臺灣數位犯罪及數位鑑識發展現況與未來趨勢——以「創新司法警察 IEK Model 智慧模型」為例

A Study on Current Situation and Future Trend of Cybercrime and Digital Forensics in Taiwan -Take the 'Innovative Judicial Police IEK Intelligence Model' as an Example

隨著網際網路技術（ICT）的提升，手機不再是傳統的通話功能，透過智慧型手機，可以使用通訊軟體互相聯絡（如LINE、Messenger、Wechat、Juiker）、上網瀏覽網頁與交易、儲存個人相關資訊數位記錄（如照片、記事等），如同行動電腦。手機帶來的便利性，成為有心人士的網路（數位）犯罪工具（如2016年5月中華郵政商城網路個資外洩案、2016年7月第一銀行ATM盜領案、2017年2月臺灣史上第一次券商集體遭DDoS攻擊勒索事件、2017年5月新型勒索病毒WannaCry重創臺灣、2017年6月全球多個國家遭受新一輪Petya勒索病毒攻擊、2017年10月遠東銀行SWIFT系統遭駭客入侵18億案、2016年網路詐欺事件、2017年智慧型手機詐欺等事件），智慧型手機如同行動電腦存在大量的電磁記錄（即數位證據），這些記錄是具備鑑識價值的數位證據。有鑑於此，傳統的鑑識設備與方法，將不足以蒐集手機裡的數位證據。對於數位證據的認知與理解、鑑識工具的選擇與使用，將是數位鑑識人員必需具備的主要專業知識與基本認知。內司法警察對於數位鑑識工作剛起步，對於數位證據採集方法、保全技術、工具軟體與所需技術亦有所欠缺，實有必要對此議題進行深入的研討；因此本文將針對我國『資通安全及數位證據鑑識能量』發展現況與未來趨勢加以研究，達到掌握我國資通安全與數位證據鑑識技術研發及建置重點，且有效整合現有資通安全與數位證據鑑識技術研發計畫與整體資源運用，提供政府與民間企業技術研發主管單位編列預算參考。對於資通安全及數位證據鑑識能量規劃之研究取向應以數位鑑識實驗室（含工具軟體）、數位證據鑑識標準作業程序及資安專業人才三個領域為重點，本文將先介紹我國數位證據鑑識能量之發展現況，接著再由數位鑑識實驗室設立、建構數位證據鑑識標準作業程序（DEFSOP）、及資安專業人才培育三個方向進行資料蒐集和深入研究與未來趨勢，最後即針對我國資通安全及數位證據鑑識能量提出結果及建議事項，並將以建立創新司法警察IEKModel智慧模型架構與芻議的參考依據。透過此三個方向的探討，對我國資通安全及數位證據鑑識能量提出改善建議及提昇整合「科技建警」與「偵防並重」之警政新策略（如數位鑑識科技能量、科技建警與偵防並重之警政新策略），並將確保數位證據之證據能力與證明力，且提昇其證據有效性與公信力。

With the upgrading of Internet technology, mobile phones are no longer traditional call features, through the smart phone, you can use communication software to contact each other (such as LINE, Messenger, Wechat, Juiker), Internet browsing and electronic trading, storage Personal information (such as SMS, photos, notes, etc.). The convenience of smartphones has become an Internet of people (digital) criminal tools, smart phones like mobile computers there are a lot of electromagnetic records (ie, digital evidence), these records are valuable evidence of the forensics science. In view of this, the traditional forensic equipment and methods, will not be enough to collect digital evidence in the mobile phones. For the recognition and understanding of digital evidence, the selection and use of forensic tools will be the main professional knowledge and basic knowledge that digital forensics must have. The domestic judicial police for the digital forensic work has just started, for the digital evidence collection methods, preservation technology, software tools and the required technology is also lacking, it is necessary to conduct in-depth discussion of this issue; Therefore, this article will be the cyber security and digital evidence forensics capability development status and future trends to be studied to achieve our grasp of security and digital evidence forensics technology research and development and focus on the integration of effective resources to provide government and private enterprise technology research and development units in charge of budget reference. For the study of capability, the cyber security and digital evidence forensics capability planning should be digital forensics laboratory (including software tools), digital evidence forensics standard operating procedures (DEFSOP) and security professionals in three areas as the focus, this paper will first introduce our digital evidence forensics capability (DEFSOP), and for cyber security and safety of resources and the development of a number of indicators, digital evidence to forensics the results of capability and recommendations, and will establish the innovative judicial police IEK intelligence model structure and the reference basis. Finally, through these three directions, we will make suggestions on improving the safety of our country's security and intelligence, and enhance the new strategy of integrating the 'science and technology police' and 'investigation and prevention', and will ensure the evidence ability of digital evidence and prove the effectiveness and enhance the effectiveness and credibility.