在本研究中，我們提出了一套數位勘查模式，用以含括各類的數位鑑識活動，如電腦鑑識行為、手機鑑識行為與網路鑑識行為等等。此模式是由五個使命層所組成，分別為準備層、蒐存層、檢驗層、分析層以及示現層。每個使命層都具有各自不同的目標，而這些目標並不針對任何特定的科技而制定。

	本模式之特色在於其階層式之架構。各個使命層至少會包含一個以上的任務，並藉由這些任務達成各使命層設立的目標；每個任務至少都需要一個以上的程序、原則或導引，做為任務操作的參照。透過本模式建議之階層式架構，數位勘查活動的品質和效率便能夠被加以管理和控制。然而，更進一步的研究還是需要的；如此，數位鑑識程序的標準化才有可能達成。

In this paper, we proposed a digital investigation model which servers the diversity of digital forensic activities like computer forensic activities, GSM forensic activities, network forensic activities and so on. This model is composed of five mission layers, named as “Preparation Layer”, “Collection Layer”, “Examination Layer”, “Analysis Layer” and “Admissibility Layer” respectively. Each of these mission layers has its own objective and is independent of any technologies. 

	The significant feature of the proposed model is its hierarchical structure. Each phase layer will have one or more tasks which used to accomplish the goal of the mission the layer being responsible for. Every task needs one or more procedures, rules or guidelines to be well practiced. Through the hierarchical structure the model suggested, quality and effectiveness of digital investigation activities can then be managed and controlled. However, further research should be done in order to standardize digital forensic procedures.

第1章 前言	1
第1節 電腦鑑識	4
第2節 數位鑑識	7
第3節 數位證據	9
第2章 相關研究	11
第1節 國內相關研究	12
第2節 國外相關研究	22
第3節 國內外現況描述	40
第3章 數位勘查模式	42
第1節 勘查模式之分層	45
第2節 模式的階層式概念	51
第3節 勘查模式之程序	54
第4章 結論	62
參考文獻	63

圖 1-1 鑑識科學階層圖	8
圖 2-1電腦鑑識程序與流程I	14
圖 2-2電腦鑑識程序與流程II	15
圖 2-3 數位證據採證程序	16
圖 2-4 網路犯罪入侵案件現場重建流程圖	17
圖 2-5 駭客入侵案件線上蒐證流程圖	18
圖 2-6 電腦鑑識程序	19
圖 2-7 勘查程序模式	25
圖 2-8 勘查程序中的5個階段群組	34
圖 2-9 EIDIP模式的各個階段	37
圖 3-1 數位勘查模式	46
圖 3-2 階層式架構	52
圖 3-3 任務與方法的階層表現	53
圖 3-4 勘查程序	55

[1]	王旭正、柯宏叡、楊誠育，網站入侵安全的證據存留鑑識探討，中華民國資訊安全協會(CCISA)，2002
[2]	教育部國語推行委員會，成語典，國家語文資料庫，2005 (線上網址 http://140.111.34.46/chengyu/sort_pho.htm)
[3]	陳志誠、蔡旻峰，電腦犯罪案件偵查中數位證據蒐證、鑑識之建議標準作業程序，中央警察大學資訊管理研究所，2004
[4]	黃景彰、蘇清偉，網路犯罪入侵案件之數位證據蒐證研究，交通大學資訊管理學程碩士班，2002
[5]	鄭進興、吳豐乾，基植於Windows系統的電腦鑑識工具之研究，樹德科技大學資訊管理研究所，2004
[6]	鄭進興、林敬皇，基植於Linux系統的數位鑑識工具之研究，樹德科技大學資訊管理研究所，2004
[7]	鄭進興、林敬皇、沈志昌、林宜隆，電腦鑑識方法與程序之研究，台灣網際網路研討會，2003，台北
[8]	Venansius Baryamureeba, and Florence Tushabe, “The Enhanced Digital Investigation Process Model,” Proc. of 4th Annual Digital Forensic Research Workshop, MD, U.S.A., May 2004
[9]	Nicole Beebe, and Jan Clark, “A hierarchical, objectives-based framework for the digital investigations process,” Digital Investigation, Vol. 2, June 2005, pp.147-167
[10]	Brian Carrier, and Eugene Spafford, “Getting Physical with the Digital Investigation Process,” International Journal of Digital Evidence, Issue 2, Vol. 2, Fall 2003
[11]	Eoghan Casey, Digital Evidence and Computer Crime, Academic Press, 2000
[12]	Eoghan Casey, Digital Evidence and Computer Crime Second Edition, Academic Press, 2004
[13]	Dan Farmer, and Wietse Venema, Forensic Discovery, Addison Wesley Professional, 2004
[14]	Esther George, “Computer Misuse Act - the Trojan virus defence - Regina v Aaron Caffrey, Southwark Crown Court, 17 October 2003,” Digital Investigation, Vol. 1, June 2004, pp.89
[15]	Matthew Gerbera, and John Leeson, “Formalization of computer input and output - the Hadley model,” Digital Investigation, Vol. 1, September 2004, pp.214-224
[16]	Byrne Ghavalas, and Alan Philips, “Trojan defence: A forensic view part II,” Digital Investigation, Vol. 2, June 2005, pp.133-136
[17]	United Kingdom Association of Chief Police Officers, The Good Practices Guide for Computer Based Electronic Evidence, National High-tech Crime Unit (Available Online at http://www.acpo.police.uk/asp/policies/Data/gpg_computer_based_evidence_v3.pdf [visited 2 April 2006] )
[18]	Henry Lee, Timothy Palmbach, and Marilyn Miller, Henry Lee’s Crime Scene Handbook, Academic Press, 2001
[19]	Chester Maciag (editor), DFRWS 2004 Workshop Report and Findings, March 2006 (Available Online at  http://www.dfrws.org/2005/DFRWS2005FinalReport.pdf [visited 22 March 2006] )
[20]	Kevin Mandia, Chris Prosise, and Matt Pepe, Incident Response & Computer Foresics, McGraw-Hill, 2003
[21]	Séamus Ó Ciardhuáin, “An Extended Model of Cybercrime Investigations,” International Journal of Digital Evidence, Issue 1, Vol. 3, Summer 2004
[22]	Gary Palmer (editor), A Road Map for Digital Forensic Research: Report from the First Digital Forensic Workshop, August 2001 (Available Online at http://www.dfrws.org/2001/dfrws-rm-final.pdf [visited 16 February 2006] )
[23]	Lei Pan, and Lynn M Batten, “Reproducibility of Digital Evidence in Forensic Investigations,” Proc. of 5th Annual Digital Forensic Research Workshop, LA., U.S.A., August 2005
[24]	Mark Reith, Clint Carr, and Gregg Gunsch, “An Examination of Digital Forensic Models,” International Journal of Digital Evidence, Issue 3, Vol. 1, Fall 2002
[25]	Robert Rowlingson, “A Ten Step Process for Forensic Readiness,” International Journal of Digital Evidence, Issue 3, Vol. 2, Winter 2004
[26]	United States Department of Justice, Forensic Examination of Digital Evidence: A Guide for Law Enforcement, National Institute of Justice, NCJ 199408, April 2004 (Available Online at http://www.ncjrs.gov/pdffiles1/nij/199408.pdf [visited 2 April 2006] )
[27]	United States Department of Justice, Electronic Crime Scene Investigation: A Guide for First Responders, National Institute of Justice, NCJ 187736, July 2001  (Available Online at http://www.ncjrs.gov/pdffiles1/nij/187736.pdf [visited 2 April 2006] )