許多資訊駭客沈浸於靜悄悄地入侵電腦系統，意圖竊取資料、破壞資訊隱私。資安事件調查的紀錄檔案是追查事件來源的最初指標，驗證稽核紀錄的可信度為評斷是非或論罪科刑的重要參考依據。本文透過計畫(Plan)、執行(Do)、檢查(Check)及行動(Act)等管理循環，從「被動資安防護」、「主動滲透測試」、「逆向追查紀錄」、「對象查訪驗證」及「使用習慣養成」等5面向檢討社交工程的資安演練事件。本文不僅歸納一些追蹤犯罪者的指引作法，也展示避免犯下錯誤結論的發現事實作法。藉由本文研究，處理資安事件的反應者，將能夠採用有效分析稽核紀錄的策略，降低資安鑑識事件過程的不當處置作為。

Dozens of hackers are dedicated to silently invading computer system. They are making efforts directed toward destroying computer privacy and data. The auditing log is the initial source of tracing information security. To explore the fact, verifying reliability of related auditing record becomes an essential part of judging right from wrong. This paper proposes an iterative Plan-Do-Check-Act (PDCA) management process against external data intrusion incidents. A Social Engineering drill of 5-phase testing analysis is exhibited to strengthen computer defense system: Passive Data Security Protection, Proactive Penetration Testing, Reverse Record Tracking, Target Verification and User Habits. It not only summarizes some active follow-up guidelines to trace offenders but also demonstrates an accurate fact finding to prevent from erroneous conclusions. In response to the study in Social Engineering, the incident responders can have effective strategies of analyzing auditing record and reduce the possibilities of judicial misconduct in the forensic analysis of cybercrime event.