基于区块链的电子数据取证及自动化监测系统  

作　　者：许晓东 牛任恺 刘晶 张艳丽 刘继鹏 郭伟 XU Xiaodong;NIU Renkai;LIU Jing;ZHANG Yanli;LIU Jipeng;GUO Wei(Institute of Evidence Law and Forensic Science,China University of Political Science and Law,Beijing 100088,China;Measurement Center,State Grid Jibei Electric Power Co.,Ltd.,Beijing 100045,China)

机构地区：[1]中国政法大学证据科学研究院,北京100088 [2]国网冀北电力有限公司计量中心,北京100045

出　　处：《电子设计工程》2025年第5期65-69,74,共6页Electronic Design Engineering

摘　　要：随着互联网和数字技术的快速发展,电子数据的数量越来越多,电子数据取证已经成为一种更加高效、准确和便捷的取证方式,代替了传统取证方法。设计的基于区块链的电子数据取证及自动化监测系统,克服了传统方法无法实现动态取证,缺乏自动化监测机制的问题。电子数据动态取证模块由取证客户端与取证服务器端构成。在线存证模块分为证据存储与证据打包两个子模块,其核心业务是将系统产生的日志文件与用户取证以后上传的证据文件一起打包为证据包,存储在链下IPFS节点,构建出证据核心信息在区块链中存储。为了确保证据数据的隐私性与安全性,利用加密模块对证据包实施加密操作。在自动化监测模块中,设计数据采集卡,通过ReadDirectoryChangesW函数对采集数据实施过滤,实现电子数据的自动化监测模块。测试结果表明,设计系统既可以查询到注册表的改变,也可以查询到进程123.exe,通过自动化监测功能能够较好地跟踪外来入侵活动,对于不同实验案例的证据获取量均较高,能够实现动态取证。With the rapid development of the Internet and digital technology,the amount of electronic data is increasing.Electronic data forensics has become a more efficient,accurate,and convenient way of obtaining evidence,replacing traditional methods.Design an electronic data forensics and automated monitoring system based on blockchain to overcome the problems of traditional methods being unable to achieve dynamic forensics and lacking automated monitoring mechanisms.The electronic data dynamic forensics module consists of a forensics client and a forensics server.The online evidence storage module is divided into two sub modules:evidence storage and evidence packaging.Its core business is to package the log files generated by the system and the evidence files uploaded by users after obtaining evidence into evidence packages,which are stored in the off chain IPFS node to construct evidence core information for storage in the blockchain.To ensure the privacy and security of evidence data,encryption modules are used to encrypt evidence packets.In the automation monitoring module,design a data acquisition card and filter the collected data through the Read Directory ChangesW function to achieve the automation monitoring module of electronic data.The test results show that the designed system can not only query changes in the registry,but also process 123.exe.Through the automation monitoring function,it can track foreign intrusion activities well.The amount of evidence obtained for different experimental cases is relatively high,and dynamic evidence collection can be achieved.

关 键 词：区块链技术 取证服务器端 电子数据取证 数据采集卡 自动化监测 

分 类 号：TN98[电子电信—信息与通信工程]