Research on Establishing and Practice Verification of Digital Criminal Investigation Knowledge Engineering – Taking the Integration of DEFSOP, ISO27037 and 27041 as Examples

• Main Authors: WU, KUN-LIN, 吳昆霖
• Other Authors: CHAO, HAN-CHIEH
• Format: Others
• Language: zh-TW
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/handle/938m4k

碩士 === 國立宜蘭大學 === 多媒體網路通訊數位學習碩士在職專班 === 107 === The first ATM heist in Taiwan’s financial history occurred on July 9 to 11, 2016, more than NT$83.27 million was stolen from the First Bank’s 51 ATMs at 20 FCB branches in Taiwan. On February 8, 2017, a hacker group claiming to be the Armada Collective has duped more than 10 (out of 79 in Taiwan) brokerage firms into paying Bitcoins by sending them emails with fake threats of launching a DDoS attack. Among them, 13 brokerage firms were actually attack on their online brokerage system by DDoS and caused a short pause for around 30 minutes. The average transaction amount of the 13 brokerage firms in the first five trading days before the market opened in February 2006 was nearly NT$20.6 billion, accounting for about 30% of the daily trading volume of the stock market. Such cybercrime has caused a serious turmoil in the financial market, according to the statistic from Gemalto (an International Digital Security company, based in Amsterdam, provides software applications and personal security equipment services), the 3.35 billion items that hacked in the first half of 2018, up to 75% came from social networking sites, of which 2.2 billion were from Facebook and 340 million were Twitter. In addition, the Starwood Hotel, a subsidiary of Marriott International, was hacked by the information of 500 million tenants in the second half of the year, second only to Yahoo’s 3 billion in 2013. The data leakage incidents listed on Wikipedia, there are 4 cyber attacks in the top 20 in 2018. Besides, the amount of data leaked by the top 3 attacks is more than 100 million. This phenomenon has shown that hackers want to maximise the benefits of the attack and target sensitive content that does not have proper permissions, and use it as a tool for future crimes. With the continuous scientific and technological crimes and the uprising trend of organised crime, these have become non-traditional crime cases, for instance, intimidation (for money). Instead of using traditional crime tool, computer network and communication equipments have become storage facility for criminal evidence. When the police agencies investigating major crime cases, they often find the huge amount of data increases the difficulty of analysing. Furthermore, the hackers can crash Internet system in different ways, with the development of cryptocurrencies, cyber security has become a major issue for preventing being hacked in the future. It is obvious that the establishment of digital crime investigation is urgent. Therefore, this research is based on Prof. Ling, Yi-Long’s “Criminal Investigation Knowledge Engineering”, to implement Digital Evidence Identification Standard Operating Procedure (DEFSOP), ISO 27037 and ISO 27041, focusing on cybercrime, along with MDM questionnaire and collecting from scholars and practitioners, to establish digital crime investigation knowledge engineering prototype. Followed by verifying the feasibility of domestic major hacker invasion crimes with this prototype, to integrate all kinds of criminal information, filter crime habits and keep eyes on suspicious criminal or group. To provide a variety of crime trend analysis information, and use it as a reference for the decision-making of crime prevention.