座机电话内通话记录信息的提取与数据挖掘  

作　　者：任风凯 REN Fengkai(Shandong Provincial Direct-governed Binhai Public Security Bureau,Dongying 257100,Shandong,China)

机构地区：[1]山东省滨海公安局,山东东营257100

出　　处：《刑事技术》2023年第2期196-200,共5页Forensic Science and Technology

摘　　要：座机电话是目前电信网络犯罪中嫌疑人广泛使用的犯罪工具之一,因此座机电话内存储的通话记录信息对前期案件的分析研判及后期诉讼的证据链补充均有着重要作用。本文采用芯片取证的方法,提取分析了座机电话内存储的通话记录信息。在对座机电话进行拆解后,制作存储芯片的物理镜像,并使用Winhex软件提取镜像内通话记录数据,编写Python程序对原始数据进行梳理并展示,深度挖掘了潜在的通话规律、通话时长等信息。在涉网新型案件的侦查和取证过程中,要注意座机电话的取证和固定,在线索缺失或证据不充分的情况下,其中提取的信息将会为案件的侦办提供重要助力。Immobile phone is presently of less attention for electronic evidence collection because it is commonly thought to be no storage function,leaving it little significance for evidence obtainment.However,the fact is that not all immobile phones aren’t able to store information.For immobile phones equipped with storage chip,some valuable information(e.g.,calling details)can still be extracted from them.Actually,immobile phones are among the criminal tools widely utilized by culprits in current telecom network crime.Therefore,the relevant calling information recorded in the case-involved immobile phones will play an important role for the case to solve.Here,electronic forensics were carried out about extracting and analyzing the calling information recorded in storage chip of the case-involving immobile phone.From the disassembled immobile phone,the memory chip was taken out to have the physical image ghosted so that the calling information data were capable of being extracted out of the ghosted image with WinHex software.The program was written by Python to sort out and display the original data about the ghosted image,together with deep excavation into the potential calling rules,calling duration and other information.Consequently,immobile phone should not be ignored in investigation of telecom network crimes,and the Python program is indeed a good helper for extracting electronic evidential data out from immobile phone.

关 键 词：电信网络犯罪 座机电话 通话记录 信息挖掘 PYTHON 

分 类 号：DF793.2[政治法律—诉讼法学]