摘要：【中文】本发明涉及一种网络攻击技术领域，是一种终端取证溯源系统及方法，前者包括终端数据采集单元、分析处理单元和报告生成单元；终端数据采集单元，基于攻击者视角的攻击链，对目标终端进行全方位扫描取证，采集需要的所有业务数据；分析处理单元，通过识别溯源工具对采集到的所有业务数据进行检测判定及处理研判；报告生成单元，根据检测判定结果、处理结果生成取证分析报告。本发明集采集、分析、处理于一体，能自动完成终端的取证追溯过程，并形成取证分析报告，简化了终端取证追溯工作，降低了对运维人员的要求，同时能通过前端显示单元对溯源工具进行更新及添加，有效增加了恶意活动等攻击、威胁的识别及溯源。 【EN】The invention relates to the technical field of network attack, in particular to a terminal evidence obtaining and tracing system and a method, wherein the terminal evidence obtaining and tracing system comprises a terminal data acquisition unit, an analysis processing unit and a report generating unit; the terminal data acquisition unit is used for carrying out all-dimensional scanning evidence obtaining on the target terminal based on an attack chain of an attacker view angle and acquiring all required service data; the analysis processing unit is used for detecting, judging, processing and studying all the collected business data through the identification traceability tool; and a report generation unit for generating an evidence collection analysis report according to the detection judgment result and the processing result. The invention integrates acquisition, analysis and processing, can automatically finish the evidence obtaining and tracing process of the terminal, forms an evidence obtaining and analyzing report, simplifies the evidence obtaining and tracing work of the terminal, reduces the requirements on operation and maintenance personnel, can update and add tracing tools through the front-end display unit, and effectively increases the identification and tracing of attacks and threats such as malicious activities.