[go: up one dir, main page]

CN114217690A - A training method for electronic data extraction based on virtual simulation technology - Google Patents

A training method for electronic data extraction based on virtual simulation technology Download PDF

Info

Publication number
CN114217690A
CN114217690A CN202111483062.9A CN202111483062A CN114217690A CN 114217690 A CN114217690 A CN 114217690A CN 202111483062 A CN202111483062 A CN 202111483062A CN 114217690 A CN114217690 A CN 114217690A
Authority
CN
China
Prior art keywords
electronic data
site
training
virtual
virtual simulation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111483062.9A
Other languages
Chinese (zh)
Inventor
王新猛
陈俊雹
杨一涛
翟春婕
吴育宝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Forest Police College
Original Assignee
Nanjing Forest Police College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Forest Police College filed Critical Nanjing Forest Police College
Priority to CN202111483062.9A priority Critical patent/CN114217690A/en
Publication of CN114217690A publication Critical patent/CN114217690A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/011Arrangements for interaction with the human body, e.g. for user immersion in virtual reality
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T19/00Manipulating 3D models or images for computer graphics
    • G06T19/006Mixed reality
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09BEDUCATIONAL OR DEMONSTRATION APPLIANCES; APPLIANCES FOR TEACHING, OR COMMUNICATING WITH, THE BLIND, DEAF OR MUTE; MODELS; PLANETARIA; GLOBES; MAPS; DIAGRAMS
    • G09B9/00Simulators for teaching or training purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Educational Administration (AREA)
  • Educational Technology (AREA)
  • Computer Graphics (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Electrically Operated Instructional Devices (AREA)

Abstract

The invention discloses a training method for electronic data extraction based on a virtual simulation technology, which carries out practical training on students through a virtual simulation platform, wherein the practical training comprises various links of case site investigation. The virtual simulation training content comprises electronic data field investigation, network security field law enforcement, network case investigation and deduction, computer evidence-obtaining technical experiments and law and regulation learning and assessment. In the training process, various tools in a tool box can be used for processing various electronic devices involved in a case in a virtual 3D scene, and a virtual machine can be used for simulating a real computer to obtain evidence of electronic data in the real computer. The operated material evidence information can be viewed in a menu bar of the virtual scene. The practical training comprises the following steps: the method comprises the steps of exploration preparation, on-site protection, on-site photographing, electronic data equipment searching, computer data extraction and fixation, mobile phone data extraction and fixation, wireless network extraction and fixation, filling in on-site exploration documents, electronic data equipment sealing and comprehensive drilling.

Description

Training method for electronic data extraction based on virtual simulation technology
Technical Field
The invention relates to a training method for electronic data extraction based on a virtual simulation technology, and belongs to the technical field of electronics.
Background
At present, the training of electronic data extraction mainly comprises that an operator extracts electronic data from a physical computer by configuring a real computer and installing an operating system to preset related case data. The method has high cost, high consumption, irreversibility and low utilization rate, can not be used for automatic evaluation and assessment, and can not meet the requirement of batch training.
The virtual simulation technology is applied to teaching training, so that the training cost is low, the consumption is low, the efficiency is high, the evaluation is automatically carried out, and the condition that multiple persons carry out simultaneously can be met.
The expression mode of the existing electronic data extraction virtual simulation training is that an operator performs skill and law enforcement standardized training in a virtual three-dimensional scene through a computer keyboard and a mouse, when the electronic data extraction training in a case-related computer is involved in a case-related piece and pit site field investigation scene, the electronic data extraction training is introduced only through animation, characters or voice, only the flow and technical specification of electronic data extraction are shown, and the capability of the operator for extracting the electronic data by actual operation cannot be trained.
Disclosure of Invention
The invention aims to provide a training method for electronic data extraction based on a virtual simulation technology, aiming at overcoming the defects of the prior art. The virtual simulation training content comprises electronic data field investigation, network security field law enforcement, network case investigation and deduction, computer evidence-obtaining technical experiments and law and regulation learning and assessment. In the training process, various tools in a tool box can be used for processing various electronic devices involved in a case in a virtual 3D scene, and a virtual machine can be used for simulating a real computer to obtain evidence of electronic data in the real computer. The operated material evidence information can be viewed in a menu bar of the virtual scene. The training steps comprise: the method comprises the steps of exploration preparation, on-site protection, on-site photographing, electronic data equipment searching, computer data extraction and fixation, mobile phone data extraction and fixation, wireless network extraction and fixation, filling in on-site exploration documents, electronic data equipment sealing and comprehensive drilling.
The technical scheme adopted by the invention for solving the technical problems is as follows: a training method for electronic data extraction based on a virtual simulation technology comprises the following steps:
step 1: and logging in the 3D virtual simulation platform.
Step 2: and (5) preparing for exploration. Various preparations are made before entering the 3D virtual site, including various electronic evidence obtaining devices, related documents and other articles.
And step 3: and (4) field protection. And after entering the site, all objects on the site are protected.
And 4, step 4: and taking a picture on site. And carrying out image and video acquisition on the original appearance of the case site.
And 5: electronic data device searching. The site is carefully searched to find the electronic data equipment.
Step 6: and extracting and fixing computer data, mobile phone data, wireless networks and the like. Electronic data devices include computers, mobile phones, servers, network devices, etc., and should operate differently for different devices.
And 7: filling in the field survey document. After all the devices on the case site are certified, the complete document should be filled in.
And 8: and sealing and storing the electronic data equipment. And (4) sealing all electronic data equipment before leaving the site.
And step 9: and (5) performing a comprehensive drilling link. Including forensics exercise question types of various conditions, and randomly drawing questions from the question bank for exercise.
Step 10: and exiting the virtual training platform and displaying the performance of the drill.
The links comprise an assessment mechanism, and whether the operation of the students is correct or not can be scored.
Has the advantages that:
1. the invention carries out practical training on students through the virtual simulation platform, and the practical training comprises various links of case site investigation. The virtual simulation training content comprises electronic data field investigation, network security field law enforcement, network case investigation and deduction, computer evidence-obtaining technical experiments and law and regulation learning and assessment.
2. The virtual simulation training method disclosed by the invention has the advantages that an operator can roam in a virtual three-dimensional scene in a virtual and real combination mode, the content of the virtual simulation training of the training method is completely covered, and the virtual simulation training method comprises electronic data field investigation, network security field law enforcement, network case investigation deduction, computer evidence obtaining technical experiment and law and regulation learning and assessment. Beneficial to the omnibearing cultivation of the exploration ability of students. The training method has rich details of the training process, can process various electronic devices involved in a case by using various tools in a tool box in a virtual 3D scene, and can simulate a real computer by using a virtual machine to obtain evidence of electronic data in the real computer. The operated material evidence information can be viewed in a menu bar of the virtual scene. Is beneficial to the cultivation of strict and serious habits of students in the process of evidence collection.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
FIG. 2 is a flow chart of the electronic data extraction training of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings.
As shown in fig. 1 and fig. 2, the present invention provides a training method for electronic data extraction based on virtual simulation technology, and the method includes:
step 1: and logging in the 3D virtual simulation platform. The student is required to enter a login name, which is a string N of alphanumeric symbols, and a password, which is a string P of alphanumeric symbols.
Step 2: and (5) preparing for exploration. Various preparations are made before entering the 3D virtual site, including various electronic evidence obtaining devices, related documents and other articles. Need toThe prepared articles are combined into a list a ═ a1,a2…an]Wherein a isiFor each particular item in the list. The verification process compares a to a criteria list b, b ═ b1,b2,…bn]Wherein b isiFor each item in the criteria list. The verification rule is that each element in a is proposed in turn and verified with each element in b, and if all elements in a are found, the verification is passed. The whole process of survey preparation is a visual presentation and appears in the form of multiple choice questions, and the options clicked by a mouse are stored in an a list.
And step 3: and (4) field protection. And after entering the site, all articles on the site are protected. In the field, the direction key is used for controlling the forward and backward, and the mouse is used for controlling the visual field direction. And selecting proper props to protect the objects needing to be protected. Suitable props are a list c ═ c1,c2…cn]The object to be protected is a list d ═ d1,d2…dn]The elements in c and the elements in d may form multiple combinations, represented as a dictionary (c)i:dj). The corresponding standard props and item lists are e and f, and form a plurality of dictionaries (e)i:fj). The whole process of on-site protection is realized in a 3D scene, a user is required to select props when interacting with objects in the scene, and when interaction occurs, the props and the objects are stored in a dictionary.
And 4, step 4: and taking a picture on site. And carrying out image and video acquisition on the original appearance of the case site. The shooting in the scene needs to select a proper prop (a camera or a video recorder), and g is [ g ]1,g2…gn]For the selected prop list, h ═ h1,h2…hn]The elements in g and h may form a dictionary mapping for the scene list that needs to be photographed. The specific verification process is the same as the third step.
And 5: electronic data device searching. And (4) interactively searching with an article in a 3D site, if F appears, pressing an F key to check, and judging whether the electronic data equipment is used. The verified item may also be stored in a list l ═ l1,l2…ln]The verification step is the same as the second step.
Step 6: and extracting and fixing computer data, mobile phone data, wireless networks and the like. Electronic data devices include computers, mobile phones, servers, network devices, etc., and should operate differently for different devices. The process enters an independent virtual machine, then various evidence obtaining operations can be carried out in the virtual machine, and evidence can be found and verified with answers by using various tools of the virtual machine.
And 7: filling in the field survey document. After all the devices on the case site are certified, the complete document should be filled in. Document validation occurs as a blank filling question.
And 8: and sealing and storing the electronic data equipment. And (4) sealing all electronic data equipment before leaving the site. The sealed article is the list generated in the step five, wherein l is [ l ═ l1,l2…ln]。
And step 9: and (5) performing a comprehensive drilling link. Including forensics exercise question types of various conditions, and randomly drawing questions from the question bank for exercise.
Step 10: and exiting the virtual training platform and displaying the performance of the drill. The answers in the above nine steps are weighted and summed to get the score. Students can view wrong answers in the system.
The method comprises the following steps of firstly, starting a computer, wherein the step six of carrying out electronic data extraction on the started computer in a computer crime scene specifically comprises the following steps: the method directly enters a virtual machine to simulate a real computer, and an operator carries out actual operation in the virtual machine so as to train the ability of the operator to extract electronic data by actual operation. The using method comprises the following steps:
step 6-1: the focus of the mouse is transplanted to a computer screen, and an F key in a keyboard is pressed to enter a virtual machine real operation interface.
Step 6-2: and after entering a virtual machine interface, carrying out electronic data extraction operation.
The power-on state is first checked. In the case of a boot, the following steps are followed:
1. extracting time information;
2. inserting a special U disk to run green screen recording software;
3. extracting screen information;
video + screenshot software
4. Fill in electronic data on-site extraction notes (electronic data extraction fixed list)
5. Memory data fetch
-open and unsaved document
-most recent chat history
User name and password
-clipboard information
6. System information extraction
-state of the storage medium: screenshot hard disk partition and capacity storage state
-operating system information: viewing computer attributes
-a running process: view task manager
-network link information: viewing network connections in a control panel
7. User information extraction
-a chat log in a running chat tool;
-an open web page;
8. data extraction with password protection
-an instant messaging tool: extracting related backup files by virtue of the Aliwang technology and the like;
9. electronic data fixing
-computing the integrity check value in situ, computing the hash value
Recording the file type, user name, password, source path, hash value of the data extraction in the dedicated U disk.
Filling in an electronic data field extraction bibliography 10 notes the source, the source and the destination of electronic data, objects, time, places, methods, processes and the like for extracting the electronic data. Electronic data extraction fixed List notes categories, file formats, integrity check values, etc
And simultaneously, relevant test questions need to be answered synchronously on the left side of the browser.
1. Start time of evidence collection
2. Whether to automatically acquire IP
Ipv4 Address
4. Default gateway
5. Total size of hard disk
6. Memory capacity
7. Type of computer processor
8. Value of password txt file md5 in recycle bin
9. And the found encrypted file cracks the password.
Hidden folder md5 value in D disc.
It should be understood that the above description of specific embodiments is not intended to limit the invention, and any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (3)

1.一种基于虚拟仿真技术的电子数据提取的训练方法,其特征在于,所述方法包括如下步骤:1. a training method based on the electronic data extraction of virtual simulation technology, is characterized in that, described method comprises the steps: 步骤1:登录3D虚拟仿真平台;Step 1: Log in to the 3D virtual simulation platform; 步骤2:勘查准备,做好进入3D虚拟现场之前的各种准备,包括各种电子取证设备及相关文书物品;Step 2: Preparing for investigation, making various preparations before entering the 3D virtual scene, including various electronic forensics equipment and related documents; 步骤3:现场保护,进入现场后对现场所有物体进行保护;Step 3: On-site protection, protect all objects on site after entering the site; 步骤4:现场拍照,对案件现场原貌进行图像与视频采集;Step 4: Take pictures on the spot, and collect images and videos of the original appearance of the case; 步骤5:电子数据设备搜查,对现场尽心仔细搜查,找到电子数据设备;Step 5: Search for electronic data equipment, search the scene carefully and find electronic data equipment; 步骤6:计算机数据、手机数据、无线网络的提取固定,电子数据设备包括计算机、手机、服务器、网络设备,应该对不同的设备进行不同的操作;Step 6: The extraction of computer data, mobile phone data, and wireless network is fixed. Electronic data devices include computers, mobile phones, servers, and network devices, and different operations should be performed on different devices; 步骤7:填写现场勘查文书,在对案件现场所有设备取证完场后,应该填写完整的文书;Step 7: Fill in the on-site investigation documents. After collecting evidence for all the equipment on the case site, you should fill in the complete documents; 步骤8:电子数据设备封存,离开现场前应对所有的电子数据设备进行封存操作;Step 8: Seal the electronic data equipment, and seal all the electronic data equipment before leaving the site; 步骤9:综合演练环节,包括各种情况的取证演练题型,从试题库随机抽题演练;Step 9: Comprehensive drills, including forensic drills in various situations, randomly selected from the test question bank for drills; 步骤10:退出虚拟实训平台并显示本次演练成绩。Step 10: Exit the virtual training platform and display the results of this exercise. 2.根据权利要求1所述的一种基于虚拟仿真技术的电子数据提取的训练方法,其特征在于,所述方法通过虚拟仿真平台对学生进行实训,实训包括案件现场勘察的各种环节,虚拟仿真实训的内容涵盖电子数据现场勘查、网络安全现场执法、网络案件侦查推演、计算机取证技术实验以及法律法规学习考核。2. a kind of training method based on the electronic data extraction of virtual simulation technology according to claim 1, is characterized in that, described method carries out practical training to students by virtual simulation platform, and practical training includes various links of case on-site investigation The content of virtual simulation training covers electronic data on-site investigation, network security on-site law enforcement, network case investigation and deduction, computer forensics technology experiments, and learning and assessment of laws and regulations. 3.根据权利要求1所述的一种基于虚拟仿真技术的电子数据提取的训练方法,其特征在于,所述步骤4包括:对案件现场原貌进行图像与视频采集,现场拍照需要选择相机或录像机,g=[g1,g2…gn]为所选择道具列表,h=[h1,h2…hn]为需要拍照的现场列表,g与h中各元素可以形成字典映射。3. a kind of training method based on the electronic data extraction of virtual simulation technology according to claim 1, is characterized in that, described step 4 comprises: carry out image and video collection to the original appearance of the case site, and need to select camera or video recorder for on-site photographing , g=[g 1 , g 2 ... g n ] is the list of selected props, h=[h 1 , h 2 ... h n ] is the list of scenes to be photographed, and each element in g and h can form a dictionary mapping.
CN202111483062.9A 2021-12-07 2021-12-07 A training method for electronic data extraction based on virtual simulation technology Pending CN114217690A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111483062.9A CN114217690A (en) 2021-12-07 2021-12-07 A training method for electronic data extraction based on virtual simulation technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111483062.9A CN114217690A (en) 2021-12-07 2021-12-07 A training method for electronic data extraction based on virtual simulation technology

Publications (1)

Publication Number Publication Date
CN114217690A true CN114217690A (en) 2022-03-22

Family

ID=80699919

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111483062.9A Pending CN114217690A (en) 2021-12-07 2021-12-07 A training method for electronic data extraction based on virtual simulation technology

Country Status (1)

Country Link
CN (1) CN114217690A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115526059A (en) * 2022-10-21 2022-12-27 滁州天邈电子科技有限公司 A custom method for field investigation simulation training
CN115985155A (en) * 2022-11-10 2023-04-18 滁州天邈电子科技有限公司 Logic simulation method for exploration simulation training

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108711031A (en) * 2018-04-13 2018-10-26 广州中国科学院软件应用技术研究所 A kind of intelligent terminal electron evidence library management training system and method
CN110910703A (en) * 2019-12-06 2020-03-24 广州高谱技术有限公司 Virtual simulation intelligent electrician wiring teaching training system
CN111312005A (en) * 2020-02-12 2020-06-19 博智安全科技股份有限公司 Electronic evidence obtaining practical training platform based on virtualization technology
CN113160635A (en) * 2020-12-29 2021-07-23 重庆三原色数码科技有限公司 Criminal investigation technology-based field investigation, operation and training assessment system and creation method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108711031A (en) * 2018-04-13 2018-10-26 广州中国科学院软件应用技术研究所 A kind of intelligent terminal electron evidence library management training system and method
CN110910703A (en) * 2019-12-06 2020-03-24 广州高谱技术有限公司 Virtual simulation intelligent electrician wiring teaching training system
CN111312005A (en) * 2020-02-12 2020-06-19 博智安全科技股份有限公司 Electronic evidence obtaining practical training platform based on virtualization technology
CN113160635A (en) * 2020-12-29 2021-07-23 重庆三原色数码科技有限公司 Criminal investigation technology-based field investigation, operation and training assessment system and creation method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
武鸿浩,金士礼: "基于增强现实技术的网络犯罪现场勘查实训设计", 《网络安全技术与应用》 *
裴煜: "虚拟现实技术在现场勘查实训教学中的应用思考", 《湖北警官学院学报》 *
黄间华,房汉平: "基于MR技术的犯罪现场勘查实训系统", 《实验技术与管理》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115526059A (en) * 2022-10-21 2022-12-27 滁州天邈电子科技有限公司 A custom method for field investigation simulation training
CN115526059B (en) * 2022-10-21 2025-06-24 滁州天邈电子科技有限公司 A customized method for field investigation simulation training
CN115985155A (en) * 2022-11-10 2023-04-18 滁州天邈电子科技有限公司 Logic simulation method for exploration simulation training

Similar Documents

Publication Publication Date Title
CN109803180B (en) Video preview generation method and device, computer equipment and storage medium
CN100507917C (en) Image processing apparatus, image processing method, and server and control method of the same
CN114217690A (en) A training method for electronic data extraction based on virtual simulation technology
WO2010139042A1 (en) Learning environment with user defined content
KR102183363B1 (en) Apparatus and Method for Searching Information using Augmented Reality and Mixed Reality
CN114339285B (en) Knowledge point processing method, video processing method, device and electronic equipment
EP2851890A1 (en) System and method for providing augmentation based learning content
CN117151949A (en) BIM technology-based channel engineering virtual training method and system
CN112002173A (en) Interactive aviation maintenance safety training simulation method and system
CN113052729B (en) Construction platform and method for mobile phone evidence obtaining capability verification sample
CN112286617A (en) Operation instruction method, device and electronic equipment
CN104881428A (en) Information graph extracting and retrieving method and device for information graph webpages
CN104731583A (en) Study scheme generation system and method based on numbering recording of exercises and knowledge points
CN109710221B (en) General simulation training system
TW200923860A (en) Interactive learning system
CN108021359B (en) Platform and method for providing application service, application providing method and application obtaining method
CN113920802A (en) Intelligent soil mechanics teaching system based on AR augmented reality technology
CN111312005A (en) Electronic evidence obtaining practical training platform based on virtualization technology
Conotter et al. A crowdsourced data set of edited images online
JP6672645B2 (en) Information terminal device and program
Zhuang Intelligent Classroom note-taking Application Software with higher performance
Turner et al. A story‐based simulation for teaching sampling distributions
KR102600770B1 (en) Open-source intelligence forensic system that generates link information between public source information and snapshot and method of operating the same
Lestari et al. Implementation of Quantum Simulation-Based Image Steganography in Mobile Applications and Website for Student Learning
CN118504941B (en) Multifunctional AI teaching experiment training method and platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220322

RJ01 Rejection of invention patent application after publication