Abstract: There is a rapid rise in cybercrime cases. There does not exist any effective forensic methods to deal with these cybercrime cases. Investigators are required to study the details of a large amount of tedious source in order to understand the crime model and dig out the evidence. This requires a lot of effort and may result in human errors.  In order to overcome these potential errors that may cause by the investigators, we propose a semi-automatic approach that integrates the user view (based on a high level study of the forensic investigator) and the system view (based on the automatic analysis of the source codes) to assist investigators in refining the scope of the investigation. The approach has been verified using a real cybercrime case and the method has been shown to be effective in assisting the investigators in refining the scope of investigation and understanding the crime model.  The semi-automatic approach has improved the efficiency and reliability of the digital forensic analysis of cybercrime cases involving large volume of digital evidence from multiple sources.

摘要：