Forensics: The Emergence of the Electronic Crime Scene
Joshua Foster
American Military University
ISSC340 B005
Alan Bowen
October 28, 2014 Background
Improvements in technology have demonstrated that with relative ease nefarious individuals can acquire various types of information with the use of computers, cellphones, tablets, databases and the internet. This information can be used for a large array of deeds, illegal activity being a major one. In an effort to combat this emerging type of crime, the Department of Justice, local law enforcement agencies, banks, retail stores, and investment firms are integrating computer forensics into their organizations. These crimes range from network security breaches at companies like Target and Home Depot to child pornography, the common thread is that the implicating evidence was found on an electronic media device.
Supportive investigation procedures and protocols should be in place in order to show that the incriminating evidence was on the electronic media. Crime has changed since the dawning of the computer age and the need for digital forensics is growing rapidly. Digital forensics has various areas based on different standards and media types, each with experts. There have been major breakthroughs in digital forensics
…show more content…
To do this they will likely have to go with tools from the corporate world. In doing so they should go with companies that are evaluated by organizations like SEARCH and HTCIA, so that standards are maintained across the board. Digital forensics toes the line between keeping people safe and overstepping civil liberties. Courts and legislators have thus far attempted to protect civilians while allowing law enforcement agencies and corporations to conduct investigations in conjunction with perceived crimes. Digital Forensics is a rapidly growing technology and will continue to evolve as consumer technology
Electronic evidence is very fragile because it can be destroyed or altered very easily, therefore it is imperative that investigators follow very careful all the procedural steps when collecting electronic evidence (Diversified Forensics). Before any electronic evidence is gathered investigators should determine whether there is probable cause that a crime has been committed, or if the crime was committed somewhere else the investigator should determine whether the electronic evidence will aid the investigation process to prove or disapprove the crime, if a warrant is needed it must be obtained prior to collecting the evidence (Diversified Forensics). Hard drives, computers, and other electronic devices must be turned off, unplug all cables,
Computers are common tools used by the culprits behind white-collar crimes. In order to find “culprits,” the forensic accountant will need to be able to dig deep into the company’s computer system. However, without the proper equipment, that process can prove to be very difficult. To facilitate the preservation, collection, analysis, and documentation of evidence, forensic accountants can use specialized software and computer hardware.
For this reason, it is imperative that the information gathered is reliable and accurate to ensure the evidence collected can be utilized by the digital forensic investigator for the current case (Ingalls & Rodriguez, 2011). Additionally, cyber incidents require digital forensic investigators to interview various individuals regarding the information needed for the case. According to the National Institute of Justice (2004), interviewing the system administrator, users, and employees of an organization regarding a cyber incident would provide investigators with valuable information; for example, user accounts, email accounts, network configuration, logs, and passwords. Furthermore, for digital forensic investigators to conduct an effective interview, they must have the proper tools and training to employ the interview process. For instance, formal procedures or instructions should be developed and implemented to ensure that the investigator follows a standard during all investigations. Additionally, training should be provided to ensure that digital forensic investigators comprehend by what means to prepare, conduct, and evaluate an interview. Furthermore, resources should be made available for digital forensic investigators to accomplish their tasks; for example, recording devices and references. Also, definitions should be provided to the digital forensic investigators for
This manual is to assist forensic technicians who may be responsible for preserving electronic crime scene and recognizing, collecting, preserving, and storing digital evidence. When dealing with digital evidence, these principles apply: The process of collecting, securing, and transporting digital evidence should not change the evidence in anyway. Only trained forensic technicians specifically for digital evidence should conduct the analysis. Everything done during the search, seizure, transportation and the storage of the digital evidence should be documented, preserved and ready for review.
A vast majority of citizens in this country are not aware of their rights as it pertains to their electronic devices. By following the practices of digital forensics and the laws set fourth to govern electronic devices. The justice system will become more clear to the average citizen.
Data is crucial to the success of any company and they are now increasing their efforts in soliciting and retrieving customer data to learn more about their client's preferences, likes, and dislikes. This, among other factors has attributed to a growing field of data science where data scientists learn to collect crucial data. While there are many types of data, this paper will primarily focus on digital data and how digital scientists can retrieve these data to support provide information for the crown or for the defense. This area has received more attention because criminals such as terrorists have realized the effectiveness of using digital devices to aid in their criminal endeavors (Reith, Carr & Gunsch, 2002, p.2). To combat this, law enforcement agencies are now relying on digital scientists to preserve, collect, analysis and interpret "digital evidence derived from digital sources" (Vincze, 2016, p.184) to help prevent cybercrime and prosecute (or exonerate) suspects. The purpose of this paper is then to illustrate why digital forensic is crucial to addressing the new dangers presented in our society by analyzing the strengths and demonstrating why the weaknesses of the field
Throughout the most recent decade, the quantity of wrongdoings that include PCs and Internet has grown,spurring an expansion in organizations and items that plan to help law authorization in utilizing computerized proof to decide the culprits, strategies, timing and casualties of PC wrongdoing. As a result,digital criminology has advanced to guarantee legitimate presentation of PC and digital wrongdoing evidentiary information in court. As indicated by Federal Bureau of Investigation [FBI] 2008 insights, in the UnitedStates, the span of the normal advanced measurable case is developing at the rate of 35% every year – from 83 GB in 2003 to 277 GB in 2007. With capacity limit development outpacing system transfer speed andlatency enhancements,
Moving onto the weaknesses, the following test will examine the acquisition of information, discovery of information, education, procedure and significance of the evidence. One of the main concerns in this field is still acquiring the information in a way that does not jeopardize the integrity of the information despite having the appropriate tools. This is because digital forensic scientists created the tools for security and other computer related purposes and not for forensic purposes (Casey, 2004, p.29). This poses specific issues when the investigators are trying to collect information in a manner that is acceptable by law, and while it is true that it is possible to create tools specifically for forensic purposes
Evidence plays a vital role throughout criminal investigations. Typically, we think of evidence as things such as fingerprints, DNA, and fibers. However, evidence as evolved as the world of technology has expanded. Digital evidence also now plays just as much of an important role as traditional evidence. When beginning an investigation that involves digital evidence, it is important for the investigator to know what evidence to look for. Identification of evidence, collection including transportation of evidence and examination of evidence are the three main aspects of the process.
The world used to be a place filled with questions and answers that could not be found. As the years have gone by, evidence at a crime scene has become progressively more understood and the world is now a place filled with questions that there are answers to. To get where detectives are today, it took years of experiments, building and knowledge of technology that expanded the mind to places that are hard to believe. Technology is the basis of what it takes to find the vastest amount of information that evidence can provide. It can hold, prove and find information that in past years, could not. Due to the advances in technology, specifically through DNA, fingerprinting and lighting systems, crime scene evidence collection has grown tremendously.
In a world where technology is increasingly becoming the way of life, it was only a matter of time before crime was no longer just in the streets but happening online as well. Criminals now get a new approach to carry out their crimes with the use of computers. Since technology is more like a murder mystery than catching the bad guy in the act, a new discipline of forensics needed to be put into place. This is known as computer forensics. Forensic science is any science used for the purpose of law. In the case of computer forensics it is “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (U.S. Cert, 2008). Meaning if you do something illegal on the Internet it can be found.
Areas Where Digital Forensics Can Help in a Lawsuit or Investigation It is a fact that digital evidence is now an important part in many investigations and court cases. Mobile phones, for example, are a treasure trove of evidence. If these are not recognised by the court, what could have been a solid lead would be for naught. Unfortunately, the legal system is still slow in employing digital evidence.
Indescribably, technology has entered every aspect of our life and to no surprise has become almost futuristic as it helps define our crime solving abilities. Forensics actually is the fastest growing criminal justice field in America. Seemingly always in the background, forensics is a major part of our criminal justice systems as a whole. Forensic Science has contributed to our world a great deal in multiple ways, and very significant ways. By the close of the 20th century, forensic scientists had a wealth of high-tech tools at their disposal for analyzing evidence from polymerase chain reaction (PCR) for DNA analysis, to digital fingerprinting techniques with computer search capabilities (Stephanie). To start off, Criminal Investigation is the largest and most known form of Forensic Science. Some of the more known areas include Fingerprinting, Ballistics, DNA Identification, Fiber Samples, Computer Animation, and Documentation analysis.
Although computer forensics is a relatively young field of crime investigation, it has become a useful area of knowledge. Organizations and companies are finding it necessary to recruit computer and network forensics investigators. These experts can detect and report various computer crimes. The reports of their findings can be used to provide useful evidence in court. This paper discusses various aspects of computer forensics. It is based on a scenario involving a computer, which is suspected to contain evidence on child pornography.
One of the drawbacks of computer technology and its use by law enforcement is that digital or electronic data and evidence obtained during investigations may easily be modified, deleted or lost. This fact makes the admissibility of such evidence in court to be contested thus slowing down the prosecution of crimes.