Computer Forensic Analysis

Digital crime has been on the increase due to the increasing use of computer and internet. This has led the investigators with another method of fighting this crime. This is Computer Forensics, a process of going into computer hard drive and capturing basic information the user believed it has been erased.

Processing a crime scene is no easy task. Individuals who are trained to process and analyze these crime scenes cannot just walk into area of interest and commence handling items and taking items of possible implications of the situation. This holds true for a digital forensics investigator as well. Digital forensics investigators are looking for any possible digital evidence within the crime scene, but it’s not as simple as just finding a computer and taking it to the lab. “Digital evidence is information stored or transmitted in binary form that may be relied on in court. It can be found on a computer hard drive, a mobile phone, a personal digital assistant (PDA), a CD, and a flash card in a digital camera, among other places” (Digital Evidence and Forensics, 2016). Identifying, preparing for the search, seizing the evidence, documentation, and chain of custody are all critical pieces of ensuring digital evidence is admissible in court.

Imagine that you are investigating a crime of fraud, where the suspect is creating false documents. Where might you look for evidence on the suspect's computer?

This document provides the digital forensic investigator with basic information regarding interviews for a cyber incident. Accordingly, it provides information gathered thru an interview and the process to take. Additionally, information is provided on who to interview and what information to gather is provided; as well as the tools and resources needed. Furthermore, an interview process is explained that provides investigators with a standard operating procedure to follow. Further in the document there is a section that provides the reader with an interview methodology. This methodology provides a model to follow that provides an effective manner to interview an individual. Finally, a section providing information on recording devices to utilize

A computer forensic investigation typically includes the collection, examination, analysis, and reporting of data. These steps could have been used to extract and preserve the data in the U.S. versus AOL case. Collection involves seizing digital evidence. Examination is where techniques are applied in order to identify and extract data. Analysis is using the data and resources to prove a case (Brecht, 2015). Reporting involves presenting the documentation gathered during the investigation. Investigators use these steps to examine evidence that could be needed in a trial. Following these steps is one way to ensure that the findings are sound and admissible in court. “The purpose of a computer forensic examination is to recover data from computers seized as evidence in criminal investigations (Brecht, 2015)”. Forensic tools are used by investigators to provide their collection, indexing and detailed analysis

In a world where technology is increasingly becoming the way of life, it was only a matter of time before crime was no longer just in the streets but happening online as well. Criminals now get a new approach to carry out their crimes with the use of computers. Since technology is more like a murder mystery than catching the bad guy in the act, a new discipline of forensics needed to be put into place. This is known as computer forensics. Forensic science is any science used for the purpose of law. In the case of computer forensics it is “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (U.S. Cert, 2008). Meaning if you do something illegal on the Internet it can be found.

Digital forensics has always been known across technologists and law enforcement as the art of hacking into a computer and retrieving important information. Information that holds the key to important crimes and issues surrounding criminal activity. More importantly, digital forensics has the ability to make the non-believer surrounding a criminal case into a swift prosecutor ready to use his or her fullest extent of the law; regarding the sensitive data that comes out of that powerful piece of machinery as we know today as technology. Digital forensic scientists have begun to venture into the world of cloud computing and its familiar components. Components such as remote servers, web browsers, and web based media devices that are connected to the cloud.

Evidence plays a vital role throughout criminal investigations. Typically, we think of evidence as things such as fingerprints, DNA, and fibers. However, evidence as evolved as the world of technology has expanded. Digital evidence also now plays just as much of an important role as traditional evidence. When beginning an investigation that involves digital evidence, it is important for the investigator to know what evidence to look for. Identification of evidence, collection including transportation of evidence and examination of evidence are the three main aspects of the process.

In the analysis phase, examiners seek to understand the situation by connecting evidence found to the questions that were the catalyst for the forensic examination. They explain what was found and create a picture by presenting a timeline that corroborate the evidence presented. Principally, investigators document all their analysis, explain the relevancy of evidence provided, and report the results of the analysis to the requestor or the person in charge.

Description: Computer forensics investigators may provide services, from investigating computer systems and data in order to present information for legal cases to help catch hackers and cyber criminals. They are the law enforcement agents in the cyber world. They also work closely with detectives to help convict criminals who have left a digital trail during their crimes.

Electronic evidence is very fragile because it can be destroyed or altered very easily, therefore it is imperative that investigators follow very careful all the procedural steps when collecting electronic evidence (Diversified Forensics). Before any electronic evidence is gathered investigators should determine whether there is probable cause that a crime has been committed, or if the crime was committed somewhere else the investigator should determine whether the electronic evidence will aid the investigation process to prove or disapprove the crime, if a warrant is needed it must be obtained prior to collecting the evidence (Diversified Forensics). Hard drives, computers, and other electronic devices must be turned off, unplug all cables,

It is very important that the data is not altered. Once all the data is retrieved and examined from the computer, the next step is to analyze it. This step is crucial because the forensics investigator can find out when the inappropriate files were transferred or install into the computer and if they have been modified. The analysis is done with specialized tools to review all of the data, protected data, windows registry and email. After the analysis process is completed the forensics investigator will then create a report describing all the steps that he did to find the evidence. The report will be given to the main investigator of the

* Receive the equipment from the Seattle Police Department with the chain of custody form

In your report, describe how that evidence was discovered and retrieved by law officers or computer forensic experts

Computer access and information storage has drastically evolved with the increase of computer usage and internet access across a wide range of areas including homes, businesses, schools and government departments. These changes make requirements for more specific laws to regulate the use of computers and storage of data as well as new forensic techniques and tools to investigate such offences.