Providing the reference for the enterprise decision-making.

第一天(7月17-18日) Day One(July. 17-18)
引言：7.18 拍牌網(wǎng)站被黑案件中電子物證發(fā)揮的關(guān)鍵作用
Introduction: the key role of electronic forensics in the case of the license website’s hacking on July 18th
一、 電子取證概述
The introduction of electronic forensics
1. 電子取證在歐美等國家的法律地位
The electronic forensics’ legal status in Europe and the United States.
2. 我國電子取證的法律地位演變，及各階段典型案例
The development of the legal status of our country’s electronic forensics and the typical case at each stage.
1) 電子物證的有效性的爭議
The effective disputes of electronic forensics
案例分享：華南虎案件
Case sharing: Southern China tiger case
2) 電子物證引起重視
Electronic forensics caused importance.
案例分享：熊貓燒香
Case sharing: Panda burns joss sticks
3) 通過電子物證破獲的案件
The case was carried out by electronic forensics
二、 基本的電子取證技術(shù)實踐操作（一）
The basic practical practice of electronic forensics technology (One)
1. 數(shù)據(jù)恢復(fù)理論
Data recovery theory
2. 互動：數(shù)據(jù)恢復(fù)基本技能實踐（敬請自帶U盤一個）
Interactive: the basic skills’ practice of data recovery ( please bring U plate)
3. 數(shù)據(jù)恢復(fù)在調(diào)查過程中的作用
Data recovery’s role in the process of investigation
4. 硬件和Raid中數(shù)據(jù)的恢復(fù)
The data recovery in hardware and raid
5. 電子現(xiàn)場保護的基本原則（結(jié)合數(shù)據(jù)恢復(fù)理論講解）
The basic principle of electronic site protection (combined data recovery theory to explain)
三、 電子物證在企業(yè)調(diào)查的表現(xiàn)形式
The electronic forensics’ performance form in enterprise investigation
1. 電子物證的種類及應(yīng)用案例
The types and application case of electronic forensics
1) 電子計算機
Electronic computer
2) 移動存儲設(shè)備
The mobile storage device
3) 智能手機（通過分析智能手機話單破案的案例）
Intelligent mobile phone (the crime case cleared up by analyzing the intelligent mobile phone’s bill)
4) 各類文檔（通過對office文檔進行分析而提供關(guān)鍵性證據(jù)的案例）
All kinds of documents (provide the crucial evidence case through analyzing office documents)
2. 現(xiàn)場中，電子物證的識別與運用
On site, the identification and application of electronic forensics.
3. 靈活選用被分析的電子物證，導(dǎo)致案件破獲的兩個案例
Flexibly chose the analyzed electronic forensics, two cases led to crack
四、 企業(yè)調(diào)查中電子現(xiàn)場的電子物證的固定
The electronic forensics fix on spot in enterprise investigation
1. 電子物證固定的基本理論
The basic theory of electronic forensics fix
1) 基本固定方法:Hash
The basic fix method: Hash
2) 本地數(shù)據(jù)固定方式
The fix method of local data
3) 遠程數(shù)據(jù)固定方式
The fix method of remote data
4) 特殊情況下的變通方案
The workaround under special circumstances
2. 電子取證：外包？還是自己做？各個方案的優(yōu)缺點
Electronic forensics: outsourcing? Or do it by yourself? The advantages and disadvantages of each program.
3. 互動：電子物證固定的實踐練習（Hash，及模擬現(xiàn)場練習，通過練習使學員對如何保護現(xiàn)場及易犯的錯誤有感性認識）
Interaction: the practical practice of electronic forensics fix (Hash and simulated filed practice, through practice, make the participants have perceptual knowledge on how to protect the field and easy mistake.
4. 電子取證的基本規(guī)則（不同于電子現(xiàn)場保護的基本原則，這里強調(diào)的是可重復(fù)性等原則）
The basic principle of electronic forensics ( different from the basic principle of electronic filed protection, here emphasize the repeatability principle)
5. 不同類型案件中現(xiàn)場保護的方法
The field protection method in different types of cases
1) 關(guān)機狀態(tài)下的靜態(tài)數(shù)據(jù)固定方法
The fix method of static data under the shutdown state
2) 開機狀態(tài)下的動態(tài)數(shù)據(jù)固定方法
The fix method of dynamic data under the on state
6. 電子物證固定的各種方法及優(yōu)缺點和適用情況
All kinds of method, the advantages & disadvantages and the application situation of electronic forensics fix.
五、 基本的電子取證技術(shù)在企業(yè)案件中的實踐操作（二）
The basic electronic forensics technology’s practical practice in enterprise case (Two)
1. 操作系統(tǒng)分析
The analysis of operation system
2. 密碼破解
Password cracking
互動：不同情況下，都能得到怎樣的最佳結(jié)果。
Interaction: under different situation, can get the best results.
3. 移動設(shè)備的分析
The analysis of mobile equipment

第二天(7月18日) Day Two(July.18)
六、 電子取證在企業(yè)案件中的運用
The electronic forensics’ application in enterprise case
1. 數(shù)據(jù)恢復(fù)技術(shù)在案件中的應(yīng)用，特別是一些特殊的數(shù)據(jù)恢復(fù)技術(shù)的應(yīng)用案例一個
The data recovery technology ’s application in the case, especially some special data recovery technology’s application
2. 分析操作系統(tǒng)所得的信息在案件中的使用
Analyze the information’s application in the case, which got from the operation system
1) 各類郵件分析
All kinds of mail analysis
2) 對注冊表的分析
The registry’s analysis
3) 對數(shù)據(jù)庫的分析（特別是各類公司內(nèi)部的物流和信息關(guān)系系統(tǒng)）
The data’s analysis (especially the internal logistic and information system of all kinds of company
4) 其他
Others
3. 計算機程序分析技術(shù)在案件中的應(yīng)用
The computer program analysis technology’s application in the case
1) 分析惡意軟件
Analyze the malicious software
2) 知識產(chǎn)權(quán)的保護
The protection of the intellectual property rights
3) 異樣程序的鑒別
The identification of unusual program
4. 移動設(shè)備的取證
The forensics of mobile equipment
1) 通訊錄、短信、通話記錄的提取和恢復(fù)
The extraction and recovery of address list, SMS and call records
2) 移動設(shè)備中其他數(shù)據(jù)的獲取和分析
Other data’s extraction and recovery in mobile equipment
3) 移動設(shè)備中各類應(yīng)用程序產(chǎn)生的數(shù)據(jù)的分析
The data analysis produced from all kinds of application in mobile equipment
5. 科學的災(zāi)難評估方法
The scientific disaster evaluation method
6. 互動：一個綜合案例
Interaction: a comprehensive case
七、 溝通、局限及解決方案
Communication, limit and solutions
1. 案件偵辦人員與專業(yè)技術(shù)人員的溝通方式和方法
The case personnel’s communication way and means with professional technical person
1) 初檢（/現(xiàn)場）中的溝通、交互以及技術(shù)方案的選擇
The communication, interaction and the choice of technology in initial inspection (on site)
2) 送檢時的溝通
The communication while submission
3) 各類特殊場合中的溝通
The communication in various special occasions
4) 詢問（面談）時，專技人員的參與方式及禁忌
While inquiry (interview), the participation way and taboo of technical persons.
5) 專技人員參與現(xiàn)場勘查情況下的溝通技巧
The technical persons’ communication skills under the field exploration
2. 電子取證理論的極限，以及如何讓理論極限為我所用，幫助我更好地取證
The limit of the electronic forensics, and how to make use of the theoretical limit to help me better get the evidence.
1) 電子取證技術(shù)的理論極限
The theory limit of electronic forensics
2) 各種電子取證技術(shù)的成本預(yù)判
The cost prediction of all kinds of electronic forensics
3) 即使是同類技術(shù)的成本判別
The cost prediction of even the similar technology
4) 如何把一個天馬行空的構(gòu)想轉(zhuǎn)化為可以實際操作的技術(shù)方案
How to turn a powerful and unconstrained idea into a practical operational technical program
3. 調(diào)查方案的確定要素
The confirmed elements of survey program
一般人在沒有接觸過電子取證之前，都存在輕視相關(guān)技術(shù)工作的傾向，提不出要求；在了解電子取證之后，甚至使用相關(guān)技術(shù)破案之后，又容易在以后的辦案過程中出現(xiàn)自我放大電子取證作用，提出各種不切實際的要求的傾向。如何防止這兩種極端的傾向。給辦案人員正確的電子取證的觀念，使其能夠恰如其分地使用電子取證技術(shù)，正確地預(yù)估辦案成本是這一節(jié)所要解決的問題。
Before people un-contact the electronic forensics, they look down on the related technical work, not to mention the re-quirements; after understanding the electronic forensics, even after the crack of the use of related technology, easy to appear self-amplified use of electronic forensics in the process of future case, have various kinds of unrealistic re-quirements. How to prevent the two extreme tendencies? Proving the correct concept of electronic forensics for the case personnel, and let them can make use of the electronic forensics, correctly estimate case cost is the problem which we need to solve.
八、 電子取證的一般流程概述
The general process introduction of electronic forensics
九、 網(wǎng)絡(luò)取證概述及案例
The concept of network forensics and case
1. 企業(yè)網(wǎng)絡(luò)中可能在證據(jù)源概述
The possible evidence introduction in enterprise network
2. 網(wǎng)絡(luò)取證的難點及相關(guān)法律問題
The difficulties of network forensics and related law issues
3. 網(wǎng)絡(luò)的獲取和分析概述
The extraction and analysis introduction of network
1) 獲�。ㄗグ�、日志提取等）
The extraction (capture, log extraction)
2) 獲取的證據(jù)的匯聚、關(guān)聯(lián)和分析方法
The collection, relation and analysis method of extracted evidence
4. 網(wǎng)絡(luò)取證的典型案例
The typical case of network forensics
十、 關(guān)于電子物證相關(guān)法律更新細則的分析與討論
The update regulations’ analysis and discussion on related law of electronic forensics
十一、 現(xiàn)場答疑及互動環(huán)節(jié)
Q&A and Networking Session