數(shù)字調(diào)查涵蓋了全計算機世界與犯罪和安全有關的一系列廣泛主題。本出版物的主要支柱是數(shù)字證據(jù)，具有出處、完整性和真實性的核心品質。這一廣泛引用的出版物促進了將數(shù)字證據(jù)用于法律目的的創(chuàng)新和進步，包括刑事司法、事件應對、網(wǎng)絡犯罪分析、網(wǎng)絡風險管理、民事和監(jiān)管事務以及隱私保護。相關研究領域包括法醫(yī)學、計算機科學、數(shù)據(jù)科學、人工智能和智能技術。調(diào)查機構和法醫(yī)實驗室、計算機安全小組、從業(yè)者、研究人員、開發(fā)人員以及來自工業(yè)、執(zhí)法、政府、學術界和軍方的律師都使用本雜志來分享他們的知識和經(jīng)驗，包括在以下領域中的當前挑戰(zhàn)和經(jīng)驗教訓：研究與發(fā)展：法醫(yī)學、計算機科學、數(shù)據(jù)科學和人工智能領域的新研究與發(fā)展，應用于數(shù)字證據(jù)和多媒體。應對數(shù)字調(diào)查挑戰(zhàn)的新方法，包括分析數(shù)字證據(jù)和多媒體、利用特定技術以及準備和應對計算機安全事件的應用研究。網(wǎng)絡犯罪調(diào)查：開發(fā)在線調(diào)查和分析金融動機網(wǎng)絡犯罪的新方法，如銀行特洛伊木馬、網(wǎng)絡釣魚、勒索軟件和其他形式的網(wǎng)絡欺詐。此外，研究涉及對等支付和加密貨幣的未來犯罪活動。網(wǎng)絡風險管理：改進使用數(shù)字證據(jù)解決涉及信息系統(tǒng)的安全漏洞的方法、查找零日攻擊的方法和執(zhí)行網(wǎng)絡威脅情報。數(shù)字調(diào)查的技術和結果對于得出事故后的結論是至關重要的，這些結論是安全政策制定過程中至關重要的反饋組成部分，也是管理風險偏好的重要組成部分。案例說明：簡要的調(diào)查案例研究，包括數(shù)字證據(jù)在數(shù)字調(diào)查、法醫(yī)分析和事件響應中的應用實例。案例說明還可以描述從業(yè)者在網(wǎng)絡犯罪和計算機安全方面面臨的當前挑戰(zhàn)，突出需要進一步研究、開發(fā)或立法的領域。案例記錄的格式簡單而簡短：案例背景、任何技術或法律挑戰(zhàn)、涉及的數(shù)字證據(jù)、使用的過程和/或工具以及結果（例如，解決方案、障礙、研發(fā)需求）。請檢查以下示例以了解首選案例說明格式：https://www.sciencedirect.com/science/article/pii/s1742287618301713。科學實踐：加強數(shù)字調(diào)查的科學基礎和嚴謹性的新方法，以及增加涉及數(shù)字證據(jù)的過程、分析方法、結果和結論的可靠性和信心。有效實踐：評估數(shù)字調(diào)查新實踐并提出處理和處理數(shù)字證據(jù)的有效方法的研究。調(diào)查論文：討論與數(shù)字調(diào)查相關的當前方法和未來需求，包括從計算機、智能技術、手機、內(nèi)存、惡意軟件、網(wǎng)絡流量以及支持企業(yè)、電信和衛(wèi)星的系統(tǒng)分析數(shù)字證據(jù)和多媒體。此外，分析數(shù)字證據(jù)和多媒體的先進方法，包括人工智能和數(shù)據(jù)分析的新應用。應用分析：從數(shù)字法醫(yī)學的角度分析移動設備和計算機應用的新方法。分析可能包括配置和日志數(shù)據(jù)、網(wǎng)絡遙測和云存儲、活動內(nèi)存工件以及受損和濫用應用程序的跡象。建議的方法應該超越應用程序的單一版本，推廣到多個平臺（Android、iOS）上的應用程序的多個版本或應用程序的一般類別（例如社交網(wǎng)絡）。此外，在這方面的強大工作將擴展現(xiàn)有開源工具的功能，或提供新的開源工具。還有一些有趣的方法可以對法醫(yī)軟件進行驗證和質量保證，這些方法必須經(jīng)常更新以支持新的應用程序。此類論文應圍繞數(shù)字調(diào)查中常見的調(diào)查性問題進行組織，重點關注用戶及其活動，而不僅僅是技術要素。工具審查：評估和比較用于保存、調(diào)查、檢查、分析或呈現(xiàn)數(shù)字證據(jù)和多媒體的專用軟件和硬件，加深我們對特定工具的理解，并強調(diào)任何必要的增強。未來的挑戰(zhàn)：分析新技術、漏洞和漏洞，這些新技術、漏洞和漏洞可能為犯罪和/或計算機安全事件創(chuàng)造機會，但需要進一步的工作，以確定如何調(diào)查它們的使用以及它們可能創(chuàng)造的證據(jù)機會。注冊報告：對方法進行批判性評估，并對結果的可靠性、統(tǒng)計能力和再現(xiàn)性進行評估的研究。這樣的報告可以包括測試和實驗結果都是陰性的，而不僅僅是陽性的。法律分析和更新：法律專家對最近涉及數(shù)字證據(jù)、法醫(yī)應用和計算機安全風險管理、相關法律發(fā)展、隱私問題和立法限制的案件的評論進行了仔細考慮。證據(jù)可訪問性：探索從受保護的來源（如DRM、加密流量、加密存儲和鎖定的專有設備）獲取數(shù)字證據(jù)的安全、公平和可行方法，同時考慮個人隱私和道德方面。

Digital Investigation covers a broad array of subjects related to crime and security throughout the computerized world. The primary pillar of this publication is digital evidence, with the core qualities of provenance, integrity and authenticity.This widely referenced publication promotes innovations and advances in utilizing digital evidence for legal purposes, including criminal justice, incident response, cybercrime analysis, cyber-risk management, civil and regulatory matters, and privacy protection. Relevant research areas include forensic science, computer science, data science, artificial intelligence, and smart technology.This journal is used by investigative agencies and forensic laboratories, computer security teams, practitioners, researchers, developers, and lawyers from industry, law enforcement, government, academia, and the military to share their knowledge and experiences, including current challenges and lessons learned in the following areas:Research and development: Novel research and development in forensic science, computer science, data science, and artificial intelligence applied to digital evidence and multimedia. New methods to deal with challenges in digital investigations, including applied research into analysing digital evidence and multimedia, exploiting specific technologies, and into preparing for and responding to computer security incidents.Cyber-criminal investigation: develop new methods of online investigation and analysis of financially motivated cyber-crime such as banking Trojans, phishing, ransomware and other forms of cyber-fraud. In addition, researching future criminal activity involving peer-to-peer payments and crypto currencies.Cyber-risk management: Improved ways of using digital evidence to address security breaches involving information systems, methods to find zero day attacks and to perform cyber threat intelligence. The techniques and findings of digital investigations are essential in drawing post-incident conclusions, which are vital feedback components of the security policy development process, and managing risk appetite.Case Notes: Brief investigative case studies with practical examples of how digital evidence is being used in digital investigations, forensic analysis, and incident response. Case Notes can also describe current challenges that practitioners are facing in cybercrime and computer security, highlighting areas that require further research, development or legislation. The format for Case Notes is simple and short: case background, any technical or legal challenges, the digital evidence involved, processes and/or tools used, and outcomes (e.g., solutions, barriers, need for R&D). Please check the following example for preferred Case Note format: https://www.sciencedirect.com/science/article/pii/S1742287618301713.Scientific practices: Novel approaches to strengthening the scientific foundation and rigor of digital investigations, and to increasing the reliability of and confidence in processes, analysis methods, results, and conclusions involving digital evidence.Effective practices: Studies that assess new practices in digital investigations and propose effective approaches to handling and processing digital evidence.Survey papers: Discussion of current methods and future needs relevant to digital investigations, including analysing digital evidence and multimedia from computers, smart technology, mobile phones, memory, malware, network traffic, as well as systems that support enterprises, telecommunications, and satellites. In addition, advanced approaches to analysing digital evidence and multimedia, including novel applications of artificial intelligence and data analytics.Application analysis: Novel approaches to analysing applications on mobile devices and computers from a digital forensic perspective. Analysis may include configuration and log data, network telemetry and cloud storage, live memory artifacts, and indications of compromised and abused applications. Proposed methods should go beyond a single version of an application and be generalized to multiple versions of an application, or a general category of applications (e.g. social networking), on multiple platforms (Android, iOS). In addition, strong work in this area will extend the functionality of an existing open source tool, or provide a new open source tool. Also of interest are approaches to performing validation and quality assurance of forensic software that must be updated frequently to support new applications. Such papers should be structured around investigative questions that are commonly encountered in digital investigations, concentrating on the users and their activities rather than only on technical elements.Tool reviews: Evaluation and comparison of specialized software and hardware used to preserve, survey, examine, analyse or present digital evidence and multimedia, deepening our understanding of specific tools, and highlight any needed enhancements.Future challenges: Analysis of new technologies, vulnerabilities and exploits which may create opportunities for criminality and/or computer security incidents, but which require further work in order to determine how their use can be investigated and the evidential opportunities they may create.Registered reports: Studies that assess methods critically, and evaluating the reliability, statistical power, and reproducibility of results. Such reports can include tests and experiments with negative results, not just positive.Legal analysis and updates: Carefully considered commentary by legal experts on recent cases involving digital evidence, forensic applications and computer security risk management, relevant legal developments, privacy issues, and legislative limitations.Evidence accessibility: exploring safe, fair, and feasible methods of acquiring digital evidence from protected sources such as DRM, encrypted traffic, encrypted storage, and locked proprietary devices, while taking individual privacy and ethical aspects into consideration.