In today's new situation, the efficient crackdown on telecommunications network fraud and its derivative crimes is an important issue that the public security organs urgently need to solve. As a criminal activity widely carried out by means of communication systems and electronic equipment, electronic material evidence plays an important role in the fight against telecommunications network fraud and its derivative crimes. However, in the current electric fraud crackdown work of the public security organs, there are still many bottlenecks that seriously restrict the effectiveness of actual combat. How to further straighten out the inspection and appraisal system of electronic material evidence and crack the restrictive factors in the actual combat of electric fraud is a difficult problem that we urgently need to solve.

1. Status Quo of Electronic Material Evidence Work from the Perspective of Cracking down on Crime of Electronic Fraud

(I)-related actual work capacity is seriously lagging behind the business needs of the fraud crackdown.

With the continuous development of economy and society, electronic products play an increasingly important role in social life. Take mobile phones as an example. At the end of 2018, more than 1.3 billion smart phones were used nationwide. According to data released by the Ministry of Industry and Information Technology, China's smartphone production reached 0.576 billion units in the first half of 2022 alone.

At the same time, most non-contact crimes represented by electronic fraud are generally carried out with the help of electronic devices such as mobile phones and computers. In the early cases, the police usually seized only a few dozen computers and mobile phones at one time in the criminal dens of electric fraud or help letters. Today, more than 100 electronic devices have been seized. In July 2022, Nanjing Jiangbei New District Branch launched a centralized network collection of an electric fraud group in the "Su 'an" operation. In the dens in Jiangning District of Nanjing and Huli District of Xiamen, more than 500 computers, mobile phones and other crime tools were seized at the scene, and the initial investigation involved more than 0.1 billion yuan. Similar situations are common in the work of public security organs everywhere. According to data released by the Ministry of Public Security, a total of 464000 electric fraud cases were detected nationwide in 2022. The effective inspection and identification of a large number of electronic equipment and electronic physical evidence involved in the case has a very important practical significance for the investigation of the case.

However, according to the current situation of grass-roots public security organs, the ability and means of electronic material evidence inspection and identification are very limited. Taking Nanjing Municipal Bureau as an example, the inspection and appraisal of electronic material evidence is managed by the network security detachment. The detachment currently has nearly 100 policemen, while the electronic data inspection and appraisal brigade has only a few people. Compared with the huge task demand of hundreds of equipment involved in a single case, this is undoubtedly a great regret.

The structure of the (II)-related work team seriously restricts the effectiveness of the investigation and attack of electronic fraud.

At present, the public security organs have generally established professional departments for network security work. Even if some areas are undergoing or facing major ministries reforms, cyber security has always been an important part of criminal investigation work. Taking Nanjing Public Security Bureau as an example, the network security supervision department was established as early as September 2002. Especially in recent years, it has mainly focused on case investigation and network supervision to increase the establishment and personnel, which has gradually increased to more than 20 brigades. However, as an important support of the electronic evidence inspection and identification work, is still maintained in a brigade. The inspection and appraisal team has not been able to expand effectively. This similar situation should not be an isolated case.

Especially with the continuous changes in the criminal situation and the continuous improvement of litigation evidence requirements, the demand for electronic physical evidence inspection and identification work is getting higher and higher. Taking the Suzhou "11.29 Telecom Network Fraud Case" as an example, the public security organs arrested more than 530 suspects from 7 countries in Southeast Asia, and seized a large number of items involved in the case, such as bank cards, computers, mobile phones, and network platform servers, with a total value of nearly 0.1 billion yuan. In the process of arrest, the task force must immediately inspect the electronic material evidence carried by the suspect. Due to the serious imbalance between the inspection and appraisal team and the investigation force, the inspection and appraisal work has become a major constraint in the investigation process. The inspection and appraisal work obviously has the problem that the team structure is not compatible with the performance.

The special role of (III)-related basic work has not achieved the equivalent status it deserves.

The work related to electronic material evidence is an important means and basic support for the fight against crime of electric fraud. The final smooth litigation of the fraud case depends more on the standard collection of evidence and effective proof. In the current judicial environment, the completeness of the chain of evidence and the legitimacy of evidence are particularly important. However, in the current investigation and handling of network-related cases, we still generally have a tendency of "emphasizing investigation, neglecting identification, arresting, inspecting, emphasizing verbal confession, neglecting electronic physical evidence, emphasizing entity inspection, and neglecting procedural legality.

In particular, in the crackdown on electric fraud crimes, the procedures for extracting electronic material evidence are not standardized, there are less than 2 police officers in the inspection, and there are defects in the records of the inspection process and results. In the investigation of specific cases, the correlation between the relevant image information, communication information and the actual criminal suspect is also a key difficulty. When the case entered the proceedings, the above-mentioned problems led to the interruption of the evidence chain and the doubtful proof of the evidence. In June 2022, more than 80 persons involved in the case were arrested in an online prostitution fraud investigated by a branch of the Nanjing Municipal Bureau, and more than 160 mobile phones and more than 70 computers were seized. After continuing to dig deeper, more than 20 female anchors and other persons involved in the case were arrested again in the second half of the year. However, in the end, due to some reasons for the analysis and processing of some electronic equipment and electronic information, the identity of some "female anchors" and specific criminal facts have not been identified by the legal inspection authorities.

The reason for this kind of regret is, first of all, the lack of work force of the electronic material evidence inspection and appraisal unit. In actual work, it is limited to the timeliness and urgency of case investigation, and it is often tested in a hurry when the legal conditions are not met, thus laying hidden dangers for the legitimacy and probative force of evidence. Due to the electronic evidence inspection and identification team, the public security organs are a relatively closed and simple technical department. Its right to speak in the public security system is very limited, and it is indeed difficult to change this situation in a short time.

To sum up, the current public security organs have strong internal requirements for the development and progress of electronic material evidence inspection and identification work. However, its discourse status in the public security system is not enough to provide sufficient support for its efficient development.

2. the key issues of restricting the effectiveness of the fight against electronic fraud in the basic work of criminal investigation of electronic material evidence

Under the current background of big data, the related issues of the basic work of criminal investigation of electronic material evidence are very complicated. However, at the specific level of the crackdown on electric fraud, it can be summarized as three bottlenecks: incomplete access, incomplete testing, and unclear conclusions.

(I) the electronic physical evidence involved in the case cannot be fully obtained.

Limited by the establishment of the team, the public security organs in many areas lack sufficient inspection and identification of police. In the handling of electric fraud cases, it is often the police who undertake the task of investigation to complete the preliminary disposal and evidence extraction. Many front-line police are not familiar with the professional and technical standards of equipment extraction and on-site inspection. It is easy to cause problems such as incomplete collection of physical evidence and defects in evidence collection procedures, which makes subsequent inspection and identification and litigation evidence inherently deficient. In a help letter case investigated by a city bureau in 2021, investigators searched the suspect's unit and residence with a search warrant. The two items were also filled in the same seizure list, resulting in confusion between the computer involved and other computers not involved in the case, making it difficult to verify the true source of the electronic data. It was only after additional investigation that the prosecution was successful.

At the same time, in view of the current establishment conditions, it is not normal for professional and technical personnel to follow the front-line investigators to fight on the spot. In many cases, on-site inspections, investigators only focus on the collection of electronic storage devices. For electronic equipment in working condition, it is often simply and roughly to cut off the power supply and seize it on the spot. At the same time, there is no timely extraction of electronic evidence in cyberspace such as websites and online disks, or remote inspection. Eventually, there will be a large loss to the integrity of the chain of evidence.

In law enforcement practice, there is another situation that will also have a greater impact on the integrity of the evidence chain of electronic evidence. In the cross-border crackdown on electronic fraud crimes in Southeast Asia by Jiangsu public security organs, we deeply feel that overseas operations have brought many difficulties to the on-site inspection and evidence collection of electronic material evidence. In particular, local law enforcement officers tend to be involved in the higher value of electronic products as a personal "trophy". There are also great differences in our requirements for inspection and evidence collection in different countries and regions. In actual work, due to incomplete evidence collection and other reasons, the situation that cannot be effectively inspected and appraised can be said to be one of the bottlenecks that often plague us.

(II) access to electronic physical evidence cannot be processed efficiently

Judging from the actual situation at the grassroots level, most of the current inspection and appraisal work mainly relies on manual processing. Manual operation determines the processing efficiency is difficult to effectively improve. However, the inspection and appraisal tasks involved in the case have become increasingly onerous. In January 2022, after more than two months of investigation and control operations, the Nanjing Jiangbei New District Bureau finally collected the Internet in Shandong, Tianjin and other places, arrested more than 150 suspects suspected of online fraud at one time, and seized more than 500 criminal tools such as computers and mobile phones. According to statistics from the Nanjing Municipal Public Security Bureau, the Municipal Bureau's Inspection and Appraisal Brigade inspected more than 3500 electronic storage devices in 2016 alone, an increase of 50% over the same period in 2015. The number of inspection and appraisal records issued in 2018 increased by 60% compared with the same period last year. After 2020, the relevant data will have an unusually rapid increase. For a large number of telecommunications network fraud, the public security organs are indeed unable to draw sufficient inspection and identification police force to participate in the investigation. In the case of Nanjing, the scale is only for the inspection and identification of general cases and remote inspection work, and it is relatively common to form nearly hundreds of pages of written materials. The problem that the inspection and appraisal work is overwhelmed has seriously restricted the improvement of the efficiency of the investigation of electric fraud cases.

(III) test results are not easy to directly support litigation

In work practice, if electronic physical evidence records video, text information and other information that can directly reflect the objective facts of criminal activities, it is easier to directly understand and use for litigation participants. However, in many inspection practices, the relevant electronic physical evidence records information such as procedural documents, transaction records, and program software. For legal inspectors who are rich in legal literacy but may lack financial, computer and other professional and technical backgrounds, simple inspection and appraisal conclusions are not enough to make them fully understand criminal activities and evidence.

For the same evidence entity and legal provisions, different departments such as public security, procuratorate and law also have different understandings and requirements. Taking video data identification as an example, recent law enforcement practices have found that criminal suspects who help letters often use masks, helmets, hats, and sunglasses to cover up, and use the method of denying that they are criminals in the video to evade attacks. From the perspective of the public security organs, most investigators usually believe that the determined video data is clear and intuitive evidence. However, the legal inspection may think that, in addition to the positive standard image with higher definition, the identity of the video image and the natural person needs scientific and quantitative identification. This is especially true when the parties deny the identity of the video and the natural person. How to effectively communicate with different departments such as public security organs, procuratorates and courts, and then reach an effective consensus, is indeed a problem that is troubled at the practical level.

3. Countermeasures to Improve the Basic Work Ability of Electronic Evidence Criminal Investigation of Public Security Organs

In view of the above problems and bottlenecks, if you simply treat the headache and repair it, it will undoubtedly be improved. However, only by actively adapting to changes in the situation and seeking breakthroughs from the perspective of scientific development and innovative development is the best way to solve the problem.

Construction of (I) Traction Professional Team System with Top-level Design

In the current public security organs of the relevant work system, the status of electronic evidence inspection and identification team has been unable to meet the actual needs. If we want to break through the bottleneck of limited efficiency and low level, it seems that we should strive for funds and increase investment. But more important is to do a good job in the top-level design of team building. From the perspective of comprehensive drive and intensive development, reasonable team planning should be designed from a higher level.

Some construction mechanisms of public security organs in Zhejiang, Guangdong and other places are worth learning from. They actively participate in the construction of electronic material evidence discipline in public security colleges and universities, and constantly train inspection and identification technicians. At the same time, taking the ride of urban industrial upgrading and development and institutional reform of public security organs, we have set up professional departments in the municipal bureau of criminal affairs, network supervision and other units, expanded the establishment of the original inspection and appraisal units, and gradually built up the inspection and appraisal force of echelon configuration. Some of the decentralized inspection and identification of the establishment, personnel centralized integration, and thus play the effectiveness of the system, the same has been effective. In particular, some ministries and agencies have recently begun to form specialized teams such as anti-fraud detachments. We can take advantage of this to increase the corresponding establishment in the team, more directly and effectively support the fight against electric fraud.

(II) to streamline the mechanism to optimize the division of internal work functions.

For the internal mechanism of public security organs, it is also necessary to straighten out the distinction and integration of functional authority and professional direction. Among the relevant departments and units at different levels, it is necessary to effectively solidify the working mechanism of division of labor and cooperation, and further improve the actual efficiency of inspection and appraisal work.

Especially in the current lack of specialized teams such as the formed anti-fraud detachment, or the anti-fraud specialized team is not equipped with electronic physical evidence to test and identify the situation, it is very important to optimize the mechanism of internal functional collaboration. For example, the Nanjing Public Security Bureau adopted the unified coordination of the network security detachment, effectively integrated the work force, and established the district work brigade in each territorial branch. The working brigade in the district shall mainly undertake the investigation and handling of cases in conjunction with the local sub-bureaus. At the same time, special training methods are adopted, focusing mainly on strengthening on-site disposal and electronic evidence extraction. The detailed inspection and appraisal shall be the professional responsibility of the detachment appraisal brigade. We will improve the two-level inspection and coordination mechanism in urban areas, and when major cases are encountered, the detachment will coordinate the inspection and appraisal personnel to accompany the operation. This model should be in accordance with the principles of "clear responsibilities, strict docking, efficient operation, and unified coordination", which effectively improves the standardization and work efficiency of electronic material evidence inspection and identification. In the previous cross-border law enforcement practice of the Nanjing Municipal Bureau, the detachment specially sent additional inspection and appraisal technicians to participate in overseas operations. In particular, thousands of electronic data such as first-class card information and Skype chat records extracted in time at the scene have laid a solid foundation for supplementary evidence investigation and subsequent litigation. This model of synthetic warfare, accompanied by support, can be further solidified as a stabilization mechanism.

(III) to improve the efficiency of inspection and appraisal with technological progress

We need to further improve the technical level of inspection and identification, and use intelligent and institutionalized means to achieve breakthroughs in efficiency. A large number of manual work has always been inefficient, poor accuracy, and can not be widely carried out horizontal comparison problems. In order to comprehensively improve the electronic data extraction and analysis capabilities of smart mobile terminals such as mobile phones, the Nanjing Municipal Bureau's Network Security Detachment took the opportunity of building a national laboratory to focus on building a mobile phone forensics studio. Through the development of intelligent equipment, it has achieved good results in improving the work efficiency of mobile phone image analysis, chip extraction and data recovery.

With the development of science, the application of AI artificial intelligence technology undoubtedly provides us with an effective way to solve the problem. Taking video image inspection and identification as an example, the current algorithm of face recognition technology is relatively mature. The public security organs in Nanjing, Suzhou, Wuhan, Hangzhou and other places have carried out exploration and development. Wuhan Municipal Bureau has developed intelligent video image inspection and comparison tools such as "VCS video image acquisition summary comparison system" and "Jie Shang IV007 video intelligent processing system. Nanjing Public Security Bureau has also achieved certain results in the application of face recognition algorithms. The above-mentioned construction not only plays an important role in the fight against telecommunications network fraud, but also has achieved good results in the early epidemic flow. At present, some intelligent algorithms can already compare facial images of different angles and expressions with front standard images in batches intelligently. According to its existing technical standards, such as the combination of human behavior recognition technology, will greatly improve the non-format image data in the personnel identity batch comparison ability. We can achieve intelligent and efficient processing of electronic evidence inspection and identification by promoting police innovation and seizing technological opportunities.

(IV) Using Synthetic Operations to Promote Wisdom to Examine the Level of Actual Combat

While expanding the inspection and appraisal team as much as possible, we should pay attention to the combined operations of each line and post. Under the condition of guaranteed strength or in major cases, inspection and appraisal personnel can be organized at the right time to accompany the support and combined operations. Through professional and timely on-site inspection and disposal, lay a good foundation for the follow-up work.

Before the arrest of the electric fraud dens, it is necessary to take into account the search, seizure and evidence collection of on-site electronic material evidence in the action plan. In the field work, the relevant electronic equipment and media carriers should be treated as important exhibits at the beginning. When controlling the scene, priority should be given to searching to prevent suspects from destroying evidence. The inspection and appraisal personnel shall prepare for recording the connection status of field equipment, cloning of storage media, extraction of external equipment, extraction and transportation of electronic evidence in advance. Carefully search all devices that may store electronic data, such as computers, PDAs, mobile storage media, mobile phones, backup tapes, digital cameras, digital video cameras, digital voice recorders, smart cards, magnetic cards, etc. If there is a special storage medium in the field, but also pay attention to search the storage medium read and write equipment. At the same time, attention should also be paid to the discovery of small storage devices such as memory cards hidden by suspects at the scene. If a device that cannot be identified temporarily is found on site, pay attention to searching the instructions, software and supporting hardware related to the device. If you find special software running on your computer, you should search the instructions, software dogs, supporting CDs, supporting hardware and other external equipment related to the software. At the same time, we should also use technical means to search for unallocated space and file residual areas, and pay attention to the discovery of deleted valuable electronic documents.

In particular, it should be noted that the electronic equipment found should not be turned on or off at will. For important information such as user names, passwords, unlocking fingerprints, etc., it is also best to be able to make a sudden review on the spot and verify it in time. If the system is still in operation when the investigators arrive at the scene, they should extract the easily lost evidence in time. For example, time information, content displayed on the screen, system operating status, etc. If multiple programs are running on the system at the same time, the information displayed on the screen by each application must be photographed. If the case is urgent and you need to get important case clues from the computer immediately, or if shutting down the system will cause heavy losses, you can check the relevant information content in the system on site. At the same time, on-site online investigation shall be carried out according to the situation. The system can be shut down and follow-up work can only be carried out after the data is effectively extracted.

In practice, we have found that we should also pay attention to searching notebooks, notes and other items used by suspects or nearby. Suspects may be used to record account numbers, passwords, contacts and other related information. Another very important rule is that the destruction of other physical evidence on the equipment in question should be avoided as much as possible. Traditional evidence such as fingerprints, hair, fibers, or the possible presence of suspect DNA. In the case of a gang letter cracked by the Nanjing Xuanwu Branch, it was through the fingerprint and DNA evidence of a suspect extracted from several mobile phones involved in the case that the suspect denied that he was the principal offender of the gang.

(V) to Regulate Law Enforcement to Ensure Legal Validity of Electronic Evidence

With the deepening of the concept of the rule of law centered on trial, the demand for the legitimacy of evidence in China's legal practice is getting higher and higher. As a special evidence carrier, electronic material evidence needs to pay special attention to the dialectical relationship between its legitimacy and probative force. Therefore, in the relevant inspection and appraisal work, we should strictly follow the requirements of standardized law enforcement. In December 2018, the Ministry of Public Security issued the Rules for Public Security Organs to Obtain Electronic Data in Criminal Cases. This document, as a specialized special provision, provides us with an authoritative basis for our work. In practice, we should pay special attention to the following issues. The first is the collection, extraction and inspection of electronic evidence, which should be carried out by two or more investigators. When necessary, professional and technical personnel may be assigned or hired to conduct the investigation under the auspices of investigators. The relevant legal procedures for extraction, seizure and inspection, the signature or seal of the holder (provider) and the witness shall strictly comply with the legal procedures.

Electronic data, storage media and electronic equipment used as evidence shall be fixed or sealed at the site. For storage media, the time of acquisition, the name of the person and the model of the equipment shall be indicated on the label, and shall be packaged with anti-static, waterproof and impact-proof packaging media and sealed on site. Electronic evidence that is not effectively sealed, once its legitimacy is questioned, it loses its basis as original evidence. The sealing method used should ensure that the sealed storage medium cannot be used and the sealed electronic device cannot be activated without releasing the sealed state. Before and after sealing, photos shall be taken and a List of Sealed Electronic Evidence shall be made. Photos should reflect the situation before and after sealing from all angles, and clearly reflect the state of the seal or seal. At the same time, the principle of separation of investigators and inspection and appraisal personnel should be followed to ensure that the inspection and appraisal has sufficient procedural legitimacy.

(VI) to actively communicate the case-handling process of the linkage procuratorial organs

Compared with the public security organs, the division of labor in the procuratorial and judicial departments is relatively rough, and there is a greater lack of technical personnel other than the legal profession. Especially in the fields of finance, computer, intellectual property and other crimes with high professional background threshold, the inspection and appraisal of electronic material evidence must be "grounded". The relevant conclusions should be "popularized" as completely and accurately as possible, and can be effectively understood by prosecutors who lack technical background.

For example, the Nanjing Public Security Network Security Department cracked a "city * *" naked chat extortion case at the beginning of this year. In the investigation, the police obtained the developer account information, cloud packaging records, payment records, login MAC and other important data retained by the APP in the packaging company through in-depth analysis of the APP software involved in the case and transfer certificates to the third-party company providing packaging services. Finally, the identity of the suspect was identified and arrested, and one suspect engaged in the development of the APP technology was arrested. In addition, the police sorted out more than 25000 pieces of potential victim data by obtaining the permissions of the background server. However, most of the victims in the case did not report to the police. According to the provincial and municipal case Kubi, there were only more than 20 preliminary concatenation cases. Since the suspect is not a criminal who directly carries out naked chat and extortion, especially most of the evidence is electronic evidence, the procuratorial department puts forward different opinions on the facts of the evidence and the degree of harm of the case. After the case-handling unit inspected according to law, the technical department issued more than 20 electronic material evidence inspection records. Most of the electronic documents inspected are information data and transaction records produced by the software. In terms of the form of evidence, the evidence is in full compliance with the law. However, prosecutors are not familiar with software development and electronic evidence identification, and cannot understand the relevant results. The task force actively organized appraisers, investigators, and hired computer software experts to jointly write detailed supplementary explanatory materials. After the legal inspection staff carefully studied the supplementary materials, the case procedure was carried out smoothly. In police practice, this requires our inspection and appraisal personnel not only to be simple technical experts, but also to improve the level of law enforcement and legal literacy as much as possible.

At the same time, we should also pay attention to the combination of inspection and identification and other means of investigation. By exerting the system efficiency of investigation work, the "congenital deficiency" of electronic evidence is made up ". Only by effectively combining inspection and appraisal with on-site inspection, technical investigation, network investigation, pre-trial and other links can we effectively provide comprehensive support for litigation trials.