This document provides the digital forensic investigator with basic information regarding interviews for a cyber incident. Accordingly, it provides information gathered thru an interview and the process to take. Additionally, information is provided on who to interview and what information to gather is provided; as well as the tools and resources needed. Furthermore, an interview process is explained that provides investigators with a standard operating procedure to follow. Further in the document there is a section that provides the reader with an interview methodology. This methodology provides a model to follow that provides an effective manner to interview an individual. Finally, a section providing information on recording devices to utilize …show more content…
It is pertinent during the preparation phase of an investigation, as well as the examination and documentation phases. Furthermore, these interviews are being conducted to gather information regarding the case to ensure the digital forensic investigator may plan their investigation accordingly. However, if a digital forensic investigator does not take time to prepare for the case, than they may overlook a crucial piece of evidence. Therefore, it is necessary that digital forensic investigators understand the interview process and how victims, suspects, or witnesses would react to questioning (UMUC, 2015). Accordingly, this document provides information regarding the material obtained from an interview, the interview methodology, and the recording methods that may be utilized during an …show more content…
For this reason, it is imperative that the information gathered is reliable and accurate to ensure the evidence collected can be utilized by the digital forensic investigator for the current case (Ingalls & Rodriguez, 2011). Additionally, cyber incidents require digital forensic investigators to interview various individuals regarding the information needed for the case. According to the National Institute of Justice (2004), interviewing the system administrator, users, and employees of an organization regarding a cyber incident would provide investigators with valuable information; for example, user accounts, email accounts, network configuration, logs, and passwords. Furthermore, for digital forensic investigators to conduct an effective interview, they must have the proper tools and training to employ the interview process. For instance, formal procedures or instructions should be developed and implemented to ensure that the investigator follows a standard during all investigations. Additionally, training should be provided to ensure that digital forensic investigators comprehend by what means to prepare, conduct, and evaluate an interview. Furthermore, resources should be made available for digital forensic investigators to accomplish their tasks; for example, recording devices and references. Also, definitions should be provided to the digital forensic investigators for
Electronic evidence is very fragile because it can be destroyed or altered very easily, therefore it is imperative that investigators follow very careful all the procedural steps when collecting electronic evidence (Diversified Forensics). Before any electronic evidence is gathered investigators should determine whether there is probable cause that a crime has been committed, or if the crime was committed somewhere else the investigator should determine whether the electronic evidence will aid the investigation process to prove or disapprove the crime, if a warrant is needed it must be obtained prior to collecting the evidence (Diversified Forensics). Hard drives, computers, and other electronic devices must be turned off, unplug all cables,
Two detectives from the Digital Forensic Department were contacted for an interview in relation to cyber-crime in Fort Worth and within the Police Department, their responsibilities and duties and personal insight. The first detective that was interviewed was Detective Randolph. Randolph is a twenty year veteran, who has worked six of those twenty years for Digital Forensics. The second detective that was interviewed was Chris Fernihough who has been working for the department for over fifteen years. Both researchers, Edirimanasinghe and Morrow agreed on conducting in person interviews with the cyber-crime police detectives for a comprehensive insight on how local police handle cyber-crime.
A computer forensic investigation typically includes the collection, examination, analysis, and reporting of data. These steps could have been used to extract and preserve the data in the U.S. versus AOL case. Collection involves seizing digital evidence. Examination is where techniques are applied in order to identify and extract data. Analysis is using the data and resources to prove a case (Brecht, 2015). Reporting involves presenting the documentation gathered during the investigation. Investigators use these steps to examine evidence that could be needed in a trial. Following these steps is one way to ensure that the findings are sound and admissible in court. “The purpose of a computer forensic examination is to recover data from computers seized as evidence in criminal investigations (Brecht, 2015)”. Forensic tools are used by investigators to provide their collection, indexing and detailed analysis
The aim of this report is to examine Computer Forensics and Anti Forensics in details, investigation and Analysis techniques, and standard set of procedures which Forensics investigators must follow
From data acquisition, the investigator should move to the process of extracting data. He or she should use special computer forensics software tools to extract important data from various computer devices and networks. The process of extracting data requires the investigator to be knowledgeable about where to search data in the system and the kind of questions to ask (Rogers, 2003). After extracting data, the investigator proceeds to the process of data analysis. By this time, the investigator will probably be having thousands of files. He or she should use computer forensic tools and techniques to analyze the files in order to generate data which is more relevant and concise (Rogers, 2003). The last step of the process of computer forensics involves reporting the analyzed data. The investigators should ensure that the data, which is supposed to be reported, is complete, understandable, and defendable. This will ensure that the final data presented is credible (Rogers, 2003).
As the lead forensic investigator for XYZ, Inc. my goal is to prepare before the investigation starts, this involves knowing the nature of the assignment and activities, prepare the tools and personnel needed to properly investigate the incident. Additionally, understanding the skill-sets required to extract digital evidence will help build the appropriate team, assign roles to staff and supervisor, and ensure the forensic investigators have appropriate background to perform the extractions needed.
Supportive investigation procedures and protocols should be in place in order to show that the incriminating evidence was on the electronic media. Crime has changed since the dawning of the computer age and the need for digital forensics is growing rapidly. Digital forensics has various areas based on different standards and media types, each with experts. There have been major breakthroughs in digital forensics
National institute of technology (NIST) provides a forensic timeline with different stages to conduct proper investigation. There first portion is collection stage, in their investigator able to gather evidence and information’s about the case. This include interviewing witness, when doing a computer forensic investigation it's not possible to place suspect just only behind the keyboard, as additional investigator must do a deep scanning about the evidence such a confession or perhaps video surveillance evidence, and it’s important to talk with suspects whether there were admit to the crime or at least admin owning the machine and they are the only that uses the evidence
The first thing to do when to a computer investigation is to know the correct steps to make sure that the investigation is done correctly. The steps of preparing for a computer investigation are as follows; identifying the nature of the case, identifying the type of OS or digital device, determining whether you can seize the computers or digital devices, getting a detailed description of the location, determining who is in charge, using additional technical expertise, and determining what tools you need. These steps are the foundation of the investigation. If there is no strong foundation in the beginning of the
Having digital forensic capabilities is very important in this era we are in. At our company, we have an in house forensics team that consists of a senior forensic investigator, project manager, computer forensic examiner, legal counsel, IT specialist, and three lab assistants.
This manual is to assist forensic technicians who may be responsible for preserving electronic crime scene and recognizing, collecting, preserving, and storing digital evidence. When dealing with digital evidence, these principles apply: The process of collecting, securing, and transporting digital evidence should not change the evidence in anyway. Only trained forensic technicians specifically for digital evidence should conduct the analysis. Everything done during the search, seizure, transportation and the storage of the digital evidence should be documented, preserved and ready for review.
Acquisition. Due to digital evidence’s fragile state, investigators should be aware that it is easily altered, damaged, or deleted by improper handling of the evidence. Examination best practices are conducted on a copy of the original evidence. The original evidence should be secured in a way that would protect a preserve the evidence in its original unaltered state.
Once these steps are properly completed it is the job of the computer forensics analyst to piece together a report on the findings. All of the evidence needs to be carefully phrased and should only contain key issues that are relevant to that specific situation. The goal here is to put together everything that pertains to that case and will have the highest chance of
Over the years, forensics have played an integral role in solving crimes of all variety. Technological advances have made life easier for society as whole including those in the field of forensics. Digital forensics utilizes the advances in technology such emails, phones, social media, and other ways digital information could be shared in order to help crimes. People have grown so accustomed to phones, tablets, and computers that they often forgot these kinds of technology were not always around to use. The field of forensics has wisely grown with the advances in technology. Crimes have employed forensics to solve crimes for decades, but now with technology more information is available than ever to help assist in crime solving. Technology makes communication a lot easier and allows to talk people from all walks of life. The advances in technology have also allowed business to grow nationwide and worldwide with the ease of emails and phone calls.
There can be a number of technical issues that a network forensic investigator may come across. They must be up to date with relevant and the latest knowledge concerning computer technical issues and general network architecture. It is essential that a forensic investigator must have up to date tools and techniques at their disposal. Attacks on networks are becoming a lot more sophisticated, making it harder to figure out the source of the attack, hence why it is necessary to keep up to date with forensic tools and techniques.