CN112596752A - Internet of things method and system for electronic evidence obtaining equipment - Google Patents
Internet of things method and system for electronic evidence obtaining equipment Download PDFInfo
- Publication number
- CN112596752A CN112596752A CN202011592365.XA CN202011592365A CN112596752A CN 112596752 A CN112596752 A CN 112596752A CN 202011592365 A CN202011592365 A CN 202011592365A CN 112596752 A CN112596752 A CN 112596752A
- Authority
- CN
- China
- Prior art keywords
- evidence obtaining
- software
- information
- main control
- control module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/18—Legal services; Handling legal documents
Abstract
The invention relates to a method and a system for realizing Internet of things of electronic evidence obtaining equipment, wherein the system comprises a client, a main control module and a plurality of evidence obtaining equipment; the evidence obtaining equipment is provided with a node module, and the node module collects evidence obtaining equipment information and evidence obtaining software list information, uploads the evidence obtaining equipment information and the evidence obtaining software list information to the main control module and registers the evidence obtaining equipment information and the evidence obtaining software list information; a case is created through a client, evidence obtaining software is selected, and then a docking instruction is sent to a main control module; the main control module sends a forensics instruction to the corresponding node module; the node module generates a unique case identifier according to the evidence obtaining instruction, obtains evidence, sends the generated evidence obtaining result information to the node module and then forwards the evidence obtaining result information to the main control module; and the main control module associates the case with the case according to the case unique identifier in the forensics result information. The case information acquisition system can integrate cases of all evidence obtaining devices, all cases are launched from the main control module, then the case information is pushed to the evidence obtaining devices until evidence obtaining results of all evidence obtaining devices are collected, and a closed loop of case creation, evidence obtaining, collection and filing is formed.
Description
Technical Field
The invention relates to the technical field of evidence obtaining, in particular to a method and a system for realizing internet of things of electronic evidence obtaining equipment.
Background
With the continuous development of computer and network technology in China, computers and networks become an indispensable part of people's lives at present, and cases related to computers and mobile phones and cases related to networks are increased gradually. In the face of more and more electronic data forensic cases, there will be more and more forensic needs and varieties. Most of the evidence obtaining processes do not have a unified standard at present, and each evidence obtaining software basically operates on one person, and part of evidence obtaining equipment can be highly customized, and the cost of developing is high, so that the evidence obtaining equipment can be butted with a professional case management system, and the evidence obtaining equipment management complexity and the evidence obtaining software use learning cost are increased.
In the traditional evidence obtaining mode, information such as case inspection materials needs to be repeatedly and manually input (evidence obtaining equipment is convenient to correspond to a case management system), and the proofreading cost is high. The data packet generated after the evidence collection analysis of the evidence collection equipment cannot be directly associated with the case management system, usually needs to be copied additionally and is low in degree of internet of things. Data are lack of correlation, databases cannot be compatible with each other, a data isolated island is formed, and an effective closed loop cannot be formed.
On one hand, the mode cannot be compared with a professional case management system, and on the other hand, the pureness of the evidence obtaining equipment is changed. Moreover, when a case needs the cooperative analysis of other evidence obtaining devices, the linkage can not be conveniently realized.
For a professional case management system, if evidence obtaining software needs to be connected, the evidence obtaining software needs to be developed in a large amount in a matching mode. Not only a communication mechanism with a case management system needs to be built, but also network connection management needs to be carried out, network connection must be ensured, and offline operation cannot be carried out.
Although the evidence-obtaining emphasis of the evidence-obtaining software is different, the evidence-obtaining emphasis of the evidence-obtaining software also has a plurality of common parts, such as case management, screen recording and video recording, and the like, at this time, a new mode is urgently needed to realize the common functions, so that the development cost is reduced, the evidence-obtaining software is concentrated on evidence-obtaining analysis, and resources are not wasted on case flow and management. Therefore, how to integrate evidence obtaining equipment and software and gather all case data and information makes the system more intelligent and more internet of things urgent.
Disclosure of Invention
In order to solve the problems, the invention provides a method and a system for realizing the internet of things of electronic evidence obtaining equipment.
The specific scheme is as follows:
an electronic evidence obtaining equipment internet-of-things method comprises the following steps:
s1: the node module is arranged on the evidence obtaining equipment and is in communication connection with the main control module, and acquires evidence obtaining equipment information and evidence obtaining software list information contained in the evidence obtaining equipment and uploads the evidence obtaining equipment information and the evidence obtaining software list information to the main control module;
s2: the main control module receives the evidence obtaining equipment information and the evidence obtaining software list information and registers the corresponding evidence obtaining equipment and the corresponding evidence obtaining software list into the main control module;
s3: creating a case through a client, checking a forensics software list registered in a main control module, selecting required forensics software in the forensics software list, and sending a docking instruction containing the selected forensics software to the main control module;
s4: after receiving the docking instruction, the main control module judges a node module where the evidence obtaining software contained in the docking instruction is located, and then sends an evidence obtaining instruction to the node module; the evidence obtaining instruction comprises an evidence obtaining software starting path, starting parameters and case information;
s5: after receiving the evidence obtaining instruction, the node module starts evidence obtaining software according to the evidence obtaining software starting path and the starting parameter in the node module;
s6: after the evidence obtaining software is started, extracting a case unique identifier according to case information in an evidence obtaining instruction, and storing the case information;
s7: the evidence obtaining software carries out evidence obtaining operation and sends the generated evidence obtaining result information containing the case unique identifier to the node module;
s8: the node module uploads the received evidence obtaining result information to the main control module;
s9: and the main control module associates the case with the case according to the case unique identifier in the forensics result information.
Further, the forensic device information includes hardware configuration of the forensic device, an installed operating system, and a software list and registry information in the operating system.
Furthermore, the collection method of the evidence obtaining software list is any one of the following two methods; the first one is: the evidence obtaining equipment screens evidence obtaining software from a software list contained in the evidence obtaining equipment information through keywords; the second method is as follows: and actively registering by the evidence obtaining software, and reporting the starting path and the starting parameters of the evidence obtaining software.
Further, the forensic software list information includes a software boot path, a software version number, boot parameters, and an automatically generated software unique identification ID of the forensic software.
Furthermore, after the dynamic library of the node module is loaded, the forensic software calls a corresponding interface to send the software boot path, the software version number and the boot parameters of the forensic software to the node module.
An electronic evidence obtaining equipment internet-of-things system comprises a client, a main control module and a plurality of evidence obtaining equipment, wherein the client, the main control module and the plurality of evidence obtaining equipment realize the steps of the method in the embodiment of the invention.
By adopting the technical scheme, the invention sets the linkage standard between the case management system and the evidence obtaining equipment, can realize linkage with a plurality of evidence obtaining equipment simultaneously, and also supports the butt joint of evidence obtaining equipment with different types and different types. When various commands and diversified case information are involved, cases and evidence obtaining data information can be quickly associated. The method can check the information of the evidence obtaining software, the hardware and system information of the evidence obtaining equipment and the online and offline state of the evidence obtaining equipment. The development cost of the evidence obtaining equipment and software is greatly reduced, and for the evidence obtaining equipment, only the protocol library needs to be loaded, and the network connection does not need to be managed by self. Interaction with the case management system is achieved only by calling an API. For use, the evidence obtaining equipment does not need to maintain a real-time online state. The loose coupling of the evidence obtaining equipment and case management is guaranteed, the analysis and management processes are independent from each other, and synchronization is only carried out when needed.
Drawings
FIG. 1 is a block diagram of a system according to an embodiment of the present invention.
FIG. 2 is a flow chart of a method according to an embodiment of the present invention.
Fig. 3 is a flowchart illustrating operations of the modules according to the embodiment of the present invention.
Detailed Description
The invention is further illustrated by the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the embodiments. Those skilled in the art will appreciate still other possible embodiments and advantages of the present invention with reference to these figures.
The invention will now be further described with reference to the accompanying drawings and detailed description.
The embodiment provides an electronic evidence obtaining device internet of things system, as shown in fig. 1, the system includes a client, a main control module and a plurality of evidence obtaining devices. The client can be a user computer, a mobile phone and the like, and the main control module can be a cloud server, a local server and the like. The evidence obtaining equipment is provided with a node module, the node module is in long connection with the main control module, and the evidence obtaining equipment comprises a plurality of evidence obtaining software.
The embodiment of the invention also provides an electronic evidence obtaining equipment internet of things method, based on the electronic evidence obtaining equipment internet of things system, as shown in fig. 2 and 3, the method comprises the following steps:
s1: the node module is arranged on the evidence obtaining equipment and is in communication connection with the main control module, and the node module collects evidence obtaining equipment information and evidence obtaining software list information contained in the evidence obtaining equipment and uploads the evidence obtaining equipment information and the evidence obtaining software list information to the main control module.
The forensic device information includes hardware configuration of the forensic device, an installed operating system, and software lists and registry information in the operating system. The hardware configuration of the evidence obtaining equipment comprises a CPU, a memory, a hard disk and hard disk partition information. The installed operating system includes an operating system installation time, version number, and name. The software list includes the software names, companies, installation locations, executable locations, version numbers, and installation times of all installed software.
The collection method of the evidence obtaining software list can be that the evidence obtaining equipment can automatically screen the evidence obtaining software from the software list contained in the evidence obtaining equipment information through keywords (software names or manufacturer information), and can also report the starting path and the starting parameters of the evidence obtaining software through the active registration of the evidence obtaining software.
The forensic software list information comprises a software boot path, a software version number, boot parameters and an automatically generated software unique Identification (ID) of the forensic software.
The forensic software needs to load a dynamic library of the node module first, and then calls a corresponding interface to send a software boot path, a software version number and boot parameters of the forensic software to the node module.
S2: and the main control module receives the evidence obtaining equipment information and the evidence obtaining software list information and registers the corresponding evidence obtaining equipment and the corresponding evidence obtaining software list into the main control module.
S3: the case is created through the client, the forensics software list registered in the main control module is checked, and after the forensics software needed in the forensics software list is selected, a butt joint instruction containing the selected forensics software is sent to the main control module.
The case information is generated after the case is created, and the case information comprises the unique case identifier and the case related information.
S4: after receiving the docking instruction, the main control module judges a node module where the evidence obtaining software contained in the docking instruction is located, and then sends an evidence obtaining instruction to the node module; the evidence obtaining instruction comprises an evidence obtaining software starting path, starting parameters and case information.
S5: and after receiving the evidence obtaining instruction, the node module starts evidence obtaining software according to the evidence obtaining software starting path and the starting parameters in the node module.
S6: and after the evidence obtaining software is started, extracting the unique case identifier according to the case information in the evidence obtaining instruction, and storing the case information.
It should be noted that when the case information is acquired after the forensic software is started, the forensic software determines itself when the case information is acquired, and acquires the issued case information through the API at a necessary moment (usually, when the software is just started).
S7: and the evidence obtaining software performs evidence obtaining operation and sends the generated evidence obtaining result information containing the case unique identifier to the node module.
The evidence obtaining result information also comprises an evidence obtaining analysis result and an evidence obtaining report, which support off-line temporary storage, when the network is not connected, the evidence obtaining information can be temporarily stored in the node module, and when the network is recovered, the evidence obtaining information can be automatically retransmitted or continuously transmitted to the main control module.
The evidence obtaining operation of the evidence obtaining software is the operation which is independently completed, the evidence obtaining process does not need to be attached to the node module, and the node module is connected to upload the evidence obtaining result information only when needed.
S8: and the node module uploads the received evidence obtaining result information to the main control module.
S9: and the main control module associates the case with the case according to the case unique identifier in the forensics result information.
The case information is pushed to the evidence obtaining equipment until the evidence obtaining results of all evidence obtaining equipment are collected, and a closed loop of case creation, evidence obtaining, collection and filing is formed.
The embodiment of the invention can be widely applied to the electronic data forensics industry, can quickly and effectively collect massive case information on different forensics equipment into a system, and has strong flexible expansibility. As long as the node module is arranged on the evidence obtaining equipment, evidence obtaining information can be recorded in the process of carrying out evidence obtaining off-line operation, and the evidence obtaining information is automatically uploaded to the main control module when appropriate, so that automatic management and overall planning of cases are realized.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. An electronic evidence obtaining equipment internet-of-things method is characterized by comprising the following steps:
s1: the node module is arranged on the evidence obtaining equipment and is in communication connection with the main control module, and acquires evidence obtaining equipment information and evidence obtaining software list information contained in the evidence obtaining equipment and uploads the evidence obtaining equipment information and the evidence obtaining software list information to the main control module;
s2: the main control module receives the evidence obtaining equipment information and the evidence obtaining software list information and registers the corresponding evidence obtaining equipment and the corresponding evidence obtaining software list into the main control module;
s3: creating a case through a client, checking a forensics software list registered in a main control module, selecting required forensics software in the forensics software list, and sending a docking instruction containing the selected forensics software to the main control module;
s4: after receiving the docking instruction, the main control module judges a node module where the evidence obtaining software contained in the docking instruction is located, and then sends an evidence obtaining instruction to the node module; the evidence obtaining instruction comprises an evidence obtaining software starting path, starting parameters and case information;
s5: after receiving the evidence obtaining instruction, the node module starts evidence obtaining software according to the evidence obtaining software starting path and the starting parameter in the node module;
s6: after the evidence obtaining software is started, extracting a case unique identifier according to case information in an evidence obtaining instruction, and storing the case information;
s7: the evidence obtaining software carries out evidence obtaining operation and sends the generated evidence obtaining result information containing the case unique identifier to the node module;
s8: the node module uploads the received evidence obtaining result information to the main control module;
s9: and the main control module associates the case with the case according to the case unique identifier in the forensics result information.
2. The method for the internet of things of electronic evidence obtaining equipment according to claim 1, wherein: the forensic device information includes hardware configuration of the forensic device, an installed operating system, and software lists and registry information in the operating system.
3. The method for the internet of things of electronic evidence obtaining equipment according to claim 1, wherein: the collection method of the evidence obtaining software list is any one of the following two methods; the first one is: the evidence obtaining equipment screens evidence obtaining software from a software list contained in the evidence obtaining equipment information through keywords; the second method is as follows: and actively registering by the evidence obtaining software, and reporting the starting path and the starting parameters of the evidence obtaining software.
4. The method for the internet of things of electronic evidence obtaining equipment according to claim 1, wherein: the forensic software list information comprises a software boot path, a software version number, boot parameters and an automatically generated software unique Identification (ID) of the forensic software.
5. The method of claim 4, wherein the method comprises: and after loading the dynamic library of the node module, the evidence obtaining software calls the corresponding interface to send the software starting path, the software version number and the starting parameter of the evidence obtaining software to the node module.
6. The utility model provides an equipment thing allies oneself with ization system of electronic evidence, its characterized in that: the method comprises a client, a main control module and a plurality of evidence obtaining devices, wherein the client, the main control module and the plurality of evidence obtaining devices realize the steps of the method as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011592365.XA CN112596752B (en) | 2020-12-29 | 2020-12-29 | Internet of things method and system for electronic evidence obtaining equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011592365.XA CN112596752B (en) | 2020-12-29 | 2020-12-29 | Internet of things method and system for electronic evidence obtaining equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112596752A true CN112596752A (en) | 2021-04-02 |
| CN112596752B CN112596752B (en) | 2022-07-15 |
Family
ID=75203329
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011592365.XA Active CN112596752B (en) | 2020-12-29 | 2020-12-29 | Internet of things method and system for electronic evidence obtaining equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112596752B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426710A (en) * | 2013-08-27 | 2015-03-18 | 高金铎 | Monitoring evidence obtaining method and system |
| CN108667835A (en) * | 2018-05-04 | 2018-10-16 | 法信公证云(厦门)科技有限公司 | A kind of control remote equipment carries out method, system and the storage medium of network forensics |
| US20180336350A1 (en) * | 2017-05-19 | 2018-11-22 | Trade-Van Information Services Co. | Program integrity monitoring and contingency management system and method |
| CN110782374A (en) * | 2019-10-28 | 2020-02-11 | 支付宝(杭州)信息技术有限公司 | Electronic evidence obtaining method and system based on block chain |
| CN112016897A (en) * | 2020-08-29 | 2020-12-01 | 重庆市合川区公安局 | Electronic data evidence obtaining system of intelligent terminal equipment and acquisition and uploading method thereof |
-
2020
- 2020-12-29 CN CN202011592365.XA patent/CN112596752B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426710A (en) * | 2013-08-27 | 2015-03-18 | 高金铎 | Monitoring evidence obtaining method and system |
| US20180336350A1 (en) * | 2017-05-19 | 2018-11-22 | Trade-Van Information Services Co. | Program integrity monitoring and contingency management system and method |
| CN108667835A (en) * | 2018-05-04 | 2018-10-16 | 法信公证云(厦门)科技有限公司 | A kind of control remote equipment carries out method, system and the storage medium of network forensics |
| CN110782374A (en) * | 2019-10-28 | 2020-02-11 | 支付宝(杭州)信息技术有限公司 | Electronic evidence obtaining method and system based on block chain |
| CN112016897A (en) * | 2020-08-29 | 2020-12-01 | 重庆市合川区公安局 | Electronic data evidence obtaining system of intelligent terminal equipment and acquisition and uploading method thereof |
Non-Patent Citations (1)
| Title |
|---|
| 范红: "数据取证设备一致性评价及标准体系研究", 《信息网络安全》, no. 9, 30 September 2014 (2014-09-30), pages 58 - 62 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112596752B (en) | 2022-07-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110493028A (en) | A kind of clustered deploy(ment) method, system, device and computer readable storage medium | |
| KR20070000467A (en) | Remote management and access of databases, services and devices associated with a mobile terminal | |
| KR20060136437A (en) | Remote management and access of databases, services and devices associated with a mobile terminal | |
| CN109547524B (en) | User behavior storage method, device, equipment and storage medium based on Internet of things | |
| CN107644075B (en) | Method and device for collecting page information | |
| GB2388757A (en) | Seamless multimedia communication between peer networked appliances | |
| CN116204438A (en) | Test case generation method, automatic test method and related device | |
| WO2017140154A1 (en) | Method and system for security information management based on intelligent platform | |
| CN110865981A (en) | File access method for mobile terminal and mobile terminal thereof | |
| CN107609197B (en) | A kind of method of data synchronization, data synchronization unit and mobile terminal | |
| CN112596752B (en) | Internet of things method and system for electronic evidence obtaining equipment | |
| CN115357198B (en) | Mounting method and device of storage volume, storage medium and electronic equipment | |
| CN110389886B (en) | Additional function testing method and device of main application program and storage medium | |
| CN107155167A (en) | Mobile terminal and its Bluetooth pairing name class processing method and storage device | |
| CN115102999B (en) | DevOps system, service providing method, storage medium and electronic device | |
| CN112685102B (en) | Gateway plug-in hot loading method, device, equipment and medium | |
| US11329891B2 (en) | Methods and apparatus for managing telecommunication system devices | |
| US8526940B1 (en) | Centralized rules repository for smart phone customer care | |
| KR20030096695A (en) | System of remote after service for wireless terminal | |
| CN106407320B (en) | File processing method, device and system | |
| JPH11345179A (en) | Method and system for managing data, constituent apparatus and recording media | |
| KR20070028960A (en) | Mobile communication terminal transmitting data and its operating method | |
| CN104780181A (en) | Method of displaying equipment in network and network equipment | |
| JP2014175699A (en) | Packet replay device and packet replay method | |
| CN117150169B (en) | Multi-browser UI automatic recording method, system, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |