device determines which forensics collection module configured by itself is to be invoked according to the forensics method. If the forensics method is to obtain evidence by taking pictures, the forensic collection module to be called is the camera module. If the evidence collection method is to collect evidence by video recording, the forensic collection module to be called is the camera module. If the evidence collection method is to collect evidence by recording, the forensic collection module to be called is the recording module. If the evidence collection method is to obtain evidence by screen recording, the forensic collection module to be called is the screen recording module. If the forensics method is to take screenshots, the forensics collection module to be called is the screenshot module.
  • S230A Control the forensics collection module to collect target evidence according to the evidence collection method, and generate a string file corresponding to the target evidence.
  • the terminal device controls the photographing module to collect the target evidence in a photographing manner, and at the same time, the terminal device generates a character string file corresponding to the target evidence, and the character string file is used to generate an image of the target evidence.
  • the terminal device controls the camera module to collect the target evidence in a video recording manner, and at the same time, the terminal device generates a character string file corresponding to the target evidence, and the character string file is used to generate a video of the target evidence.
  • the terminal device controls the recording module to collect the target evidence according to the recording method, and at the same time, the terminal device generates a string file corresponding to the target evidence, and the string file is used to generate a recording of the target evidence.
  • the terminal device controls the screen recording module to collect the target evidence according to the screen recording method, and at the same time, the terminal device generates a string file corresponding to the target evidence, and the string file is used to generate the screen recording of the target evidence.
  • the target evidence is the evidence locally generated in the terminal device. For example, chat records and other information generated and displayed on electronic devices.
  • the terminal device controls the screenshot module to collect the target evidence according to the screenshot method, and at the same time, the terminal device generates a string file corresponding to the target evidence, and the string file is used to generate a screenshot of the target evidence.
  • the target evidence is the evidence locally generated in the terminal device. For example, chat records, shopping records and other information generated and displayed on electronic devices.
  • the string file corresponding to the target evidence is used to generate the target forensics file corresponding to the target evidence, and the file type of the target forensics file is related to the forensics method.
  • the file type of the target forensic file is one of pictures, videos, audio recordings, screen recordings and screenshots.
  • the forensics method includes discontinuous forensics and continuous forensics.
  • the discontinuous forensics include taking pictures and taking screenshots.
  • continuous evidence collection includes video collection, audio recording and screen recording.
  • step S230A specifically includes:
  • Control the photographing module to photograph the target evidence, and generate the first character string file corresponding to the target evidence
  • the first string file is used to generate the first target forensics file corresponding to the target evidence
  • the file type of the first target forensic file is a picture.
  • the evidence collection method is to obtain evidence by taking a photo
  • the final storage form of the target evidence is a photo
  • the photo belongs to a discontinuous file.
  • the terminal device obtains, according to the forensics instruction, that the forensics method is to take pictures for evidence, calls its own camera module to capture the target evidence, and generates a first character string file corresponding to the target evidence.
  • the first string file is used to generate a first target forensic file whose file type is a picture file.
  • step S230A specifically includes:
  • the second string file is used to generate the second target forensic file corresponding to the target evidence
  • the file type of the second target forensic file is a video file.
  • the final storage form of the target evidence is video recording, which is a continuous file.
  • the terminal device obtains, according to the forensics instruction, that the forensics method is to obtain evidence by video recording, and calls its own camera module to record the target evidence, and generates a second character string file corresponding to the target evidence.
  • the second string file is used to generate a second target forensic file whose file type is a video file.
  • step S230A specifically includes:
  • Control the recording module to record the target evidence, and generate the third string file of the target evidence
  • the third string file is used to generate the third target forensics file corresponding to the target evidence
  • the file type of the third target forensic file is an audio file.
  • the evidence collection method is to obtain evidence by recording
  • the final storage form of the target evidence is recording
  • the recording is a continuous file.
  • the terminal device obtains according to the forensics instruction that the forensics method is to obtain evidence by recording, and calls its own recording module to record the target evidence, and generates a third string file corresponding to the target evidence.
  • the third string file is used to generate a third target forensic file whose file type is an audio file or a recording file.
  • step S230A specifically includes:
  • Control the screen recording module to record the target evidence, and generate the fourth string file of the target evidence
  • the fourth string file is used to generate the fourth target forensics file corresponding to the target evidence
  • the file type of the fourth target forensic file is a screen recording file.
  • Target evidence is generated locally by the end device.
  • the evidence collection method is to obtain evidence by means of screen recording
  • the final storage form of the target evidence is screen recording
  • the recording screen belongs to a continuous file.
  • the terminal device obtains, according to the forensics instruction, that the forensics method is to obtain evidence by screen recording, and invokes its own screen recording module to record the target evidence, and generates a fourth string file corresponding to the target evidence.
  • the specific operations of the screen recording are: determine the target evidence as the recording object; record the screen display content and audio source of the target evidence to form a screen recording file.
  • the fourth string file is used to generate a fourth target forensic file whose file type is a screen recording file.
  • step S230A specifically includes:
  • Control the screenshot module to take screenshots of the target evidence, and generate the fifth string file of the target evidence
  • the fifth string file is used to generate the fifth target forensics file corresponding to the target evidence
  • the file type of the fifth target forensic file is a screenshot file
  • Target evidence is generated locally by the end device.
  • the evidence collection method is to obtain evidence by means of screenshots
  • the final storage form of the target evidence is screenshots
  • the screenshots belong to discontinuous files.
  • the terminal device obtains, according to the forensics instruction, that the forensics method is to take screenshots, and invokes its own screen capture module to take screenshots of the target evidence, and generates a fifth string file corresponding to the target evidence.
  • the fifth string file is used to generate a fifth target forensic file whose file type is a screenshot file.
  • step S300A specifically includes:
  • the continuous substring file corresponding to the target evidence and the bound sub-forensic parameters are sent to the server in real-time and in the form of streaming;
  • the string file corresponding to the target evidence includes consecutively obtained substring files
  • Sub-forensics parameters are forensic parameters when obtaining the corresponding sub-string file.
  • the target forensics files corresponding to the target evidence are continuous files, such as video, screen recording, and audio. Therefore, the terminal equipment collects target evidence through continuous forensics within a period of time.
  • the generated string file is also composed of substring files obtained at each acquisition moment.
  • the substring files and corresponding subforensic parameters obtained at each collection moment will be sent by the terminal device to the server in real time.
  • the sub-forensics parameters include the time of collection and/or the geographic location information at the time of collection.
  • the present disclosure can also use the completion time as the forensic time information after the target evidence collection is completed.
  • the sub-forensic parameters are not sent, and only the sub-string file is sent in real time.
  • the last sub-character The forensic parameters are carried after the string file.
  • the string file corresponding to the target evidence is a continuous stream file.
  • the substring file In order to prevent the substring file from being stored in the terminal device and prevent users from tampering, it is necessary to store the substring file in the string file. It is sent to the server in real time.
  • the live streaming technology specifically refers to the substring file corresponding to the video, audio or screen recording collected in real time by the terminal device in the form of push stream, from the start of recording, from the terminal device to the server in real time, until the end of forensics.
  • the terminal device calls the mobile live streaming SDK, and transmits the string file corresponding to the video or audio recording or screen recording to the server in real time.
  • Mobile live streaming is a mobile live streaming service, which is an extension of the live streaming service and mobile scenarios.
  • the data obtained from the video or audio recording or screen recording of the terminal device can be transmitted to the server in the form of streaming.
  • the forensic parameters include forensic time information and/or forensic space information when the target evidence is collected.
  • the forensic time information is the collection time of collecting the target evidence or the completion time of completing the evidence collection
  • the forensic space information is the geographic location information of the collected target evidence.
  • the geographic location information includes latitude and longitude.
  • the acquisition method of latitude and longitude is as follows: the user registers an authentication account on the location service platform through the terminal device, creates a new application for the platform service of the Android system or IOS system, and obtains the corresponding AppKey and AppSecret.
  • the terminal device uses the AppKey and AppSecret to call the API of the location service platform to obtain the latitude and longitude from the location service platform.
  • the present disclosure provides a tamper-resistant forensic system comprising:
  • the terminal device is used to receive the forensic instruction, collect the target evidence in response to the forensic instruction, obtain the corresponding string file, and obtain the forensics parameters when collecting the target evidence, and bind the string file corresponding to the target evidence with the corresponding forensics parameters. sent to the server; and
  • the server side is used to receive the string file and forensics parameters of the target evidence sent by the terminal device, generate the corresponding target forensics file according to the string file of the target evidence, use a hash algorithm to obtain the hash value of the target forensics file, and convert the target After the hash value of the evidence is bound to the forensic parameters, it is sent to the blockchain for on-chain evidence storage.
  • the present disclosure provides a tamper-resistant forensic apparatus, applied to terminal equipment, comprising:
  • the instruction receiving module 100A is used to receive the forensic instruction
  • a string file acquisition module 200A configured to collect target evidence in response to a forensics instruction, and obtain a string file corresponding to the target evidence;
  • a parameter acquisition module 300A used to acquire forensic parameters when collecting target evidence
  • the first sending module 400A is configured to bind the character string file corresponding to the target evidence with the corresponding forensic parameters and send it to the server.
  • the present disclosure provides a tamper-resistant forensic device, applied to a server, comprising:
  • the receiving module 100B is used to receive the character string file of the target evidence sent by the terminal device and the corresponding forensic parameters;
  • the string file and forensic parameters of the target evidence are obtained by the terminal device receiving the forensic instruction and collecting the target evidence in response to the forensic instruction;
  • a forensic file generation module 200B configured to generate a corresponding target forensic file according to the character string file of the target evidence
  • the calculation module 300B is used to obtain the hash value of the target forensic file by adopting a hash algorithm
  • the second sending module 400B is used to bind the hash value of the target evidence with the forensic parameters, and then send it to the blockchain to store the evidence on the chain.
  • FIG. 3 is a sequence diagram of a tamper-proof forensics method provided by an embodiment of the present disclosure.
  • the terminal device initiates non-persistent forensics, collects target evidence in a non-persistent forensics manner, and generates a string file.
  • the terminal device requests the latitude and longitude from the location service platform through the latitude and longitude interface of the location service platform, and the location service platform returns the latitude and longitude to the terminal device through the latitude and longitude interface.
  • the terminal device organizes the forensic evidence to send the string file, the forensic latitude and longitude, and the forensic time to the server.
  • the server receives the string file, the forensic latitude and longitude, and the forensic time, generates the target forensic file according to the string file, and obtains the hash value of the target forensic file.
  • the server sends the hash value, forensic latitude and longitude, and forensic time of the target forensic file to the blockchain for storage.
  • FIG. 4 is a sequence diagram of a tamper-proof forensics method provided by another embodiment of the present disclosure.
  • the terminal device initiates continuous forensics, collects target evidence in continuous forensics, generates substring files in real time, calls the mobile live streaming SDK, and sends the substring files to the server in real time in the form of streaming.
  • the terminal device completes the collection and forensics, it requests the latitude and longitude from the location service platform through the latitude and longitude interface of the location service platform, and the location service platform returns the latitude and longitude to the terminal device through the latitude and longitude interface.
  • the terminal device also sends a forensics completion instruction to the server when the forensics collection is completed.
  • the terminal device organizes the forensic evidence, obtains the longitude, latitude and forensic time and sends it to the server.
  • the server side receives the forensics completion instruction, it obtains a string file according to the substring file obtained in real time, generates a target forensics file according to the string file, and obtains the hash value of the target forensics file.
  • the server obtains the forensic latitude and longitude and the forensic time.
  • the server sends the obtained hash value of the target forensic file, forensic latitude and longitude, and forensic time to the blockchain for storage.
  • the terminal device of the present disclosure is installed with a mobile terminal application APP, which realizes the use of the collection and forensics module of the terminal device to collect evidence such as taking pictures and videos.
  • the evidence files are not stored in the mobile phone, but are directly transmitted to the backend server. , to prevent malicious tampering by the user after the evidence is generated in the mobile phone and transmitted to the server.
  • the corresponding evidence file is immediately hashed and stored on the chain. Let the evidence be prevented from being tampered with during the process from generation to on-chain deposit.
  • the present disclosure prevents evidence from being tampered with after being stored, so as to achieve the effect of preserving evidence and ensuring the authenticity of evidence.
  • an electronic device includes a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor executing the computer program to perform the steps of: receiving a forensic instruction, responsive to forensic The instruction collects the target evidence, obtains the string file corresponding to the target evidence, and obtains the forensics parameters when collecting the target evidence, binds the string file corresponding to the target evidence and the forensics parameters and sends it to the server.
  • the present disclosure provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, where the processor implements the following steps when executing the computer program: receiving an information sent by a terminal device.
  • the string file and forensics parameters of the target evidence generate the corresponding target forensics file according to the string file of the target evidence, use the hash algorithm to obtain the hash value of the target forensics file, and bind the hash value of the target evidence to the forensics parameters After that, it is sent to the blockchain for on-chain deposit.
  • the processor executes the computer program, the tamper-proof forensic method of the present disclosure is also implemented.
  • the present disclosure provides a computer-readable storage medium having a computer program stored thereon, and the computer program, when executed by a processor, implements the steps of: receiving a forensic instruction, acquiring target evidence in response to the forensic instruction, and acquiring target evidence The corresponding string file and the forensic parameters when collecting the target evidence are obtained, and the string file corresponding to the target evidence and the forensic parameters are bound and sent to the server.
  • the present disclosure provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the following steps: receiving a string file and forensic parameters of the target evidence sent by the terminal device, Generate the corresponding target forensic file according to the string file of the target evidence, use the hash algorithm to obtain the hash value of the target forensic file, bind the hash value of the target evidence with the forensic parameters, and send it to the blockchain for uploading.
  • Evidence receives a string file and forensic parameters of the target evidence sent by the terminal device, Generate the corresponding target forensic file according to the string file of the target evidence, use the hash algorithm to obtain the hash value of the target forensic file, bind the hash value of the target evidence with the forensic parameters, and send it to the blockchain for uploading.
  • Evidence receives a string file and forensic parameters of the target evidence sent by the terminal device, Generate the corresponding target forensic file according to the string file of the target evidence, use the hash algorithm to
  • the computer program also implements the tamper-resistant forensic method of the present disclosure when executed by the processor.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Retry When Errors Occur (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a tamperproof evidence obtaining method, system and apparatus, a storage medium, and an electronic device. The method comprises: receiving an evidence obtaining instruction; in response to the evidence obtaining instruction, acquiring a target evidence, obtaining a string file corresponding to the target evidence, and obtaining an evidence obtaining parameter when acquiring the target evidence; binding the string file corresponding to the target evidence and the evidence obtaining parameter, and then sending the string file and the evidence obtaining parameter to a server-side; and the server-side generating a corresponding target evidence obtaining file according to the string file of the target evidence, obtaining a hash value of the target evidence obtaining file using a hash algorithm, binding the hash value of the target evidence and the evidence obtaining parameter, and then sending the hash value and the evidence obtaining parameter to a blockchain to perform on-chain evidence storage.

Description

防篡改取证方法、系统、装置、存储介质及电子设备Tamper-proof forensics method, system, device, storage medium and electronic device
本公开要求于2020年12月23日在中华人民共和国国家知识产权局提交的申请号为202011539659.6、发明名称为“防篡改取证方法、系统、装置、存储介质及电子设备”的发明专利申请的全部权益,并通过引用的方式将其全部内容并入本公开中。This disclosure requires all of the invention patent applications with the application number 202011539659.6 and the invention name "tamper-proof evidence collection method, system, device, storage medium and electronic device" submitted to the State Intellectual Property Office of the People's Republic of China on December 23, 2020 is incorporated by reference into this disclosure in its entirety.
领域field
本公开大体上涉及区块链技术领域,更具体地涉及防篡改取证方法、系统、装置、存储介质及电子设备。The present disclosure generally relates to the field of blockchain technology, and more particularly, to a tamper-resistant forensics method, system, apparatus, storage medium, and electronic device.
背景background
现有技术中利用手机端进行取证时,实现方式是:利用手机传感器进行拍照、录像等取证,将相应取证文件存储于手机内部,将取证文件从手机内部传至后端服务器。这样的取证方式会存在以下的问题:证据文件会存储在手机内部,再从手机中进行传输,因此用户可以在证据文件存在手机内部,将文件传输至服务器前,对证据文件进行替换或篡改,导致传输至后端服务器的证据文件并非真正的证据文件,即证据文件的真实性得不到保证。In the prior art, when using a mobile phone to collect evidence, the implementation method is as follows: using the sensor of the mobile phone to collect evidence such as taking pictures and videos, storing the corresponding forensic files in the mobile phone, and transmitting the forensic files from the inside of the mobile phone to the back-end server. This method of forensics has the following problems: the evidence file will be stored in the mobile phone and then transmitted from the mobile phone, so the user can replace or tamper with the evidence file before the evidence file is stored in the mobile phone and transmitted to the server. As a result, the evidence files transmitted to the back-end server are not real evidence files, that is, the authenticity of the evidence files cannot be guaranteed.
概述Overview
第一方面,本公开涉及防篡改取证方法,该方法包括:In a first aspect, the present disclosure relates to a tamper-resistant forensics method, the method comprising:
终端设备接收取证指令;The terminal device receives the forensic instruction;
终端设备响应于取证指令采集目标证据,获取目标证据对应的字符串文件,以及获取采集目标证据时的取证参数;The terminal device collects the target evidence in response to the forensics instruction, obtains the string file corresponding to the target evidence, and obtains the forensics parameters when collecting the target evidence;
终端设备将目标证据对应的字符串文件和取证参数绑定后发送至服务器端。The terminal device binds the string file corresponding to the target evidence with the forensic parameters and sends it to the server.
在某些是实施方案中,响应于取证指令采集目标证据,获取目标证据对应的字符串文件包括:In some embodiments, acquiring target evidence in response to the forensic instruction, acquiring a string file corresponding to the target evidence includes:
根据取证指令获取采集目标证据所采用的取证方式;The forensic method used to obtain the evidence of the target to be collected according to the forensic instruction;
根据取证方式确定待调用的取证采集模块;Determine the forensics collection module to be called according to the forensics method;
控制取证采集模块按照取证方式采集目标证据,生成目标证据对应的字符串文件;Control the forensics collection module to collect the target evidence according to the forensics method, and generate a string file corresponding to the target evidence;
其中目标证据对应的字符串文件用于生成目标证据对应的目标取证文件,目标取证文件的文件类型与取证方式相关。The string file corresponding to the target evidence is used to generate the target forensics file corresponding to the target evidence, and the file type of the target forensics file is related to the forensics method.
在某些实施方案中,取证参数包括取证时间信息和/或取证空间信息。In certain embodiments, the forensic parameters include forensic time information and/or forensic space information.
在某些实施方案中,若取证方式为非连续性取证中的以拍照方式取证,则控制取证采集模块按照取证方式采集目标证据,生成目标证据对应的字符串文件,包括:In some embodiments, if the forensics method is to collect evidence by taking pictures in discontinuous forensics, the forensic collection module is controlled to collect the target evidence according to the evidence collection method, and a character string file corresponding to the target evidence is generated, including:
控制拍照模块拍摄目标证据,生成目标证据对应的第一字符串文件,Control the camera module to shoot the target evidence, and generate the first character string file corresponding to the target evidence,
其中第一字符串文件用于生成目标证据对应的第一目标取证文件,The first string file is used to generate the first target forensics file corresponding to the target evidence,
第一目标取证文件的文件类型为图片。The file type of the first target forensic file is a picture.
在某些实施方案中,若取证方式为连续性取证中的以录像方式取证,则控制取证采集模块按照取证方式采集目标证据,生成目标证据对应的字符串文件,包括:In some embodiments, if the evidence collection method is to collect evidence by video recording in the continuous evidence collection, the forensic collection module is controlled to collect the target evidence according to the evidence collection method, and a string file corresponding to the target evidence is generated, including:
控制摄像模块对目标证据进行录像,生成目标证据对应的第二字符串文件,Control the camera module to record the target evidence, and generate the second string file corresponding to the target evidence,
其中第二字符串文件用于生成目标证据对应的第二目标取证文件,The second string file is used to generate the second target forensic file corresponding to the target evidence,
第二目标取证文件的文件类型为录像视频文件。The file type of the second target forensic file is a video file.
在某些实施方案中,若取证方式为连续性取证中的以录音方式取证,则控制取证采集模块按照取证方式采集目标证据,生成目标证据对应的字符串文件,包括:In some embodiments, if the evidence collection method is to collect evidence by recording in the continuous evidence collection, the forensic collection module is controlled to collect the target evidence according to the evidence collection method, and a string file corresponding to the target evidence is generated, including:
控制录音模块对目标证据进行录音,生成目标证据的第三字符串文件,Control the recording module to record the target evidence, and generate the third string file of the target evidence,
其中第三字符串文件用于生成目标证据对应的第三目标取证文件,The third string file is used to generate the third target forensics file corresponding to the target evidence,
第三目标取证文件的文件类型为音频文件。The file type of the third target forensic file is an audio file.
在某些实施方案中,若取证方式为连续性取证中的以录屏方式取证,则控制取证采集模块按照取证方式采集目标证据,生成目标证据对应的字符串文件,包括:In some embodiments, if the forensics method is to collect evidence by screen recording in the continuous forensics method, the forensic collection module is controlled to collect the target evidence according to the evidence collection method, and a string file corresponding to the target evidence is generated, including:
控制录屏模块对目标证据进行录制,生成目标证据的第四字符串文件,Control the screen recording module to record the target evidence, and generate the fourth string file of the target evidence,
其中第四字符串文件用于生成目标证据对应的第四目标取证文件,The fourth string file is used to generate the fourth target forensics file corresponding to the target evidence,
第四目标取证文件的文件类型为录屏文件,The file type of the fourth target forensic file is a screen recording file.
目标证据由终端设备产生。Target evidence is generated by the end device.
在某些实施方案中,若取证方式为连续性取证,则将目标证据对应的字符串文件与对应的取证参数绑定后发送至服务器端,包括:In some embodiments, if the forensics method is continuous forensics, the string file corresponding to the target evidence is bound with the corresponding forensics parameters and sent to the server, including:
采用直播推流技术,将目标证据对应的连续的子字符串文件和绑定的子取证参数实时地、以推流形式发送至服务器端;Using live streaming technology, the continuous substring file corresponding to the target evidence and the bound sub-forensic parameters are sent to the server in real-time and in the form of streaming;
目标证据对应的字符串文件包括连续获取的子字符串文件;The string file corresponding to the target evidence includes consecutively obtained substring files;
子取证参数为获取对应的子字符串文件时的取证参数。Sub-forensics parameters are forensic parameters when obtaining the corresponding sub-string file.
第二方面,本公开涉及防篡改取证方法,应用于服务器端,该方法包括:In a second aspect, the present disclosure relates to a tamper-proof forensics method, which is applied to the server side, and the method includes:
接收终端设备发送的目标证据的字符串文件和对应的取证参数;Receive the string file of the target evidence sent by the terminal device and the corresponding forensic parameters;
根据目标证据的字符串文件生成对应的目标取证文件;Generate the corresponding target forensics file according to the string file of the target evidence;
采用哈希算法,获取目标取证文件的哈希值;以及using a hash algorithm to obtain the hash value of the target forensic file; and
将目标证据的哈希值和取证参数绑定后发送至区块链进行上链存证。Bind the hash value of the target evidence and the forensic parameters and send it to the blockchain for on-chain evidence storage.
第三方面,本公开涉及防篡改取证系统,该系统包括:In a third aspect, the present disclosure relates to a tamper-resistant forensic system comprising:
终端设备,用于接收取证指令,响应于取证指令采集目标证据,获取对应的字符串文件,以及获取采集目标证据时的取证参数,将目标证据对应的字符串文件与对应的取证参数绑定后发送至服务器端;以及The terminal device is used to receive the forensic instruction, collect the target evidence in response to the forensic instruction, obtain the corresponding string file, and obtain the forensics parameters when collecting the target evidence, and bind the string file corresponding to the target evidence with the corresponding forensics parameters. sent to the server; and
服务器端,用于接收终端设备发送的目标证据的字符串文件和取证参数,根据目标证据的字符串文件生成对应的目标取证文件,采用 哈希算法,获取目标取证文件的哈希值,将目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。The server side is used to receive the string file and forensics parameters of the target evidence sent by the terminal device, generate the corresponding target forensics file according to the string file of the target evidence, use a hash algorithm to obtain the hash value of the target forensics file, and convert the target After the hash value of the evidence is bound to the forensic parameters, it is sent to the blockchain for on-chain evidence storage.
第四方面,本公开涉及防篡改取证装置,应用于终端设备,该装置包括:In a fourth aspect, the present disclosure relates to a tamper-resistant forensics device, which is applied to terminal equipment, and the device includes:
指令接收模块,用于接收取证指令;The instruction receiving module is used to receive the forensic instruction;
字符串文件获取模块,用于响应于取证指令采集目标证据,获取目标证据对应的字符串文件;The string file acquisition module is used to collect the target evidence in response to the forensic instruction, and obtain the string file corresponding to the target evidence;
参数获取模块,用于获取采集目标证据时的取证参数;以及A parameter acquisition module, used to acquire forensic parameters when collecting target evidence; and
第一发送模块,用于将目标证据对应的字符串文件与对应的取证参数绑定后发送至服务器端。The first sending module is used to bind the string file corresponding to the target evidence with the corresponding forensic parameters and send it to the server.
第五方面,本公开涉及防篡改取证装置,应用于服务器端,该装置包括:In a fifth aspect, the present disclosure relates to a tamper-proof forensics device, which is applied to a server, and the device includes:
接收模块,用于接收终端设备发送的目标证据的字符串文件和取证参数;The receiving module is used to receive the string file and forensic parameters of the target evidence sent by the terminal device;
其中目标证据的字符串文件和取证参数,是终端设备接收取证指令,响应于取证指令,对目标证据进行采集获取到的;The string file and forensic parameters of the target evidence are obtained by the terminal device receiving the forensic instruction and collecting the target evidence in response to the forensic instruction;
取证文件生成模块,用于根据目标证据的字符串文件生成对应的目标取证文件;The forensic file generation module is used to generate the corresponding target forensic file according to the string file of the target evidence;
计算模块,用于采用哈希算法,获取目标取证文件的哈希值;以及a calculation module for obtaining the hash value of the target forensic file by adopting a hash algorithm; and
第二发送模块,用于将目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。The second sending module is used to bind the hash value of the target evidence with the forensic parameters and send it to the blockchain for on-chain storage.
第六方面,本公开涉及计算机可读存储介质,计算机可读存储介质上存储有计算机程序,计算机程序被处理器执行时,使得处理器执行本公开的防篡改取证方法。In a sixth aspect, the present disclosure relates to a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, causes the processor to execute the tamper-proof forensics method of the present disclosure.
第七方面,本公开涉及电子设备,其包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行程序时执行本公开的防篡改取证方法。In a seventh aspect, the present disclosure relates to an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor executes the tamper-proof forensics method of the present disclosure when executing the program.
在某些实施方案中,通过终端设备接收取证指令,响应于取证指令采集目标证据,获取目标证据对应的字符串文件,以及获取采集目 标证据时的取证参数,将目标证据对应的字符串文件和取证参数绑定后发送至服务器端,服务器端根据目标证据的字符串文件生成对应的目标取证文件,采用哈希算法,获取目标取证文件的哈希值,将目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。In some embodiments, the terminal device receives the forensic instruction, collects the target evidence in response to the forensic instruction, obtains the string file corresponding to the target evidence, and obtains the forensics parameters when collecting the target evidence, and converts the string file corresponding to the target evidence to the target evidence. After the forensic parameters are bound, they are sent to the server. The server generates the corresponding target forensics file according to the string file of the target evidence, uses the hash algorithm to obtain the hash value of the target forensics file, and combines the hash value of the target evidence with the forensics parameters. After binding, send it to the blockchain for on-chain deposit.
在某些实施方案中,通过本公开获取的目标证据不会存储在终端设备,而是直接传至服务器端,防止用户使用终端设备篡改目标证据,保证了证据的真实性,同时通过区块链存储目标证据的哈希值进一步保证了证据不可篡改或替换。防止证据在存储后被篡改,以实现保全证据的效果。In some embodiments, the target evidence obtained through the present disclosure will not be stored in the terminal device, but will be directly transmitted to the server side, preventing users from tampering with the target evidence using the terminal device, ensuring the authenticity of the evidence, and at the same time through the blockchain Storing the hash of the target evidence further ensures that the evidence cannot be tampered with or replaced. Prevent evidence from being tampered with after storage to achieve the effect of preserving evidence.
附图简要说明Brief Description of Drawings
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本公开的实施方案,并与说明书一起用于解释本公开的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.
为了更清楚地说明本公开的实施方案或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,对于本领域普通技术人员而言,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the following briefly introduces the accompanying drawings required in the description of the embodiments or the prior art. It is obvious to those skilled in the art that In other words, on the premise of no creative labor, other drawings can also be obtained based on these drawings.
图1为本公开一实施例提供的防篡改取证方法的流程示意图;FIG. 1 is a schematic flowchart of a tamper-proof forensics method provided by an embodiment of the present disclosure;
图2为本公开另一实施例提供的防篡改取证方法的流程示意图;2 is a schematic flowchart of a tamper-proof forensics method provided by another embodiment of the present disclosure;
图3为本公开一实施例提供的一防篡改取证方法的时序图;3 is a sequence diagram of a tamper-proof forensics method provided by an embodiment of the present disclosure;
图4为本公开另一实施例提供的一防篡改取证方法的时序图。FIG. 4 is a sequence diagram of a tamper-proof forensics method according to another embodiment of the present disclosure.
详述detail
为使本公开实施例的目的、技术方案和优点更加清楚,下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开的一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本公开保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present disclosure clearer, the technical solutions in the embodiments of the present disclosure will be described clearly and completely below with reference to the accompanying drawings in the embodiments of the present disclosure. Obviously, the described embodiments These are some, but not all, embodiments of the present disclosure. Based on the embodiments in the present disclosure, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present disclosure.
除非另有定义,本文所使用的所有的技术的科学技术与属于本公 开的技术领域的技术人员通常理解的含义相同。本文中所使用的术语只是为了描述本公开实施例的目的,不是旨在限制本公开。Unless otherwise defined, all techniques used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. The terminology used herein is for the purpose of describing the embodiments of the present disclosure only and is not intended to limit the present disclosure.
在对本公开实施方案进行进一步详细说明之前,对本公开实施方案中涉及的名词和术语进行说明,本公开实施方案中涉及的名词和术语适用于如下的解释。Before further detailed description of the embodiments of the present disclosure, the terms and terms involved in the embodiments of the present disclosure are explained, and the nouns and terms involved in the embodiments of the present disclosure are applicable to the following explanations.
(1)交易(Transaction),等同于计算机术语“事务”,交易包括了需要提交到区块链网络执行的操作,并非单指商业语境中的交易,鉴于在区块链技术中约定俗称地使用了“交易”这一术语,本公开实施例遵循了这一习惯。(1) Transaction (Transaction), which is equivalent to the computer term "transaction". Transaction includes operations that need to be submitted to the blockchain network for execution, not just transactions in a business context. The term "transaction" is used, and embodiments of the present disclosure follow this convention.
例如,部署(Deploy)交易用于向区块链网络中的结点安装指定的智能合约并准备好被调用;调用(Invoke)交易用于通过调用智能合约在区块链中追加交易的记录,并对区块链的状态数据库进行操作,包括更新操作(包括增加、删除和修改状态数据库中的键值对)和查询操作(即查询状态数据库中的键值对)。For example, the Deploy transaction is used to install the specified smart contract to the node in the blockchain network and is ready to be invoked; the Invoke transaction is used to append the transaction record in the blockchain by invoking the smart contract, And operate the state database of the blockchain, including update operations (including adding, deleting, and modifying key-value pairs in the state database) and query operations (that is, querying key-value pairs in the state database).
(2)区块链(Blockchain),是由区块(Block)形成的加密的、链式的交易的存储结构。(2) Blockchain is a storage structure of encrypted and chained transactions formed by blocks.
(3)区块链网络(Blockchain Network),通过共识的方式将新区块纳入区块链的一系列的节点的集合。(3) Blockchain Network, a set of nodes that incorporate new blocks into the blockchain through consensus.
(4)账本(Ledger),是区块链(也称为账本数据)和与区块链同步的状态数据库的统称,其中区块链是以文件系统中的文件的形式来记录交易;状态数据库是以不同类型的键(Key)值(Value)对的形式来记录区块链中的交易,用于支持区块链中交易的快速查询。(4) Ledger is a general term for blockchain (also known as ledger data) and a state database synchronized with the blockchain, where the blockchain records transactions in the form of files in the file system; the state database It records transactions in the blockchain in the form of different types of key (Key) value (Value) pairs to support fast query of transactions in the blockchain.
(5)智能合约(Smart Contracts),也称为链码(Chaincode)或应用代码,部署在区块链网络的节点中的程序,节点执行接收的交易中所调用的智能合约,来对状态数据库的键值对数据进行更新或查询操作。(5) Smart Contracts, also known as Chaincode or application code, are programs deployed in the nodes of the blockchain network, and the nodes execute the smart contracts called in the received transactions to update the state database. The key value of the data to update or query operation.
(6)共识(Consensus),是区块链网络中的一个过程,用于在涉及的多个节点之间对区块中的交易达成一致,达成一致的区块将被追加到区块链的尾部,实现共识的机制包括工作量证明(PoW,Proof of Work)、权益证明(PoS,Proof of Stake)、股权授权证明(DPoS,Delegatd Proof-of-Stake)、消逝时间量证明(PoET,Proof of Elapsed Time)等。(6) Consensus is a process in the blockchain network, which is used to reach an agreement on the transactions in the block among the multiple nodes involved, and the agreed block will be appended to the block chain. At the end, the mechanisms for achieving consensus include Proof of Work (PoW, Proof of Work), Proof of Stake (PoS, Proof of Stake), Proof of Equity Authorization (DPoS, Delegatd Proof-of-Stake), Proof of Elapsed Time (PoET, Proof of Elapsed Time), etc.
图1为本公开一实施例提供的防篡改取证方法的流程示意图。参考图1,该方法应用于终端设备,包括以下步骤:FIG. 1 is a schematic flowchart of a tamper-proof forensics method provided by an embodiment of the present disclosure. Referring to Figure 1, the method is applied to a terminal device, including the following steps:
S100A:接收取证指令。S100A: Receive a forensic instruction.
具体地,终端设备上安装有取证应用程序(取证APP或取证应用软件)。该取证应用程序的界面上设有多个取证选项,用户通过选择不同的取证选项,可以实现按照不同的取证方式采集目标证据。不同的取证方式采集到的目标证据最终生成的目标取证文件的文件类型或存储类型不同。Specifically, a forensics application (forensics APP or forensics application software) is installed on the terminal device. The interface of the forensics application is provided with multiple forensic options, and the user can collect target evidence according to different forensic methods by selecting different forensic options. The target forensic files finally generated from the target evidence collected by different forensics methods have different file types or storage types.
目标证据为现实世界发生的事件或真实存在的客观事物。例如,目标证据为交通事故现场、欺诈短信、聊天记录或语音、伪造产品等存在于现实世界可以用于采集、捕捉、记录保存的事件或事物。The target evidence is an event that occurs in the real world or an objective thing that actually exists. For example, the target evidence is events or things that exist in the real world, such as the scene of a traffic accident, fraudulent text messages, chat records or voices, and fake products that can be collected, captured, and recorded.
取证指令是用户为了采集目标证据通过操作取证应用程序向终端设备发送的指令。取证指令用于指示终端设备如何采集取证目标证据。The forensic instruction is an instruction sent by the user to the terminal device by operating the forensic application in order to collect the target evidence. The forensic instruction is used to instruct the terminal device how to collect the evidence of the forensic target.
目标证据通过取证应用程序可以以不同的文件类型存储。例如,可以将目标证据以图片形式采集并存储为图片文件,也可以将目标证据以视频形式采集并存储为录像视频文件,还可以将目标证据以音频形式采集并存储为音频文件,还可以将目标证据以录屏形式采集并存储为录屏文件。Target evidence can be stored in different file types by forensic applications. For example, the target evidence can be collected in the form of pictures and stored as a picture file, the target evidence can also be collected in the form of video and stored as a video file, and the target evidence can also be collected in the form of audio and stored as an audio file. The target evidence is collected in the form of screen recording and stored as a screen recording file.
当然,目标证据具体以哪种取证方式采集并存储,由目标证据的自身属性和用户的期望保存形式决定。Of course, the specific forensic method for collecting and storing the target evidence is determined by the properties of the target evidence and the user's desired storage form.
例如,目标证据是现实世界正在发生的事件,则该目标证据可以以视频形式或图片形式采集并存储,如果该目标证据是有声音的事件,则还可以以音频形式采集并存储。For example, if the target evidence is an event happening in the real world, the target evidence can be collected and stored in the form of video or pictures, and if the target evidence is an event with sound, it can also be collected and stored in the form of audio.
如果目标证据是由电子产品(例如终端设备)生成,例如是聊天记录或交易记录等,则目标证据可以以录屏形式或截屏形式采集并存储。If the target evidence is generated by an electronic product (such as a terminal device), such as chat records or transaction records, etc., the target evidence can be collected and stored in the form of screen recording or screen capture.
目标证据最终以哪种取证方式获得,还需要根据用户意愿确定。The forensic method in which the target evidence is finally obtained also needs to be determined according to the user's wishes.
终端设备可以为手机、平板、笔记本电脑、智能手表、运动手环等具有采集功能的电子设备。The terminal device may be an electronic device with a collection function, such as a mobile phone, a tablet, a notebook computer, a smart watch, and a sports bracelet.
S200A:响应于取证指令采集目标证据,获取目标证据对应的字符串文件,以及获取采集目标证据时的取证参数。S200A: In response to the forensics instruction, collect target evidence, obtain a string file corresponding to the target evidence, and obtain evidence collection parameters when collecting the target evidence.
具体地,终端设备响应取证指令后,根据取证指令的指示调用自身的取证采集模块来采集目标证据,终端设备采集目标证据会生成目标证据对应的字符串文件。Specifically, after the terminal device responds to the forensics instruction, it calls its own forensics collection module to collect the target evidence according to the instruction of the forensics instruction, and the terminal device collects the target evidence and generates a string file corresponding to the target evidence.
字符串文件采用计算机语言编写、不易被用户理解,用于生成目标证据对应的目标取证文件。The string file is written in a computer language and is not easily understood by the user, and is used to generate the target forensics file corresponding to the target evidence.
字符串文件可以是终端设备的内存生成的。String files can be generated from the memory of the terminal device.
目标取证文件为易于被用户理解、能够真实还原或反应目标证据的电子文件。例如,目标取证文件为目标证据的照片文件,或者为目标证据的录像视频文件,或者为目标证据的录屏文件等。The target forensic file is an electronic file that is easy to be understood by the user and can truly restore or reflect the target evidence. For example, the target forensics file is a photo file of the target evidence, or a video file of the target evidence, or a screen recording file of the target evidence.
字符串文件被计算机编译后可以生成对应的照片文件或录像视频文件或录屏文件等。After the string file is compiled by the computer, the corresponding photo file, video video file or screen recording file can be generated.
例如,手机控制摄像模块采集摄像头前方的目标事物,摄像模块在采集目标的同时手机的处理模块会先生成该目标事物对应的字符串文件,采集完成后,手机的处理模块会对字符串文件进行编译得到该目标事物的图像文件或录像视频文件。图像文件或录像视频文件即为该目标事物的目标取证文件。For example, the mobile phone controls the camera module to collect the target object in front of the camera. When the camera module collects the target, the processing module of the mobile phone will first generate a string file corresponding to the target object. After the acquisition is completed, the processing module of the mobile phone will process the string file. Compile to obtain the image file or video file of the target thing. The image file or the video file is the target forensic file of the target thing.
取证参数包括采集目标证据时的取证时间信息和/或取证空间信息。Forensic parameters include forensic time information and/or forensic space information when collecting target evidence.
取证时间信息为采集目标证据的采集时刻或完成证据采集的完成时刻,取证空间信息为采集目标证据的地理位置信息。地理位置信息包括经纬度。The forensic time information is the collection time of collecting the target evidence or the completion time of completing the evidence collection, and the forensic space information is the geographic location information of the collected target evidence. The geographic location information includes latitude and longitude.
S300A:终端设备将目标证据对应的字符串文件和取证参数绑定后发送至服务器端。S300A: The terminal device binds the string file corresponding to the target evidence with the forensic parameters and sends it to the server.
具体地,终端设备向服务器端发送字符串文件和取证参数可以采用实时发送的方式,即边采集边生成边发送;也可以采用采集完成后一次性发送的方式。具体发送方式根据取证方式决定,取证方式是由用户发送的取证指令决定的。Specifically, the terminal device can send the string file and the forensic parameters to the server in a real-time manner, that is, while collecting and generating, and send it at the same time; or send it at one time after the collection is completed. The specific sending method is determined according to the forensic method, which is determined by the forensic instruction sent by the user.
终端设备虽然采集目标证据,得到了目标证据对应的字符串文件,但是终端设备并不会根据字符串文件生成目标证据对应的目标取证文件。因此,终端设备没有存储目标取证文件,用户通过终端设备修改 不了目标取证文件,也替换不了目标取证文件,因此初步保证了目标证据的电子文件即目标取证文件不会被用户中途篡改或替换,防止用户利用漏洞对自己取得的证据进行恶意篡改,保证了证据的真实性。Although the terminal device collects the target evidence and obtains the string file corresponding to the target evidence, the terminal device does not generate the target forensics file corresponding to the target evidence according to the string file. Therefore, the terminal device does not store the target forensic file, and the user cannot modify the target forensic file through the terminal device, nor can the target forensic file be replaced. Therefore, it is preliminarily guaranteed that the electronic file of the target evidence, that is, the target forensic file will not be tampered or replaced by the user in the middle, preventing The user maliciously tampered with the evidence obtained by using the loophole to ensure the authenticity of the evidence.
图2为本公开另一实施例提供的防篡改取证方法的流程示意图。参考图2,该方法应用于服务器端,包括以下步骤:FIG. 2 is a schematic flowchart of a tamper-proof forensics method provided by another embodiment of the present disclosure. Referring to Figure 2, the method is applied to the server side and includes the following steps:
S100B:接收终端设备发送的目标证据的字符串文件和对应的取证参数。S100B: Receive the character string file of the target evidence and the corresponding evidence collection parameters sent by the terminal device.
S200B:根据目标证据的字符串文件生成对应的目标取证文件。S200B: Generate a corresponding target forensic file according to the character string file of the target evidence.
具体地,服务器端接收到终端设备发送的字符串文件和取证参数后,会对目标证据的字符串文件进行编译以生成目标取证文件。目标取证文件为被公众所接受且易于公众理解的文件。例如,图片文件、录像视频文件、音频文件、录屏文件等等。目标取证文件是目标证据的直观表现形式或电子存储形式。Specifically, after receiving the string file and the forensic parameters sent by the terminal device, the server side compiles the string file of the target evidence to generate the target forensics file. Target forensic documents are documents that are accepted by the public and are easily understood by the public. For example, picture files, video files, audio files, screen recording files, etc. A target forensic file is a visual representation or electronic storage of the target's evidence.
S300B:采用哈希算法,获取目标取证文件的哈希值。S300B: Use the hash algorithm to obtain the hash value of the target forensic file.
S400B:将目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。S400B: After binding the hash value of the target evidence and the forensic parameters, send it to the blockchain for on-chain storage.
具体地,服务器端将目标取证文件转换为二进制文件后,使用SHA-256函数,将该二进制文件转换为十六进制的哈希值,该十六进制的哈希值即为目标证据的哈希值。Specifically, after the server converts the target forensic file into a binary file, it uses the SHA-256 function to convert the binary file into a hexadecimal hash value, and the hexadecimal hash value is the target evidence. hash value.
服务器端将目标证据的哈希值与取证参数绑定后,发送至区块链上链存证。The server side binds the hash value of the target evidence with the forensic parameters, and sends it to the blockchain to store the evidence on the chain.
上链存证是将目标证据对应的哈希值和取证参数作为区块链一笔交易中的extra字段,将上述交易中的哈希值与取证参数绑定后发送至区块链上,使得区块链上所有授权节点共识同步,使存证固定、不可篡改。On-chain evidence storage is to take the hash value and forensic parameters corresponding to the target evidence as the extra field in a transaction on the blockchain, and bind the hash value in the above transaction with the forensic parameters and send it to the blockchain, so that The consensus of all authorized nodes on the blockchain is synchronized, so that the deposit certificate is fixed and cannot be tampered with.
由区块链的不易篡改特性,通过将目标证据的哈希值与取证参数存储于区块链上,可以进一步防止目标证据被篡改,保证了目标证据的真实性。Due to the non-tampering characteristics of the blockchain, by storing the hash value and forensic parameters of the target evidence on the blockchain, the target evidence can be further prevented from being tampered with and the authenticity of the target evidence can be guaranteed.
在某些实施方案中,步骤S200A具体包括:In some embodiments, step S200A specifically includes:
S210A:根据取证指令获取采集目标证据所采用的取证方式。S210A: Obtain the evidence collection method adopted for collecting the target evidence according to the evidence collection instruction.
具体地,终端设备上设有多种取证采集模块,例如拍照模块、摄像模块、录音模块、录屏模块和截屏模块等等不局限于此,其中拍照模块和摄像模块可以集成为一个相机模块。Specifically, the terminal device is provided with a variety of forensic collection modules, such as a camera module, a camera module, a recording module, a screen recording module, and a screen capture module, which are not limited to this. The camera module and the camera module can be integrated into one camera module.
终端设备通过取证应用程序获取取证指令,取证指令携带了取证方式信息。例如,若取证指令为照片取证,则,取证方式为以拍照方式取证。若取证指令为视频取证,则取证方式为以录像方式取证。若取证指令为录音取证,则取证方式为以录音方式取证。若取证指令为录屏取证,则取证方式为以录屏方式取证。若取证指令为截屏取证,则取证方式为以截屏方式取证。The terminal device obtains the forensic instruction through the forensic application program, and the forensic instruction carries the information of the forensic method. For example, if the forensic instruction is photo forensics, the forensics method is to take photos. If the forensic instruction is video forensics, the forensics method is to take video forensics. If the forensic instruction is to obtain evidence by recording, the method of obtaining evidence is to obtain evidence by recording. If the forensic instruction is to take screen-recording, the forensic method is to take screen-recording. If the forensic instruction is to take screenshots, the forensics method is to take screenshots.
S220A:根据取证方式确定待调用的取证采集模块。S220A: Determine the forensic collection module to be called according to the forensic method.
具体地,终端设备根据取证方式确定要调用其自身配置的哪种取证采集模块。若取证方式为以拍照方式取证,则待调用的取证采集模块为拍照模块。若取证方式为以录像方式取证,则待调用的取证采集模块为摄像模块。若取证方式为以录音方式取证,则待调用的取证采集模块为录音模块。若取证方式为以录屏方式取证,则待调用的取证采集模块为录屏模块。若取证方式为以截屏方式取证,则待调用的取证采集模块为截屏模块。Specifically, the terminal device determines which forensics collection module configured by itself is to be invoked according to the forensics method. If the forensics method is to obtain evidence by taking pictures, the forensic collection module to be called is the camera module. If the evidence collection method is to collect evidence by video recording, the forensic collection module to be called is the camera module. If the evidence collection method is to collect evidence by recording, the forensic collection module to be called is the recording module. If the evidence collection method is to obtain evidence by screen recording, the forensic collection module to be called is the screen recording module. If the forensics method is to take screenshots, the forensics collection module to be called is the screenshot module.
S230A:控制取证采集模块按照取证方式采集目标证据,生成目标证据对应的字符串文件。S230A: Control the forensics collection module to collect target evidence according to the evidence collection method, and generate a string file corresponding to the target evidence.
具体地,终端设备控制拍照模块按照拍照方式采集目标证据,同时终端设备生成目标证据对应的字符串文件,该字符串文件用于生成目标证据的图像。Specifically, the terminal device controls the photographing module to collect the target evidence in a photographing manner, and at the same time, the terminal device generates a character string file corresponding to the target evidence, and the character string file is used to generate an image of the target evidence.
或,终端设备控制摄像模块按照录像方式采集目标证据,同时终端设备生成目标证据对应的字符串文件,该字符串文件用于生成目标证据的录像视频。Or, the terminal device controls the camera module to collect the target evidence in a video recording manner, and at the same time, the terminal device generates a character string file corresponding to the target evidence, and the character string file is used to generate a video of the target evidence.
或,终端设备控制录音模块按照录音方式采集目标证据,同时终端设备生成目标证据对应的字符串文件,该字符串文件用于生成目标证据的录音。Or, the terminal device controls the recording module to collect the target evidence according to the recording method, and at the same time, the terminal device generates a string file corresponding to the target evidence, and the string file is used to generate a recording of the target evidence.
或,终端设备控制录屏模块按照录屏方式采集目标证据,同时终端设备生成目标证据对应的字符串文件,该字符串文件用于生成目标 证据的录屏。本实施例中,目标证据是在终端设备本地生成的证据。例如,聊天记录等在电子设备上产生并展示的信息。Or, the terminal device controls the screen recording module to collect the target evidence according to the screen recording method, and at the same time, the terminal device generates a string file corresponding to the target evidence, and the string file is used to generate the screen recording of the target evidence. In this embodiment, the target evidence is the evidence locally generated in the terminal device. For example, chat records and other information generated and displayed on electronic devices.
或,终端设备控制截屏模块按照截屏方式采集目标证据,同时终端设备生成目标证据对应的字符串文件,该字符串文件用于生成目标证据的截屏。本实施例中,目标证据是在终端设备本地生成的证据。例如聊天记录、购物记录等在电子设备上产生并展示的信息。Or, the terminal device controls the screenshot module to collect the target evidence according to the screenshot method, and at the same time, the terminal device generates a string file corresponding to the target evidence, and the string file is used to generate a screenshot of the target evidence. In this embodiment, the target evidence is the evidence locally generated in the terminal device. For example, chat records, shopping records and other information generated and displayed on electronic devices.
目标证据对应的字符串文件用于生成目标证据对应的目标取证文件,目标取证文件的文件类型与取证方式相关。The string file corresponding to the target evidence is used to generate the target forensics file corresponding to the target evidence, and the file type of the target forensics file is related to the forensics method.
目标取证文件的文件类型为图片、视频、录音、录屏和截屏中的一种。The file type of the target forensic file is one of pictures, videos, audio recordings, screen recordings and screenshots.
在某些实施方案中,若取证方式包括非连续性取证和连续性取证。In some embodiments, if the forensics method includes discontinuous forensics and continuous forensics.
其中非连续性取证包括以拍照方式取证和以截屏方式取证。The discontinuous forensics include taking pictures and taking screenshots.
其中连续性取证包括以录像方式取证、以录音方式取证和以录屏方式取证。Among them, continuous evidence collection includes video collection, audio recording and screen recording.
在某些实施方案中,若取证方式为非连续性取证中的以拍照方式取证,则步骤S230A,具体包括:In some embodiments, if the forensics method is taking pictures by taking pictures in discontinuous forensics, then step S230A specifically includes:
控制拍照模块拍摄目标证据,生成目标证据对应的第一字符串文件;Control the photographing module to photograph the target evidence, and generate the first character string file corresponding to the target evidence;
其中第一字符串文件用于生成目标证据对应的第一目标取证文件,The first string file is used to generate the first target forensics file corresponding to the target evidence,
第一目标取证文件的文件类型为图片。The file type of the first target forensic file is a picture.
具体地,若取证方式为以拍照方式取证,则目标证据最终的存储形式为照片,照片属于非连续性文件。终端设备根据取证指令获取到取证方式为以拍照方式取证,调用自身的拍照模块拍摄目标证据,生成该目标证据对应的第一字符串文件。Specifically, if the evidence collection method is to obtain evidence by taking a photo, the final storage form of the target evidence is a photo, and the photo belongs to a discontinuous file. The terminal device obtains, according to the forensics instruction, that the forensics method is to take pictures for evidence, calls its own camera module to capture the target evidence, and generates a first character string file corresponding to the target evidence.
第一字符串文件用于生成文件类型为图片文件的第一目标取证文件。The first string file is used to generate a first target forensic file whose file type is a picture file.
在某些实施方案中,若取证方式为连续性取证中的以录像方式取证,则步骤S230A,具体包括:In some embodiments, if the evidence collection method is to obtain evidence by video recording in the continuous evidence collection, step S230A specifically includes:
控制摄像模块对目标证据进行录像,生成目标证据对应的第二字 符串文件,Control the camera module to record the target evidence, and generate the second string file corresponding to the target evidence,
其中第二字符串文件用于生成目标证据对应的第二目标取证文件,The second string file is used to generate the second target forensic file corresponding to the target evidence,
第二目标取证文件的文件类型为录像视频文件。The file type of the second target forensic file is a video file.
具体地,若取证方式为以录像方式取证,则目标证据最终的存储形式为录像视频,录像视频属于连续性文件。终端设备根据取证指令获取到取证方式为以录像方式取证,调用自身的摄像模块对目标证据进行录像,生成该目标证据对应的第二字符串文件。Specifically, if the evidence collection method is to obtain evidence by video recording, the final storage form of the target evidence is video recording, which is a continuous file. The terminal device obtains, according to the forensics instruction, that the forensics method is to obtain evidence by video recording, and calls its own camera module to record the target evidence, and generates a second character string file corresponding to the target evidence.
第二字符串文件用于生成文件类型为录像视频文件的第二目标取证文件。The second string file is used to generate a second target forensic file whose file type is a video file.
在某些实施方案中,若取证方式为连续性取证中的以录音方式取证,则步骤S230A,具体包括:In some embodiments, if the evidence collection method is to obtain evidence by recording in the continuous evidence collection, step S230A specifically includes:
控制录音模块对目标证据进行录音,生成目标证据的第三字符串文件,Control the recording module to record the target evidence, and generate the third string file of the target evidence,
其中第三字符串文件用于生成目标证据对应的第三目标取证文件,The third string file is used to generate the third target forensics file corresponding to the target evidence,
第三目标取证文件的文件类型为音频文件。The file type of the third target forensic file is an audio file.
具体地,若取证方式为以录音方式取证,则目标证据最终的存储形式为录音,录音属于连续性文件。终端设备根据取证指令获取到取证方式为以录音方式取证,调用自身的录音模块对目标证据进行录音,生成该目标证据对应的第三字符串文件。Specifically, if the evidence collection method is to obtain evidence by recording, the final storage form of the target evidence is recording, and the recording is a continuous file. The terminal device obtains according to the forensics instruction that the forensics method is to obtain evidence by recording, and calls its own recording module to record the target evidence, and generates a third string file corresponding to the target evidence.
第三字符串文件用于生成文件类型为音频文件或录音文件的第三目标取证文件。The third string file is used to generate a third target forensic file whose file type is an audio file or a recording file.
在某些实施方案中,若取证方式为连续性取证中的以录屏方式取证,则步骤S230A,具体包括:In some embodiments, if the forensics method is to obtain evidence by screen recording in the continuous forensics, step S230A specifically includes:
控制录屏模块对目标证据进行录制,生成目标证据的第四字符串文件,Control the screen recording module to record the target evidence, and generate the fourth string file of the target evidence,
其中第四字符串文件用于生成目标证据对应的第四目标取证文件,The fourth string file is used to generate the fourth target forensics file corresponding to the target evidence,
第四目标取证文件的文件类型为录屏文件,The file type of the fourth target forensic file is a screen recording file.
目标证据由终端设备本地产生。Target evidence is generated locally by the end device.
具体地,若取证方式为以录屏方式取证,则目标证据最终的存储形式为录屏,录屏属于连续性文件。终端设备根据取证指令获取到取证方式为以录屏方式取证,调用自身的录屏模块对目标证据进行录屏,生成该目标证据对应的第四字符串文件。Specifically, if the evidence collection method is to obtain evidence by means of screen recording, the final storage form of the target evidence is screen recording, and the recording screen belongs to a continuous file. The terminal device obtains, according to the forensics instruction, that the forensics method is to obtain evidence by screen recording, and invokes its own screen recording module to record the target evidence, and generates a fourth string file corresponding to the target evidence.
录屏的具体操作为:确定目标证据为录制对象;对目标证据的屏幕显示内容和音源进行录制以形成录屏文件。The specific operations of the screen recording are: determine the target evidence as the recording object; record the screen display content and audio source of the target evidence to form a screen recording file.
第四字符串文件用于生成文件类型为录屏文件的第四目标取证文件。The fourth string file is used to generate a fourth target forensic file whose file type is a screen recording file.
在某些实施方案中,若取证方式为非连续性取证中的以截屏方式取证,则步骤S230A,具体包括:In some embodiments, if the forensics method is to take screenshots in discontinuous forensics, step S230A specifically includes:
控制截屏模块对目标证据进行截屏,生成目标证据的第五字符串文件,Control the screenshot module to take screenshots of the target evidence, and generate the fifth string file of the target evidence,
其中第五字符串文件用于生成目标证据对应的第五目标取证文件,The fifth string file is used to generate the fifth target forensics file corresponding to the target evidence,
第五目标取证文件的文件类型为截屏文件,The file type of the fifth target forensic file is a screenshot file,
目标证据由终端设备本地产生。Target evidence is generated locally by the end device.
具体地,若取证方式为以截屏方式取证,则目标证据最终的存储形式为截屏,截屏属于非连续性文件。终端设备根据取证指令获取到取证方式为以截屏方式取证,调用自身的截屏模块对目标证据进行截屏,生成该目标证据对应的第五字符串文件。Specifically, if the evidence collection method is to obtain evidence by means of screenshots, the final storage form of the target evidence is screenshots, and the screenshots belong to discontinuous files. The terminal device obtains, according to the forensics instruction, that the forensics method is to take screenshots, and invokes its own screen capture module to take screenshots of the target evidence, and generates a fifth string file corresponding to the target evidence.
第五字符串文件用于生成文件类型为截屏文件的第五目标取证文件。The fifth string file is used to generate a fifth target forensic file whose file type is a screenshot file.
在某些实施方案中,若取证方式为连续性取证,步骤S300A,具体包括:In some embodiments, if the evidence collection method is continuous evidence collection, step S300A specifically includes:
采用直播推流技术,将目标证据对应的连续的子字符串文件和绑定的子取证参数实时地、以推流形式发送至服务器端;Using live streaming technology, the continuous substring file corresponding to the target evidence and the bound sub-forensic parameters are sent to the server in real-time and in the form of streaming;
目标证据对应的字符串文件包括连续获取的子字符串文件;以及The string file corresponding to the target evidence includes consecutively obtained substring files; and
子取证参数为获取对应的子字符串文件时的取证参数。Sub-forensics parameters are forensic parameters when obtaining the corresponding sub-string file.
具体地,若取证方式为连续性取证,则目标证据对应的目标取证 文件为连续性文件,例如视频、录屏和音频等。因此,终端设备通过连续性取证来采集目标证据是在一段时间内完成的。生成的字符串文件也是由每个采集时刻得到的子字符串文件组成的。在本实施例中,在每个采集时刻得到的子字符串文件和对应的子取证参数会由终端设备实时发送至服务器端。子取证参数包括采集时刻和/或采集时的地理位置信息。Specifically, if the forensics method is continuous forensics, the target forensics files corresponding to the target evidence are continuous files, such as video, screen recording, and audio. Therefore, the terminal equipment collects target evidence through continuous forensics within a period of time. The generated string file is also composed of substring files obtained at each acquisition moment. In this embodiment, the substring files and corresponding subforensic parameters obtained at each collection moment will be sent by the terminal device to the server in real time. The sub-forensics parameters include the time of collection and/or the geographic location information at the time of collection.
当然,本公开也可以在目标证据采集完成后将完成时刻作为取证时间信息,在未完成采集前,不发送子取证参数,只实时发送子字符串文件,在完成采集时,在最后的子字符串文件后面携带取证参数。Of course, the present disclosure can also use the completion time as the forensic time information after the target evidence collection is completed. Before the collection is not completed, the sub-forensic parameters are not sent, and only the sub-string file is sent in real time. When the collection is completed, the last sub-character The forensic parameters are carried after the string file.
因为取证方式为连续性取证时,目标证据对应的字符串文件是连续性流文件,为了让子字符串文件不存储于终端设备,防止用户篡改,因此需要将字符串文件中的子字符串文件实时的发送至服务器端。Because when the forensics method is continuous forensics, the string file corresponding to the target evidence is a continuous stream file. In order to prevent the substring file from being stored in the terminal device and prevent users from tampering, it is necessary to store the substring file in the string file. It is sent to the server in real time.
直播推流技术具体为将终端设备实时采集的录像、录音或录屏所对应的子字符串文件以推流的形式,从开始录制起,实时从终端设备发送至服务器端,直至取证结束。The live streaming technology specifically refers to the substring file corresponding to the video, audio or screen recording collected in real time by the terminal device in the form of push stream, from the start of recording, from the terminal device to the server in real time, until the end of forensics.
具体地,终端设备调用移动直播推流SDK,将录像或录音或录屏对应的字符串文件实时的传至服务器端。移动直播推流是移动直播服务,是直播服务再移动场景的延伸,可以将终端设备的录像或录音或录屏所得的数据通过推流的形式,传至服务器。Specifically, the terminal device calls the mobile live streaming SDK, and transmits the string file corresponding to the video or audio recording or screen recording to the server in real time. Mobile live streaming is a mobile live streaming service, which is an extension of the live streaming service and mobile scenarios. The data obtained from the video or audio recording or screen recording of the terminal device can be transmitted to the server in the form of streaming.
在某些实施方案中,取证参数包括采集目标证据时的取证时间信息和/或取证空间信息。In some embodiments, the forensic parameters include forensic time information and/or forensic space information when the target evidence is collected.
取证时间信息为采集目标证据的采集时刻或完成证据采集的完成时刻,取证空间信息为采集目标证据的地理位置信息。地理位置信息包括经纬度。The forensic time information is the collection time of collecting the target evidence or the completion time of completing the evidence collection, and the forensic space information is the geographic location information of the collected target evidence. The geographic location information includes latitude and longitude.
经纬度的获取方式为:用户通过终端设备在定位服务平台注册认证账号,并新建适用于Android系统或IOS系统的平台服务的应用,并获取相应的AppKey和AppSecret。The acquisition method of latitude and longitude is as follows: the user registers an authentication account on the location service platform through the terminal device, creates a new application for the platform service of the Android system or IOS system, and obtains the corresponding AppKey and AppSecret.
在采集目标证据时或完成目标证据采集后,终端设备利用AppKey和AppSecret调用定位服务平台的API,以从该定位服务平台获取经纬度。When collecting the target evidence or after completing the target evidence collection, the terminal device uses the AppKey and AppSecret to call the API of the location service platform to obtain the latitude and longitude from the location service platform.
在某些实施方案中,本公开提供了防篡改取证系统,该系统包括:In certain embodiments, the present disclosure provides a tamper-resistant forensic system comprising:
终端设备,用于接收取证指令,响应于取证指令采集目标证据,获取对应的字符串文件,以及获取采集目标证据时的取证参数,将目标证据对应的字符串文件与对应的取证参数绑定后发送至服务器端;以及The terminal device is used to receive the forensic instruction, collect the target evidence in response to the forensic instruction, obtain the corresponding string file, and obtain the forensics parameters when collecting the target evidence, and bind the string file corresponding to the target evidence with the corresponding forensics parameters. sent to the server; and
服务器端,用于接收终端设备发送的目标证据的字符串文件和取证参数,根据目标证据的字符串文件生成对应的目标取证文件,采用哈希算法,获取目标取证文件的哈希值,将目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。The server side is used to receive the string file and forensics parameters of the target evidence sent by the terminal device, generate the corresponding target forensics file according to the string file of the target evidence, use a hash algorithm to obtain the hash value of the target forensics file, and convert the target After the hash value of the evidence is bound to the forensic parameters, it is sent to the blockchain for on-chain evidence storage.
在某些实施方案中,本公开提供防篡改取证装置,应用于终端设备,该装置包括:In certain embodiments, the present disclosure provides a tamper-resistant forensic apparatus, applied to terminal equipment, comprising:
指令接收模块100A,用于接收取证指令;The instruction receiving module 100A is used to receive the forensic instruction;
字符串文件获取模块200A,用于响应于取证指令采集目标证据,获取目标证据对应的字符串文件;A string file acquisition module 200A, configured to collect target evidence in response to a forensics instruction, and obtain a string file corresponding to the target evidence;
参数获取模块300A,用于获取采集目标证据时的取证参数;以及A parameter acquisition module 300A, used to acquire forensic parameters when collecting target evidence; and
第一发送模块400A,用于将目标证据对应的字符串文件与对应的取证参数绑定后发送至服务器端。The first sending module 400A is configured to bind the character string file corresponding to the target evidence with the corresponding forensic parameters and send it to the server.
在某些实施方案中,本公开提供了防篡改取证装置,应用于服务器端,该装置包括:In certain embodiments, the present disclosure provides a tamper-resistant forensic device, applied to a server, comprising:
接收模块100B,用于接收终端设备发送的目标证据的字符串文件和对应的取证参数;The receiving module 100B is used to receive the character string file of the target evidence sent by the terminal device and the corresponding forensic parameters;
其中目标证据的字符串文件和取证参数,是终端设备接收取证指令,响应于取证指令,对目标证据进行采集获取到的;The string file and forensic parameters of the target evidence are obtained by the terminal device receiving the forensic instruction and collecting the target evidence in response to the forensic instruction;
取证文件生成模块200B,用于根据目标证据的字符串文件生成对应的目标取证文件;A forensic file generation module 200B, configured to generate a corresponding target forensic file according to the character string file of the target evidence;
计算模块300B,用于采用哈希算法,获取目标取证文件的哈希值;The calculation module 300B is used to obtain the hash value of the target forensic file by adopting a hash algorithm;
第二发送模块400B,用于将目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。The second sending module 400B is used to bind the hash value of the target evidence with the forensic parameters, and then send it to the blockchain to store the evidence on the chain.
图3为本公开一实施例提供的防篡改取证方法的时序图。参考图3,终端设备发起非持续性取证,以非持续性取证方式采集目标证据, 生成字符串文件。终端设备通过定位服务平台的经纬度接口向定位服务平台请求经纬度,定位服务平台通过经纬度接口向终端设备返回经纬度。终端设备整理取证证据,以将字符串文件、取证经纬度和取证时间发送至服务器端。服务器端接收字符串文件、取证经纬度和取证时间,根据字符串文件生成目标取证文件,获取目标取证文件的哈希值。服务器端将目标取证文件的哈希值、取证经纬度和取证时间发送至区块链上链存证。FIG. 3 is a sequence diagram of a tamper-proof forensics method provided by an embodiment of the present disclosure. Referring to FIG. 3 , the terminal device initiates non-persistent forensics, collects target evidence in a non-persistent forensics manner, and generates a string file. The terminal device requests the latitude and longitude from the location service platform through the latitude and longitude interface of the location service platform, and the location service platform returns the latitude and longitude to the terminal device through the latitude and longitude interface. The terminal device organizes the forensic evidence to send the string file, the forensic latitude and longitude, and the forensic time to the server. The server receives the string file, the forensic latitude and longitude, and the forensic time, generates the target forensic file according to the string file, and obtains the hash value of the target forensic file. The server sends the hash value, forensic latitude and longitude, and forensic time of the target forensic file to the blockchain for storage.
图4为本公开另一实施例提供的防篡改取证方法的时序图。参考图4,终端设备发起持续性取证,以持续性取证方式采集目标证据,实时生成子字符串文件,调用移动直播推流SDK,以推流形式实时发送子字符串文件至服务器端。终端设备在完成采集取证时,通过定位服务平台的经纬度接口向定位服务平台请求经纬度,定位服务平台通过经纬度接口向终端设备返回经纬度。终端设备在完成采集取证时还向服务器端发送取证完成指令。终端设备整理取证证据,获得取证经纬度和取证时间发送至服务器端。服务器端在接收到取证完成指令时,根据实时获取的子字符串文件得到字符串文件,根据字符串文件生成目标取证文件,获取目标取证文件的哈希值。同时服务器端获取取证经纬度和取证时间。服务器端将获取到的目标取证文件的哈希值、取证经纬度、取证时间发送至区块链上链存证。FIG. 4 is a sequence diagram of a tamper-proof forensics method provided by another embodiment of the present disclosure. Referring to Figure 4, the terminal device initiates continuous forensics, collects target evidence in continuous forensics, generates substring files in real time, calls the mobile live streaming SDK, and sends the substring files to the server in real time in the form of streaming. When the terminal device completes the collection and forensics, it requests the latitude and longitude from the location service platform through the latitude and longitude interface of the location service platform, and the location service platform returns the latitude and longitude to the terminal device through the latitude and longitude interface. The terminal device also sends a forensics completion instruction to the server when the forensics collection is completed. The terminal device organizes the forensic evidence, obtains the longitude, latitude and forensic time and sends it to the server. When the server side receives the forensics completion instruction, it obtains a string file according to the substring file obtained in real time, generates a target forensics file according to the string file, and obtains the hash value of the target forensics file. At the same time, the server obtains the forensic latitude and longitude and the forensic time. The server sends the obtained hash value of the target forensic file, forensic latitude and longitude, and forensic time to the blockchain for storage.
本公开的终端设备安装有移动端应用APP,实现利用终端设备的采集取证模块进行拍照、录像等取证,当用户完成拍照或录像时,证据文件并不在手机中存储,而是直接传至后台服务器,防止证据在手机中生成后,传至服务器之前被用户恶意篡改。同时,证据上传至后台服务器后,立刻将相应证据文件进行哈希上链存证。让证据从生成到上链存证过程中,防止被中途篡改。本公开防止证据在存储后被篡改,以实现保全证据、保证证据的真实性的效果。The terminal device of the present disclosure is installed with a mobile terminal application APP, which realizes the use of the collection and forensics module of the terminal device to collect evidence such as taking pictures and videos. When the user completes taking pictures or videos, the evidence files are not stored in the mobile phone, but are directly transmitted to the backend server. , to prevent malicious tampering by the user after the evidence is generated in the mobile phone and transmitted to the server. At the same time, after the evidence is uploaded to the backend server, the corresponding evidence file is immediately hashed and stored on the chain. Let the evidence be prevented from being tampered with during the process from generation to on-chain deposit. The present disclosure prevents evidence from being tampered with after being stored, so as to achieve the effect of preserving evidence and ensuring the authenticity of evidence.
在某些实施方案中,提供了电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现以下步骤:接收取证指令,响应于取证指令采集目标证据,获取目标证据对应的字符串文件,以及获取采集目标证据时的取证参 数,将目标证据对应的字符串文件和取证参数绑定后发送至服务器端。In certain embodiments, an electronic device is provided that includes a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor executing the computer program to perform the steps of: receiving a forensic instruction, responsive to forensic The instruction collects the target evidence, obtains the string file corresponding to the target evidence, and obtains the forensics parameters when collecting the target evidence, binds the string file corresponding to the target evidence and the forensics parameters and sends it to the server.
在某些实施方案中,本公开提供了电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现以下步骤:接收终端设备发送的目标证据的字符串文件和取证参数,根据目标证据的字符串文件生成对应的目标取证文件,采用哈希算法,获取目标取证文件的哈希值,将目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。In some embodiments, the present disclosure provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, where the processor implements the following steps when executing the computer program: receiving an information sent by a terminal device. The string file and forensics parameters of the target evidence, generate the corresponding target forensics file according to the string file of the target evidence, use the hash algorithm to obtain the hash value of the target forensics file, and bind the hash value of the target evidence to the forensics parameters After that, it is sent to the blockchain for on-chain deposit.
处理器执行计算机程序时还实现本公开的防篡改取证方法。When the processor executes the computer program, the tamper-proof forensic method of the present disclosure is also implemented.
在某些实施方案中,本公开提供了计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现以下步骤:接收取证指令,响应于取证指令采集目标证据,获取目标证据对应的字符串文件,以及获取采集目标证据时的取证参数,将目标证据对应的字符串文件和取证参数绑定后发送至服务器端。In certain embodiments, the present disclosure provides a computer-readable storage medium having a computer program stored thereon, and the computer program, when executed by a processor, implements the steps of: receiving a forensic instruction, acquiring target evidence in response to the forensic instruction, and acquiring target evidence The corresponding string file and the forensic parameters when collecting the target evidence are obtained, and the string file corresponding to the target evidence and the forensic parameters are bound and sent to the server.
在某些实施方案中,本公开提供了计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现以下步骤:接收终端设备发送的目标证据的字符串文件和取证参数,根据目标证据的字符串文件生成对应的目标取证文件,采用哈希算法,获取目标取证文件的哈希值,将目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。In some embodiments, the present disclosure provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the following steps: receiving a string file and forensic parameters of the target evidence sent by the terminal device, Generate the corresponding target forensic file according to the string file of the target evidence, use the hash algorithm to obtain the hash value of the target forensic file, bind the hash value of the target evidence with the forensic parameters, and send it to the blockchain for uploading. Evidence.
计算机程序被处理器执行时还实现本公开的防篡改取证方法。The computer program also implements the tamper-resistant forensic method of the present disclosure when executed by the processor.
需要说明的是,在本文中,诸如“第一”和“第二”等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个......”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同 要素。It should be noted that, in this document, relational terms such as "first" and "second" etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these There is no such actual relationship or sequence between entities or operations. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device that includes a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.
以上所述仅是本公开的具体实施方式,使本领域技术人员能够理解或实现本公开。对这些实施例的多种修改对本领域的技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本公开的精神或范围的情况下,在其它实施例中实现。因此,本公开将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above descriptions are only specific embodiments of the present disclosure, so that those skilled in the art can understand or implement the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the present disclosure. Therefore, the present disclosure is not to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (11)

  1. 防篡改取证方法,应用于终端设备,所述方法包括:A tamper-proof forensics method, applied to a terminal device, includes:
    接收取证指令;receive forensic instructions;
    响应于所述取证指令采集目标证据,获取所述目标证据对应的字符串文件,以及获取采集目标证据时的取证参数;以及collecting target evidence in response to the forensic instruction, obtaining a character string file corresponding to the target evidence, and obtaining forensic parameters when collecting the target evidence; and
    将所述目标证据对应的字符串文件和取证参数绑定后发送至服务器端。The string file corresponding to the target evidence and the forensic parameters are bound and sent to the server.
  2. 如权利要求1所述的方法,其中所述取证参数包括采集目标证据时的取证时间信息和/或取证空间信息。The method of claim 1, wherein the forensic parameters include forensic time information and/or forensic space information when the target evidence is collected.
  3. 如权利要求1或2所述的方法,其中所述响应于所述取证指令采集目标证据,获取所述目标证据对应的字符串文件包括:The method according to claim 1 or 2, wherein the acquiring target evidence in response to the forensic instruction, acquiring a character string file corresponding to the target evidence comprises:
    根据所述取证指令获取采集目标证据所采用的取证方式;Obtain the forensics method used to collect the target evidence according to the forensics instruction;
    根据所述取证方式确定待调用的取证采集模块;以及Determine the forensic collection module to be invoked according to the forensic method; and
    控制所述取证采集模块按照所述取证方式采集所述目标证据,生成所述目标证据对应的字符串文件;controlling the forensic collection module to collect the target evidence according to the forensics method, and generate a character string file corresponding to the target evidence;
    其中所述目标证据对应的字符串文件用于生成所述目标证据对应的目标取证文件,所述目标取证文件的文件类型与所述取证方式相关。The character string file corresponding to the target evidence is used to generate a target forensics file corresponding to the target evidence, and the file type of the target forensics file is related to the forensics method.
  4. 如权利要求3所述的方法,其中The method of claim 3, wherein
    若所述取证方式为非连续性取证中的以拍照方式取证,则所述控制所述取证采集模块按照所述取证方式采集所述目标证据,生成所述目标证据对应的字符串文件,包括:If the forensics method is to collect evidence by taking pictures in discontinuous forensics, the control of the forensics collection module to collect the target evidence according to the evidence collection method, and to generate a character string file corresponding to the target evidence, including:
    控制拍照模块拍摄所述目标证据,生成所述目标证据对应的第一字符串文件,Controlling the photographing module to photograph the target evidence, and generating a first character string file corresponding to the target evidence,
    其中所述第一字符串文件用于生成所述目标证据对应的第一目标取证文件,wherein the first character string file is used to generate the first target forensic file corresponding to the target evidence,
    所述第一目标取证文件的文件类型为图片;The file type of the first target forensic file is a picture;
    若所述取证方式为连续性取证中的以录像方式取证,则所述控制 所述取证采集模块按照所述取证方式采集所述目标证据,生成所述目标证据对应的字符串文件包括:If the forensics method is to collect evidence by video recording in the continuous evidence collection, then the control of the forensic collection module to collect the target evidence according to the evidence collection method, and generating the character string file corresponding to the target evidence includes:
    控制摄像模块对所述目标证据进行录像,生成所述目标证据对应的第二字符串文件,Controlling the camera module to record the target evidence, and generating a second character string file corresponding to the target evidence,
    其中所述第二字符串文件用于生成所述目标证据对应的第二目标取证文件,wherein the second string file is used to generate a second target forensic file corresponding to the target evidence,
    所述第二目标取证文件的文件类型为录像视频文件;The file type of the second target forensic file is a video recording file;
    若所述取证方式为连续性取证中的以录音方式取证,则所述控制所述取证采集模块按照所述取证方式采集所述目标证据,生成所述目标证据对应的字符串文件包括:If the forensic collection method is to collect evidence by recording in the continuous forensics collection, the control of the forensic collection module to collect the target evidence according to the evidence collection method, and the generation of the character string file corresponding to the target evidence includes:
    控制录音模块对所述目标证据进行录音,生成所述目标证据的第三字符串文件,Control the recording module to record the target evidence, and generate the third string file of the target evidence,
    其中所述第三字符串文件用于生成所述目标证据对应的第三目标取证文件,wherein the third string file is used to generate a third target forensics file corresponding to the target evidence,
    所述第三目标取证文件的文件类型为音频文件;The file type of the third target forensic file is an audio file;
    若所述取证方式为连续性取证中的以录屏方式取证,则所述控制所述取证采集模块按照所述取证方式采集所述目标证据,生成所述目标证据对应的字符串文件包括:If the forensics method is to obtain evidence by screen recording in continuous forensics, the control of the forensics collection module to collect the target evidence according to the evidence collection method, and the generation of a string file corresponding to the target evidence includes:
    控制录屏模块对所述目标证据进行录制,生成所述目标证据的第四字符串文件,controlling the screen recording module to record the target evidence, and generating a fourth string file of the target evidence,
    其中所述第四字符串文件用于生成所述目标证据对应的第四目标取证文件,The fourth character string file is used to generate a fourth target forensic file corresponding to the target evidence,
    所述第四目标取证文件的文件类型为录屏文件,The file type of the fourth target forensic file is a screen recording file,
    所述目标证据由所述终端设备产生。The target evidence is generated by the terminal device.
  5. 如权利要求1至4中任一权利要求所述的方法,其中A method as claimed in any one of claims 1 to 4, wherein
    若所述取证方式为连续性取证,所述将所述目标证据对应的字符串文件和取证参数绑定后发送至服务器端包括:If the forensics method is continuous forensics, the method of binding the string file corresponding to the target evidence and the forensics parameters and sending it to the server includes:
    采用直播推流技术,将所述目标证据对应的连续的子字符串文件和绑定的子取证参数实时地、以推流形式发送至服务器 端;Using live streaming technology, the continuous substring file corresponding to the target evidence and the bound sub-forensics parameters are sent to the server in real-time in the form of streaming;
    所述目标证据对应的字符串文件包括连续获取的子字符串文件;The character string file corresponding to the target evidence includes continuously acquired substring files;
    所述子取证参数为获取对应的子字符串文件时的取证参数。The sub-forensics parameters are forensic parameters when acquiring the corresponding substring file.
  6. 防篡改取证方法,应用于服务器端,所述方法包括:A tamper-proof forensics method, applied to the server side, includes:
    接收终端设备发送的目标证据的字符串文件和对应的取证参数;Receive the string file of the target evidence sent by the terminal device and the corresponding forensic parameters;
    根据所述目标证据的字符串文件生成对应的目标取证文件;Generate a corresponding target forensic file according to the string file of the target evidence;
    采用哈希算法,获取所述目标取证文件的哈希值;以及using a hash algorithm to obtain a hash value of the target forensic file; and
    将所述目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。After binding the hash value of the target evidence and the forensic parameters, it is sent to the blockchain for on-chain evidence storage.
  7. 防篡改取证系统,其包括:A tamper-resistant forensic system that includes:
    终端设备,用于接收取证指令,响应于所述取证指令采集目标证据,获取对应的字符串文件,以及获取采集目标证据时的取证参数,将所述目标证据对应的字符串文件与对应的取证参数绑定后发送至服务器端;以及The terminal device is used to receive a forensic instruction, collect target evidence in response to the forensic instruction, acquire a corresponding string file, and acquire forensic parameters when collecting the target evidence, and associate the string file corresponding to the target evidence with the corresponding forensics The parameters are bound and sent to the server; and
    所述服务器端,用于接收所述终端设备发送的目标证据的字符串文件和对应的取证参数,根据所述目标证据的字符串文件生成对应的目标取证文件,采用哈希算法,获取所述目标取证文件的哈希值,将所述目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。The server side is configured to receive the string file of the target evidence and the corresponding forensic parameters sent by the terminal device, generate the corresponding target forensics file according to the string file of the target evidence, and use a hash algorithm to obtain the The hash value of the target forensics file, after binding the hash value of the target evidence and the forensics parameters, send it to the blockchain for on-chain evidence storage.
  8. 防篡改取证装置,应用于终端设备,所述装置包括:A tamper-proof forensics device, applied to terminal equipment, the device includes:
    指令接收模块,用于接收取证指令;The instruction receiving module is used to receive the forensic instruction;
    字符串文件获取模块,用于响应于所述取证指令采集目标证据,获取所述目标证据对应的字符串文件;a string file acquisition module, configured to collect target evidence in response to the forensic instruction, and obtain a string file corresponding to the target evidence;
    参数获取模块,用于获取采集目标证据时的取证参数;以及A parameter acquisition module, used to acquire forensic parameters when collecting target evidence; and
    第一发送模块,用于将所述目标证据对应的字符串文件与对应的取证参数绑定后发送至服务器端。The first sending module is configured to bind the character string file corresponding to the target evidence with the corresponding forensic parameters and send it to the server.
  9. 防篡改取证装置,应用于服务器端,所述装置包括:A tamper-proof forensics device, applied to a server, the device includes:
    接收模块,用于接收终端设备发送的目标证据的字符串文件和对应的取证参数;The receiving module is used to receive the string file of the target evidence sent by the terminal device and the corresponding forensic parameters;
    取证文件生成模块,用于根据所述目标证据的字符串文件生成对应的目标取证文件;A forensics file generation module, used for generating a corresponding target forensics file according to the character string file of the target evidence;
    计算模块,用于采用哈希算法,获取所述目标取证文件的哈希值;以及A calculation module, used for adopting a hash algorithm to obtain the hash value of the target forensic file; and
    第二发送模块,用于将所述目标证据的哈希值和取证参数绑定后,发送至区块链进行上链存证。The second sending module is used to bind the hash value of the target evidence with the forensic parameters, and send it to the blockchain to store the evidence on the chain.
  10. 计算机可读存储介质,计算机可读存储介质上存储有计算机程序,其中所述计算机程序被处理器执行时,使得处理器执行权利要求1至6中任一权利要求所述的防篡改取证方法。A computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, wherein when the computer program is executed by the processor, the processor causes the processor to execute the tamper-proof forensics method according to any one of claims 1 to 6.
  11. 电子设备,其包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其中所述处理器执行程序时执行权利要求1至6中任一权利要求所述的防篡改取证方法。An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the tamper-resistant forensics described in any one of claims 1 to 6 when the processor executes the program method.
PCT/CN2020/141205 2020-12-23 2020-12-30 Tamperproof evidence obtaining method, system and apparatus, storage medium, and electronic device WO2022134160A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011539659.6 2020-12-23
CN202011539659.6A CN112632637A (en) 2020-12-23 2020-12-23 Tamper-proof evidence obtaining method, system, device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
WO2022134160A1 true WO2022134160A1 (en) 2022-06-30

Family

ID=75321657

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/141205 WO2022134160A1 (en) 2020-12-23 2020-12-30 Tamperproof evidence obtaining method, system and apparatus, storage medium, and electronic device

Country Status (2)

Country Link
CN (1) CN112632637A (en)
WO (1) WO2022134160A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117218745A (en) * 2023-11-07 2023-12-12 深圳市联特通讯有限公司 Evidence collection method based on recorder, terminal equipment and storage medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113722397B (en) * 2021-08-25 2022-05-13 南京审计大学 Electronic evidence collection system and method for big data audit
CN114155464B (en) * 2021-11-29 2022-11-25 北京中交兴路信息科技有限公司 Video data storage method and device, storage medium and terminal
CN114401271A (en) * 2022-01-13 2022-04-26 中国人民解放军国防科技大学 Test data tamper-proof method, block chain system and medium
CN117395474B (en) * 2023-12-12 2024-02-27 法序(厦门)信息科技有限公司 Locally stored tamper-resistant video evidence obtaining and storing method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351369A (en) * 2019-07-12 2019-10-18 北京联合信任技术服务有限公司 Electronic evidence security method and system
CN110414274A (en) * 2019-07-01 2019-11-05 北京联合信任技术服务有限公司 Electronic evidence security method and system
CN110516458A (en) * 2019-08-28 2019-11-29 腾讯科技(深圳)有限公司 Data processing method, device and computer equipment based on block chain technology
CN111475866A (en) * 2020-05-09 2020-07-31 南京工程学院 Block chain electronic evidence preservation method and system
CN112016897A (en) * 2020-08-29 2020-12-01 重庆市合川区公安局 Electronic data evidence obtaining system of intelligent terminal equipment and acquisition and uploading method thereof

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819777B (en) * 2017-11-17 2020-07-24 利姆斯(北京)区块链技术有限公司 Data evidence storing method and system based on block chain technology
CN113840012B (en) * 2018-12-13 2023-06-30 创新先进技术有限公司 Block chain-based screen recording evidence obtaining method and system and electronic equipment
CN110032880B (en) * 2018-12-13 2021-10-29 创新先进技术有限公司 Screen recording evidence obtaining method and system based on block chain and electronic equipment
CN109660356B (en) * 2018-12-18 2022-04-01 深圳前海微众银行股份有限公司 Data uplink method, device, equipment and computer readable storage medium
CN109714175A (en) * 2019-03-13 2019-05-03 国家电网有限公司 Deposit card method, evidence collecting method and deposit system
CN110535662B (en) * 2019-09-03 2022-05-31 浪潮云信息技术股份公司 Method and system for realizing user operation record based on block chain data certificate storage service
CN112085625A (en) * 2020-09-14 2020-12-15 深圳移动互联研究院有限公司 Evidence collection method and device based on block chain evidence storage, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414274A (en) * 2019-07-01 2019-11-05 北京联合信任技术服务有限公司 Electronic evidence security method and system
CN110351369A (en) * 2019-07-12 2019-10-18 北京联合信任技术服务有限公司 Electronic evidence security method and system
CN110516458A (en) * 2019-08-28 2019-11-29 腾讯科技(深圳)有限公司 Data processing method, device and computer equipment based on block chain technology
CN111475866A (en) * 2020-05-09 2020-07-31 南京工程学院 Block chain electronic evidence preservation method and system
CN112016897A (en) * 2020-08-29 2020-12-01 重庆市合川区公安局 Electronic data evidence obtaining system of intelligent terminal equipment and acquisition and uploading method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117218745A (en) * 2023-11-07 2023-12-12 深圳市联特通讯有限公司 Evidence collection method based on recorder, terminal equipment and storage medium
CN117218745B (en) * 2023-11-07 2024-02-02 深圳市联特通讯有限公司 Evidence collection method based on recorder, terminal equipment and storage medium

Also Published As

Publication number Publication date
CN112632637A (en) 2021-04-09

Similar Documents

Publication Publication Date Title
WO2022134160A1 (en) Tamperproof evidence obtaining method, system and apparatus, storage medium, and electronic device
US11797519B2 (en) Atomic capture of a set of related files, using a distributed ledger, for proof of authenticity
WO2021208952A1 (en) Block chain-based image data recording, obtaining and verifying
US11050690B2 (en) Method for providing recording and verification service for data received and transmitted by messenger service, and server using method
JP7055206B2 (en) Asset management systems, methods, equipment, and electronic devices
TWI754795B (en) Evidence collection method, system, device and computer equipment based on blockchain evidence
CN110958218B (en) Data transmission method based on multi-network communication and related equipment
JP2019526138A (en) System and method for identifying matching content
JP2019527444A (en) System and method for identifying matching content
EP2890089B1 (en) Sending files from one device to another device over a network
JP2021512380A (en) Asset management methods and equipment, as well as electronic devices
US9736251B1 (en) Capture and replay of RDP session packets
WO2016206209A1 (en) Request processing method and apparatus
JP2020503585A (en) Traversing the smart contract database through a logical map
CN110096370A (en) Control inversion component service model for virtual environment
CN110750497A (en) Data scheduling system
WO2021036583A1 (en) Blockchain-based clearing method, apparatus and device, and computer storage medium
JP6123893B2 (en) Information processing device, terminal device, information processing program, and information processing method
CN113220640B (en) Arbitration method and device based on block chain
US10977055B2 (en) Method and system creating and using sub-data confidence fabrics
US11294734B2 (en) Method and system optimizing the use of sub-data confidence fabrics
US11991286B2 (en) Systems and methods for using a non-fungible digital asset to facilitate accessing an access-restricted resource
JP7273007B2 (en) Authentication device, authentication method and authentication program
WO2016169241A1 (en) Method and device for searching private resource in computer apparatus
CN112714351A (en) Evidence obtaining method, evidence obtaining device and server

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20966722

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20966722

Country of ref document: EP

Kind code of ref document: A1