Assignment 2 - Jacob McCourt

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

7981

Subject

Electrical Engineering

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by jacobmccourt

Digital Forensics in the Criminal Justice System Assignment 1 Jacob McCourt University of Maryland Global Campus 9/4/2023 Locard’s Exchange Principle does apply’s to digital evidence as much as any physical evidence. Even if the perpetrator does not physically come in contact with the crime scene. He

will still leave a trace with a cyber attack and digital evidence will exist. Anything done on a digital device will leave a mark. When evidenc is being collected by any professionals, it is important that it remains in its original state. One important practice is to never work directly with the original piece of evidence as to not accidentally alter it. Once a file is collected, create a read-only master copy and duplicate it. Another practice is to hash files after acquisition to ensure it has not changed. The hash will change on the copy and we can know if teh evidence was tampered with wether accidentally or not. Any discrepancy in hash values must be explicable. (SWGDE, 2020) Digital marks will be left on all sorts of devices. Routers for example may leave digital traces behind, such as IP addresses, the name of the Wi-Fi network they are linked to, MAC addresses, and logs of the devices that they are connected to. More sophisticated devices like smartphones may leave behind logs of text messages, phone calls, images, internet history, or GPS locations. Although a smartphone could leave behind much more. Internet of Things devices can also leave digital marks like IP addresses, the name of Wi-Fi networks, MAC addresses, or GPS location data. Investigators could potentially use this information to prove people were in contact, where someone was, or what websites someone visited. (SWGDE, 2020) If the device is powered on, it could contain beneficial and volatile data like encryption keys and shouldnt be turned off. Plug the device in to make sure it doesnt run out of power and turn off. The examiner should take measures to keep the device from turning off. Potentially go into the settings and turn off its autolock or sleep. This includes evidence that is in the system’s RAM (Random Access Memory), such as a program that only is present in the computer’s memory. There are also many types of evidence that are only available while the laptop is

running, like certain log files, cached files, and passwords. RAM is cleared when the computer is turned off so any data present would be lost. If the laptop is running, the harddrive should be copied because the encrypted portion of the data storage is still accessible. The owner of the device may have programs running that delete data upon the laptop turning off. (Mahalik, 2022) A hash value is a number that’s created through an algorithm, and it is associated with a particular file. If the file is changer in any way, and the value is recalculated the hash will change as well. It is impossible to alter a file in any way with the hash changing as well. If two files have the same hash they are identical. This makes it a great tool for verifying a file is authentic. This is a great tool used for proving or disproving the authenticity of digital evidence. It can also be used to ensure that evidence is not accidentally tampered with when investigating. A copy can be made and as long as the copy remains the same so will the hash. (Callaghan, 2020) Chain of custody is a record of the control, transfer, and disposition of evidence. Evidence in a criminal case can be anything from DNA samples, photographs, documents to personal property or bodily fluids.In order for evidence ot be admissible in court the prosecuter has to prove it is the same evidence that was at the scene of the crime. They need to be able to prove that it has not been tampered with. It is extremely important that law enforcement hand evidenc properly and document everything that happens to it. If chain of custody is not properly established the evidence can be challenged and declared inadmissable. This is a good thing because if decisions were based on evidence that is unreliable it would undermine the integrity of the justice system. (Williams, 2020) References

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Callaghan, P. (2020, August 6). Why Hash Values Are Crucial in Evidence Collection & Digital Forensics . Pagefreezer Blog. Retrieved September 18, 2023, from https://blog.pagefreezer.com/importance-hash-values-evidence-collection-digital- forensics Mahalik, H. (2022, May 19). Why Access to Digital Evidence is Tougher than Ever, And What You Can Do About It . Forensicmag. Retrieved September 19, 2023, from https://www.forensicmag.com/3425-Featured-Article-List/586429-Why-Access-to- Digital-Evidence-is-Tougher-than-Ever-And-What-You-Can-Do-About-It/ SWGDE. (2020). SWGDE Best Practices for Mobile Device Evidence Collection & Preservation, Handling, and Acquisition. Williams, C. L. (2020, August 26). Chain of Custody and Why It Is Important in a Criminal Case — #LadyJustice Speaks . Just Criminal Law — Gillette, WY Criminal Defense Attorney. Retrieved September 18, 2023, from https://www.justcriminallaw.com/criminal-charges-questions/2020/08/26/chain-custody- important-criminal-case/