Evidence plays a vital role throughout criminal investigations. Typically, we think of evidence as things such as fingerprints, DNA, and fibers. However, evidence as evolved as the world of technology has expanded. Digital evidence also now plays just as much of an important role as traditional evidence. When beginning an investigation that involves digital evidence, it is important for the investigator to know what evidence to look for. Identification of evidence, collection including transportation of evidence and examination of evidence are the three main aspects of the process. Identifying evidence is the first stage in the process. A laptop, computer monitor, and hard drive are all pieces of evidence that are usually located first. It is critical for the investigator who is identifying and collecting evidence to know what else to look for. Other items that should be identified and collected as possible evidence include external hard drives, floppy discs, CD’s, USB drives, and memory cards. If the investigator isn’t aware what all falls into the category of digital evidence, it is possible that vital evidence may not be collected (Cosic, 2011). …show more content…
It is critical that evidence is collected in the correct manor to ensure that evidence is not destroyed. The investigator who is collecting the evidence should be properly trained in collection of evidence (Cosic, 2011). One example of proper protocol would be if a computer or cell phone is turned on when found, then it should not be turned off to prevent possible destruction of evidence or prompting for a password for access. The collection process can sometimes prove to be the most difficult because it evidence can easily be compromised or even destroyed (Manes,
I feel that this case was somewhat representative of what was discussed in the textbook. The forensics aspects of this case were generally different from the impression of forensics I received from reading the textbook. Despite this fact, I feel that the investigative techniques of this case were similar to what was discussed in the textbook, as well as what has been discussed during lecture.
It does not matter the reputation you have earned for your high integrity and honesty, you will always be open to allegations of civil or criminal liability. The first type of evidence and usually the most obvious is physical evidence. Evidence can be anything from tangible objects such as cartridge cases and firearms to latent fingerprints and DNA. Evidence collection or recovery step in crime scene processing is the methods, techniques, and procedures used in retrieving evidence. Patience and care are very important at the crime scene. The criminalist should take the proper time and care in processing the scene. The work is tedious and time consuming.
As is the case with any type of evidence seizure, what is fair game and what is off limits needs to be identified and set, preferably in writing before any work is done. (Nelson, Phillips, & Steuart, 2015). This ensures that the forensics team will be protected in the worst case scenario where the company could have an issue with what was taken, very similar to the protection ethical hackers require when performing a penetration test (##). Once this list is created, the team will interview the system administrators to provide any information allowed about the systems such as the equipment, system baselines, passwords that are allowed to be shared, and any special information that would need to be known before analyzing the system such as what information is logged and where would it be stored (Rowlingson, 2004). The entire purpose of this information gathering is to paint a clearer picture of the situation so a more detailed plan could be devised prior to any systems being touched.
Imagine that you are investigating a case where the suspect is believed to have deleted information from his or her computer that might be evidence. Where would you look for this evidence?
The gathering, protection and safeguarding of evidence is a crucial facet of evidence integrity, without accurate adherence to these processes, vital evidence that could possibly have significant influence on a court case could be deemed inadmissible. Therefore identifies the importance in establishing policy and procedure for law enforcement agencies in the identification, collection, and storage of evidence. Objects that constitute fruits, instrumentalities, or evidence of the crime or are contraband may be introduced in evidence and exhibited to the jury if it is proven that such objects offered as evidence relate to the crime charged (Garland, 2015, p. 417). Below is a procedure for handling physical evidence for presentation
A big problem with digital evidence is, that the suspects can hide the evidence on any location on the Hard Drive. That means a judge, a police office or a forensic analyst can impossible predict where exactly the evidence is located on the Hard Drive. That implies, that the forensic analyst have to search through the entire Hard Drive to find the evidence
Ibrahim Baggili, an assistant Professor of Computer Science at the University of New Haven said this, "Forensic evidence from a smartphone or a computer might be critical to solving a crime (Baggili).” Personal and private information are stored on phones and computers and it is a great tool for a scientist to use when working on a crime.
What potential sources of digital evidence do you find at a crime scene? First of all, what is digital evidence? Digital evidence is any information or data of value to an investigation that is stored on, received by, or transmitted by an electronic device. Also, Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. Text messages, emails, pictures and videos, and internet searches are some of the most common types of digital evidence. Most criminals now leave a digital trail;
All available physical evidence is handled competently. Evidence will be recorded and processed correctly and inside the law procedures.
The second aspect we identified is that of public safety, given the nature of our work as investigators. Digital forensic investigations can have a very drastic impact on public safety from a community wide concern to that of the health and well being of a single person. Often times when a mobile device is explained by a forensic investigator, the investigation is related to a criminal matter where a person is either harmed physically harmed or harmed in the less
The crucial step of the investigation is the transport and storage of evidence recovered from the crime scene. Tightly controlled access during transport and storage will prevent any unauthorized contact and possible tampering or loss of evidence. The evidence that is recovered at the scene must reach a forensic laboratory as quickly as possible, appropriate conditions will prevent deterioration of evidence during transport and storage. Evidence might have to be stored for some years until a case goes to court or if the case is unsolved so labelling and storing evidence must be appropriately done to avoid contamination or disintegration etc.
This means that digital evidence is hard to destroy and that in order to completely remove the evidence from the internet, one must possess a high level of knowledge in the area (Casey, 2011, p.26). This means that criminals who conduct online crimes will always leave online trails and it is up to the digital forensic scientists to retrieve the evidence (Casey, 2011, p.26). This is a strength and it also shows us why digital forensic scientists can play a crucial role as they are the few people that are trained in locating the trail of evidence left behind by the
When our unit arrived at this residency, we knew exactly what kind of evidence we were searching for because the local court gave us a warrant which gave us the permission to investigate all computer belonging possessed, conducted, or governed by the suspect. So, as we conducted our more thorough search, we observed and obtained numerous hard drives, laptops, thumb drives, and related data storage systems, as well as associated hardware which contained thousands of images and videos involving child pornographic content. We proceeded to photograph each one of these pieces of evidence exactly where we found them. We took medium range, as well as close-up pictures of this evidence and added them to our detailed sketch of the crime scene. We were extra cautious and even had another crime scene investigator within our department videotape our walk-through to help record and narrate our time-line, as well. Once all of the evidence was photographed, documented and sketched properly according to procedural standards, our unit then began to correctly mark and package it. It is very important that this step is done during any kind of investigation because if it is not completed, the evidence obtained is virtually useless. The computers we located were connected to a network and turned on, so we photographed what was on the screen first and then unplugged the power cord from the back of the tower. If computers are not unplugged the correct way, then the unit risks losing the files that are stored on it which would greatly impact the case (U.S Department of Homeland Security, N/A). Anyway, once we unplugged it, we placed labels upon all of the other cords before we disconnected all of them, so we knew how to plug them back in later. We placed the equipment in packaging marked as “fragile” and made sure to keep all of it away from any kind of damaging elements including martinets and radio transmitters. We continued to
Evidence is defined as any matter of fact, the effect, tendency, or design of which is to produce in the mind a persuasion, affirmative or disaffirmative, of the existence of some other matter of fact that a crime has been committed.(Paul B. Watson, 1986) In a legal sense, evidence is the information presented in court during a trial which enables the judge and jury to decide a particular case (Garland & Stuckey, 2000). There are two main types of evidence, which are testimony and physical items which can be presented to the judge and jury during a criminal trial. Physical evidence is any evidence found at the perpetrator’s
In simple terms, computer or digital forensic evidence analysis is the scientific collection of data that is either retrieved or held by a computer storage device that can be used against a criminal in a court of law. For the information to be used in court it should be collected before it is presentation; therefore, there are a number of recommendations proposed to make sure that information collected meets the intended integrity.