Digital Investigation covers a broad array of subjects related to crime and security throughout the computerized world. The primary pillar of this publication is digital evidence, with the core qualities of provenance, integrity and authenticity.This widely referenced publication promotes innovations and advances in utilizing digital evidence for legal purposes, including criminal justice, incident response, cybercrime analysis, cyber-risk management, civil and regulatory matters, and privacy protection. Relevant research areas include forensic science, computer science, data science, artificial intelligence, and smart technology.This journal is used by investigative agencies and forensic laboratories, computer security teams, practitioners, researchers, developers, and lawyers from industry, law enforcement, government, academia, and the military to share their knowledge and experiences, including current challenges and lessons learned in the following areas:Research and development: Novel research and development in forensic science, computer science, data science, and artificial intelligence applied to digital evidence and multimedia. New methods to deal with challenges in digital investigations, including applied research into analysing digital evidence and multimedia, exploiting specific technologies, and into preparing for and responding to computer security incidents.Cyber-criminal investigation: develop new methods of online investigation and analysis of financially motivated cyber-crime such as banking Trojans, phishing, ransomware and other forms of cyber-fraud. In addition, researching future criminal activity involving peer-to-peer payments and crypto currencies.Cyber-risk management: Improved ways of using digital evidence to address security breaches involving information systems, methods to find zero day attacks and to perform cyber threat intelligence. The techniques and findings of digital investigations are essential in drawing post-incident conclusions, which are vital feedback components of the security policy development process, and managing risk appetite.Case Notes: Brief investigative case studies with practical examples of how digital evidence is being used in digital investigations, forensic analysis, and incident response. Case Notes can also describe current challenges that practitioners are facing in cybercrime and computer security, highlighting areas that require further research, development or legislation. The format for Case Notes is simple and short: case background, any technical or legal challenges, the digital evidence involved, processes and/or tools used, and outcomes (e.g., solutions, barriers, need for R&D). Please check the following example for preferred Case Note format: https://www.sciencedirect.com/science/article/pii/S1742287618301713.Scientific practices: Novel approaches to strengthening the scientific foundation and rigor of digital investigations, and to increasing the reliability of and confidence in processes, analysis methods, results, and conclusions involving digital evidence.Effective practices: Studies that assess new practices in digital investigations and propose effective approaches to handling and processing digital evidence.Survey papers: Discussion of current methods and future needs relevant to digital investigations, including analysing digital evidence and multimedia from computers, smart technology, mobile phones, memory, malware, network traffic, as well as systems that support enterprises, telecommunications, and satellites. In addition, advanced approaches to analysing digital evidence and multimedia, including novel applications of artificial intelligence and data analytics.Application analysis: Novel approaches to analysing applications on mobile devices and computers from a digital forensic perspective. Analysis may include configuration and log data, network telemetry and cloud storage, live memory artifacts, and indications of compromised and abused applications. Proposed methods should go beyond a single version of an application and be generalized to multiple versions of an application, or a general category of applications (e.g. social networking), on multiple platforms (Android, iOS). In addition, strong work in this area will extend the functionality of an existing open source tool, or provide a new open source tool. Also of interest are approaches to performing validation and quality assurance of forensic software that must be updated frequently to support new applications. Such papers should be structured around investigative questions that are commonly encountered in digital investigations, concentrating on the users and their activities rather than only on technical elements.Tool reviews: Evaluation and comparison of specialized software and hardware used to preserve, survey, examine, analyse or present digital evidence and multimedia, deepening our understanding of specific tools, and highlight any needed enhancements.Future challenges: Analysis of new technologies, vulnerabilities and exploits which may create opportunities for criminality and/or computer security incidents, but which require further work in order to determine how their use can be investigated and the evidential opportunities they may create.Registered reports: Studies that assess methods critically, and evaluating the reliability, statistical power, and reproducibility of results. Such reports can include tests and experiments with negative results, not just positive.Legal analysis and updates: Carefully considered commentary by legal experts on recent cases involving digital evidence, forensic applications and computer security risk management, relevant legal developments, privacy issues, and legislative limitations.Evidence accessibility: exploring safe, fair, and feasible methods of acquiring digital evidence from protected sources such as DRM, encrypted traffic, encrypted storage, and locked proprietary devices, while taking individual privacy and ethical aspects into consideration.

數(shù)字調(diào)查涵蓋了全計(jì)算機(jī)世界與犯罪和安全有關(guān)的一系列廣泛主題。本出版物的主要支柱是數(shù)字證據(jù)，具有出處、完整性和真實(shí)性的核心品質(zhì)。這一廣泛引用的出版物促進(jìn)了將數(shù)字證據(jù)用于法律目的的創(chuàng)新和進(jìn)步，包括刑事司法、事件應(yīng)對(duì)、網(wǎng)絡(luò)犯罪分析、網(wǎng)絡(luò)風(fēng)險(xiǎn)管理、民事和監(jiān)管事務(wù)以及隱私保護(hù)。相關(guān)研究領(lǐng)域包括法醫(yī)學(xué)、計(jì)算機(jī)科學(xué)、數(shù)據(jù)科學(xué)、人工智能和智能技術(shù)。調(diào)查機(jī)構(gòu)和法醫(yī)實(shí)驗(yàn)室、計(jì)算機(jī)安全小組、從業(yè)者、研究人員、開發(fā)人員以及來自工業(yè)、執(zhí)法、政府、學(xué)術(shù)界和軍方的律師都使用本雜志來分享他們的知識(shí)和經(jīng)驗(yàn)，包括在以下領(lǐng)域中的當(dāng)前挑戰(zhàn)和經(jīng)驗(yàn)教訓(xùn)：研究與發(fā)展：法醫(yī)學(xué)、計(jì)算機(jī)科學(xué)、數(shù)據(jù)科學(xué)和人工智能領(lǐng)域的新研究與發(fā)展，應(yīng)用于數(shù)字證據(jù)和多媒體。應(yīng)對(duì)數(shù)字調(diào)查挑戰(zhàn)的新方法，包括分析數(shù)字證據(jù)和多媒體、利用特定技術(shù)以及準(zhǔn)備和應(yīng)對(duì)計(jì)算機(jī)安全事件的應(yīng)用研究。網(wǎng)絡(luò)犯罪調(diào)查：開發(fā)在線調(diào)查和分析金融動(dòng)機(jī)網(wǎng)絡(luò)犯罪的新方法，如銀行特洛伊木馬、網(wǎng)絡(luò)釣魚、勒索軟件和其他形式的網(wǎng)絡(luò)欺詐。此外，研究涉及對(duì)等支付和加密貨幣的未來犯罪活動(dòng)。網(wǎng)絡(luò)風(fēng)險(xiǎn)管理：改進(jìn)使用數(shù)字證據(jù)解決涉及信息系統(tǒng)的安全漏洞的方法、查找零日攻擊的方法和執(zhí)行網(wǎng)絡(luò)威脅情報(bào)。數(shù)字調(diào)查的技術(shù)和結(jié)果對(duì)于得出事故后的結(jié)論是至關(guān)重要的，這些結(jié)論是安全政策制定過程中至關(guān)重要的反饋組成部分，也是管理風(fēng)險(xiǎn)偏好的重要組成部分。案例說明：簡(jiǎn)要的調(diào)查案例研究，包括數(shù)字證據(jù)在數(shù)字調(diào)查、法醫(yī)分析和事件響應(yīng)中的應(yīng)用實(shí)例。案例說明還可以描述從業(yè)者在網(wǎng)絡(luò)犯罪和計(jì)算機(jī)安全方面面臨的當(dāng)前挑戰(zhàn)，突出需要進(jìn)一步研究、開發(fā)或立法的領(lǐng)域。案例記錄的格式簡(jiǎn)單而簡(jiǎn)短：案例背景、任何技術(shù)或法律挑戰(zhàn)、涉及的數(shù)字證據(jù)、使用的過程和/或工具以及結(jié)果（例如，解決方案、障礙、研發(fā)需求）。請(qǐng)檢查以下示例以了解首選案例說明格式：https://www.sciencedirect.com/science/article/pii/s1742287618301713。科學(xué)實(shí)踐：加強(qiáng)數(shù)字調(diào)查的科學(xué)基礎(chǔ)和嚴(yán)謹(jǐn)性的新方法，以及增加涉及數(shù)字證據(jù)的過程、分析方法、結(jié)果和結(jié)論的可靠性和信心。有效實(shí)踐：評(píng)估數(shù)字調(diào)查新實(shí)踐并提出處理和處理數(shù)字證據(jù)的有效方法的研究。調(diào)查論文：討論與數(shù)字調(diào)查相關(guān)的當(dāng)前方法和未來需求，包括從計(jì)算機(jī)、智能技術(shù)、手機(jī)、內(nèi)存、惡意軟件、網(wǎng)絡(luò)流量以及支持企業(yè)、電信和衛(wèi)星的系統(tǒng)分析數(shù)字證據(jù)和多媒體。此外，分析數(shù)字證據(jù)和多媒體的先進(jìn)方法，包括人工智能和數(shù)據(jù)分析的新應(yīng)用。應(yīng)用分析：從數(shù)字法醫(yī)學(xué)的角度分析移動(dòng)設(shè)備和計(jì)算機(jī)應(yīng)用的新方法。分析可能包括配置和日志數(shù)據(jù)、網(wǎng)絡(luò)遙測(cè)和云存儲(chǔ)、活動(dòng)內(nèi)存工件以及受損和濫用應(yīng)用程序的跡象。建議的方法應(yīng)該超越應(yīng)用程序的單一版本，推廣到多個(gè)平臺(tái)（Android、iOS）上的應(yīng)用程序的多個(gè)版本或應(yīng)用程序的一般類別（例如社交網(wǎng)絡(luò)）。此外，在這方面的強(qiáng)大工作將擴(kuò)展現(xiàn)有開源工具的功能，或提供新的開源工具。還有一些有趣的方法可以對(duì)法醫(yī)軟件進(jìn)行驗(yàn)證和質(zhì)量保證，這些方法必須經(jīng)常更新以支持新的應(yīng)用程序。此類論文應(yīng)圍繞數(shù)字調(diào)查中常見的調(diào)查性問題進(jìn)行組織，重點(diǎn)關(guān)注用戶及其活動(dòng)，而不僅僅是技術(shù)要素。工具審查：評(píng)估和比較用于保存、調(diào)查、檢查、分析或呈現(xiàn)數(shù)字證據(jù)和多媒體的專用軟件和硬件，加深我們對(duì)特定工具的理解，并強(qiáng)調(diào)任何必要的增強(qiáng)。未來的挑戰(zhàn)：分析新技術(shù)、漏洞和漏洞，這些新技術(shù)、漏洞和漏洞可能為犯罪和/或計(jì)算機(jī)安全事件創(chuàng)造機(jī)會(huì)，但需要進(jìn)一步的工作，以確定如何調(diào)查它們的使用以及它們可能創(chuàng)造的證據(jù)機(jī)會(huì)。注冊(cè)報(bào)告：對(duì)方法進(jìn)行批判性評(píng)估，并對(duì)結(jié)果的可靠性、統(tǒng)計(jì)能力和再現(xiàn)性進(jìn)行評(píng)估的研究。這樣的報(bào)告可以包括測(cè)試和實(shí)驗(yàn)結(jié)果都是陰性的，而不僅僅是陽性的。法律分析和更新：法律專家對(duì)最近涉及數(shù)字證據(jù)、法醫(yī)應(yīng)用和計(jì)算機(jī)安全風(fēng)險(xiǎn)管理、相關(guān)法律發(fā)展、隱私問題和立法限制的案件的評(píng)論進(jìn)行了仔細(xì)考慮。證據(jù)可訪問性：探索從受保護(hù)的來源（如DRM、加密流量、加密存儲(chǔ)和鎖定的專有設(shè)備）獲取數(shù)字證據(jù)的安全、公平和可行方法，同時(shí)考慮個(gè)人隱私和道德方面。