中文摘要：

为了提高计算机犯罪取证的准确性和效率,提出了基于风险评估的事件响应过程模型。首先对事件响应过程模型进行分析,指出该模型主要是针对被怀疑的网络系统进行取证的,并且该模型在取证准备阶段具有不完整性且分析过于笼统等不足。为此引入了风险评估方法来对网络系统进行综合的评价,通过利用信息熵来求得各风险因素的熵权,进而判断网络的风险等级,从而可以有效地确定可疑网络并且针对可疑网络进行数字取证。最后阐述了该模型在取证过程中涉及的相关技术。

英文摘要：

To improve the accuracy and efficiency of computer crime forensics,the incident response process model based on risk as-sessment is represented.Firstly,the incident response process model is analyzed,it is pointed out that the model is mainly in allusion to suspected network system for digital forensics,and is incomplete and lack of detailed analysis in the preparation phase.Then,the risk assessment method is proposed to evaluate the network system synthetically,by the use of information entropy to obtain the entropy weight of the risk factors,it determines the risk level of networks,which can identify and collect evidence of suspicious network effec-tively.Finally,the involved technologies in the process of digital forensics are illustrated.