Digital forensics is the process of uncovering and interpreting electronic data for use in a court of law. The main goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital information which will be admissible in a court of law. To collect the document has to follow certain guidelines. United States v. Gourde (2006) and United States v. Zeigler (2007) are both great examples of cases to investigate the case. The primary goal of this document is to demonstrate the importance of digital forensics in solving criminal investigation. In the following paragraph two criminal cases are studied and analyzed.
In United States v. Gourde, 440 F.3d 1065, 1077 (9th Cir. 2006), the issued in this case was that Micah Gourde appeals from the district court 's denial of his motion to suppress more than 100 images of child pornography seized from his home computer. The Defendant Gourde claims that the affidavit in support of the search lacked sufficient indicia of probable cause. He also claimed that because it contained no evidence that he was the one who actually downloaded or possessed child pornography. " Browsing the entire website undercover agent captured hundreds of images that "included adult pornography, child pornography, and child erotica. After doing investigation, FBI agent concluded that Gourde fit the collector profile because he joined a paid subscription website
Digital forensics (sometimes Digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.[1][2] The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover all devices capable of storing digital data and is now used to describe the entire field.[1] The discipline evolved in a haphazard manner during the 1990s and it was not until the early 2000s that national policies were created.
For this reason, it is imperative that the information gathered is reliable and accurate to ensure the evidence collected can be utilized by the digital forensic investigator for the current case (Ingalls & Rodriguez, 2011). Additionally, cyber incidents require digital forensic investigators to interview various individuals regarding the information needed for the case. According to the National Institute of Justice (2004), interviewing the system administrator, users, and employees of an organization regarding a cyber incident would provide investigators with valuable information; for example, user accounts, email accounts, network configuration, logs, and passwords. Furthermore, for digital forensic investigators to conduct an effective interview, they must have the proper tools and training to employ the interview process. For instance, formal procedures or instructions should be developed and implemented to ensure that the investigator follows a standard during all investigations. Additionally, training should be provided to ensure that digital forensic investigators comprehend by what means to prepare, conduct, and evaluate an interview. Furthermore, resources should be made available for digital forensic investigators to accomplish their tasks; for example, recording devices and references. Also, definitions should be provided to the digital forensic investigators for
A computer forensic investigation typically includes the collection, examination, analysis, and reporting of data. These steps could have been used to extract and preserve the data in the U.S. versus AOL case. Collection involves seizing digital evidence. Examination is where techniques are applied in order to identify and extract data. Analysis is using the data and resources to prove a case (Brecht, 2015). Reporting involves presenting the documentation gathered during the investigation. Investigators use these steps to examine evidence that could be needed in a trial. Following these steps is one way to ensure that the findings are sound and admissible in court. “The purpose of a computer forensic examination is to recover data from computers seized as evidence in criminal investigations (Brecht, 2015)”. Forensic tools are used by investigators to provide their collection, indexing and detailed analysis
One of the drawbacks of computer technology and its use by law enforcement is that digital or electronic data and evidence obtained during investigations may easily be modified, deleted or lost. This fact makes the admissibility of such evidence in court to be contested thus slowing down the prosecution of crimes.
Although computer forensics is a relatively young field of crime investigation, it has become a useful area of knowledge. Organizations and companies are finding it necessary to recruit computer and network forensics investigators. These experts can detect and report various computer crimes. The reports of their findings can be used to provide useful evidence in court. This paper discusses various aspects of computer forensics. It is based on a scenario involving a computer, which is suspected to contain evidence on child pornography.
This manual is to assist forensic technicians who may be responsible for preserving electronic crime scene and recognizing, collecting, preserving, and storing digital evidence. When dealing with digital evidence, these principles apply: The process of collecting, securing, and transporting digital evidence should not change the evidence in anyway. Only trained forensic technicians specifically for digital evidence should conduct the analysis. Everything done during the search, seizure, transportation and the storage of the digital evidence should be documented, preserved and ready for review.
Since the introduction of computer and technology, they have become the new weapon in committing crime, and to the burgeoning science of digital evidence, law enforcement now use computers to fight crime. Nevertheless, digital evidence is information stored, transmitted, and received in binary form that can potentially be relied on as evidence in court. Notwithstanding, digital evidence is commonly associated with crimes that involve such devices, such as a computer hard drives, external storage devices, mobile phones, among others, and are often referred to as e-crimes. However, to fight e-crime, law enforcement must collect relevant digital evidence for such crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence, also referred to as computer forensics, into many of their infrastructures.
Indescribably, technology has entered every aspect of our life and to no surprise has become almost futuristic as it helps define our crime solving abilities. Forensics actually is the fastest growing criminal justice field in America. Seemingly always in the background, forensics is a major part of our criminal justice systems as a whole. Forensic Science has contributed to our world a great deal in multiple ways, and very significant ways. By the close of the 20th century, forensic scientists had a wealth of high-tech tools at their disposal for analyzing evidence from polymerase chain reaction (PCR) for DNA analysis, to digital fingerprinting techniques with computer search capabilities (Stephanie). To start off, Criminal Investigation is the largest and most known form of Forensic Science. Some of the more known areas include Fingerprinting, Ballistics, DNA Identification, Fiber Samples, Computer Animation, and Documentation analysis.
Computer forensics is the process that applies computer science and technology to collect and analyze evidence which is crucial and admissible to cyber investigations (Sindhu & Meshram, 2012). Adding the ability to practice sound computer forensics will help ensure the overall integrity and survivability of an organization’s network infrastructure (U.S. Cert, 2008). In this paper, we review a number of scenarios where computer forensics is necessary. We determine good sources of data for each scenario, and determine which would be optimal.
Digital forensics is an ever changing field and the number of examinations being performed by digital forensic laboratories is constantly growing. Because investigations often rely on the results of these examinations, particularly those cases built on the digital evidence, investigators need to be able to provide results as soon as it is possible. To meet the growing demand and customer needs, ongoing research and development is needed in the creation of tools that will increase efficiency of digital forensic examinations. To improve efficiency and effectiveness in forensic processes, investigators should concentrate on specific areas including preparation and preservation, extraction and storage, examination and reporting, sharing, correlating
This thesis aims to determine what attorneys consider to be the three most important characteristics of an expert witness from law enforcement digital forensics personnel. The analysis of digital evidence and court testimony of a digital investigator will be heard by a jury and thus will have a part in that jury’s determination of the guilt or innocence of the person who is accused of a crime. Offenses ranging from misdemeanors to capital crimes such as murder could possibly be involved, with sentences ranging from probation to the death penalty in Alabama. The testimony of the person who collects, examines, and reports on the evidence in a case can literally make the difference between life and death for the defendant. The qualifications of the witness giving testimony about digital forensic evidence are of supreme importance.
Forensic tools are essential requirements of forensic research and investigation in order to prove integrity of data and validate the result to be correct and lawful. Law enforcement cannot only rely on forensic tools to make a verdict, thus these forensic tools need to be validated in order to minimize errors and avoid wrong decisions that can result into serious consequences. As the field of digital forensics is growing in a rapid pace, there are numerous forensic tools made in order to cope with the demand. There are many concerns associated with forensic tools. First of all, these tools need to meet the standards required by the forensic tools validation association such as NIST in order to make the tool a valid source to
Criminalization is a social phenomenon, which has haphazardly increased in last few years as Information and Communications Technology (ICT) has become an internal part of our daily lives. Atomic computer users and large corporate companies are increasingly dependent on services provided by ICT. ICT provides wide range of services that are utilized by individual systems as well as enormous database handling companies. For numerous reasons, something is bound to go wrong within the ICT environments which may include an intentional attack on different services provided by an organization. Digital forensics has evolved significantly in the direction of prosecuting such criminals. Making use of freely available information on internet and rapid technological advancements in ICT has contributed to performing easy investigations rather cumbersome.
Throughout the most recent decade, the quantity of wrongdoings that include PCs and Internet has grown,spurring an expansion in organizations and items that plan to help law authorization in utilizing computerized proof to decide the culprits, strategies, timing and casualties of PC wrongdoing. As a result,digital criminology has advanced to guarantee legitimate presentation of PC and digital wrongdoing evidentiary information in court. As indicated by Federal Bureau of Investigation [FBI] 2008 insights, in the UnitedStates, the span of the normal advanced measurable case is developing at the rate of 35% every year – from 83 GB in 2003 to 277 GB in 2007. With capacity limit development outpacing system transfer speed andlatency enhancements,
Forensics is the use of examination and investigation procedures to accumulate and save prove from a computing device in a way that is appropriate for presentation in a courtroom. The objective of computer