Evaluation Of A Computer Forensics Lab

Instructions: There are multiple parts to this assignment. Carefully read each section and type your answer in the space provided. Complete each part of this Homework Assignment to receive full credit.

Identifying evidence is the first stage in the process. A laptop, computer monitor, and hard drive are all pieces of evidence that are usually located first. It is critical for the investigator who is identifying and collecting evidence to know what else to look for. Other items that should be identified and collected as possible evidence include external hard drives, floppy discs, CD’s, USB drives, and memory cards. If the investigator isn’t aware what all falls into the category of digital evidence, it is possible that vital evidence may not be collected (Cosic, 2011).

What potential sources of digital evidence do you find at a crime scene? First of all, what is digital evidence? Digital evidence is any information or data of value to an investigation that is stored on, received by, or transmitted by an electronic device. Also, Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. Text messages, emails, pictures and videos, and internet searches are some of the most common types of digital evidence. Most criminals now leave a digital trail;

A policy is collectively agreed statement of beliefs, which is usually as a document. Policies ensure that all setting comply with legal obligation and relic the general ethos spay of working.

Electronic evidence is very fragile because it can be destroyed or altered very easily, therefore it is imperative that investigators follow very careful all the procedural steps when collecting electronic evidence (Diversified Forensics). Before any electronic evidence is gathered investigators should determine whether there is probable cause that a crime has been committed, or if the crime was committed somewhere else the investigator should determine whether the electronic evidence will aid the investigation process to prove or disapprove the crime, if a warrant is needed it must be obtained prior to collecting the evidence (Diversified Forensics). Hard drives, computers, and other electronic devices must be turned off, unplug all cables,

For this reason, it is imperative that the information gathered is reliable and accurate to ensure the evidence collected can be utilized by the digital forensic investigator for the current case (Ingalls & Rodriguez, 2011). Additionally, cyber incidents require digital forensic investigators to interview various individuals regarding the information needed for the case. According to the National Institute of Justice (2004), interviewing the system administrator, users, and employees of an organization regarding a cyber incident would provide investigators with valuable information; for example, user accounts, email accounts, network configuration, logs, and passwords. Furthermore, for digital forensic investigators to conduct an effective interview, they must have the proper tools and training to employ the interview process. For instance, formal procedures or instructions should be developed and implemented to ensure that the investigator follows a standard during all investigations. Additionally, training should be provided to ensure that digital forensic investigators comprehend by what means to prepare, conduct, and evaluate an interview. Furthermore, resources should be made available for digital forensic investigators to accomplish their tasks; for example, recording devices and references. Also, definitions should be provided to the digital forensic investigators for

A computer forensic investigation typically includes the collection, examination, analysis, and reporting of data. These steps could have been used to extract and preserve the data in the U.S. versus AOL case. Collection involves seizing digital evidence. Examination is where techniques are applied in order to identify and extract data. Analysis is using the data and resources to prove a case (Brecht, 2015). Reporting involves presenting the documentation gathered during the investigation. Investigators use these steps to examine evidence that could be needed in a trial. Following these steps is one way to ensure that the findings are sound and admissible in court. “The purpose of a computer forensic examination is to recover data from computers seized as evidence in criminal investigations (Brecht, 2015)”. Forensic tools are used by investigators to provide their collection, indexing and detailed analysis

Tools used for forensics investigations. What tools are needed for investigations? How do you create a forensics "toolkit?" What should it contain?

When was the last time she accessed her computer? What is her background in computers, what is her skill level? I need some background on the former employee, her computer habits and activities prior to the files being found on her computer. I must collect digital evidence while keeping the data unaltered, first thing. This data will be used later in the prosecution of the case. This can be done through calculating and recording an evidence file. Next is imaging of the computer media with a write-blocking tool. I must keep the chain of custody. The computer's RAM is examined for evidence. During the examination step, verify and catalog the presence and integrity of the original evidence and any copies. An analysis is made with specialized equipment to find out exactly what's stored on the digital media. This includes a manual review of all materials found on the media, a review of the Windows registry, techniques to crack passwords and retrieve protected data, keyword searches and extraction of email and pictures for further review.

Integrity of Evidence The FBI Crime Lab has come a long way since it opened. All began in the 1920’s, when a person named J. Edgar Hoover recognized the importance of scientific analysis in criminal matters (Forensic Science Communications, 2007, para. 1). Ever since that moment the crime grew a lot. The use of technology to solve crimes increased tremendously overtime.

Although computer forensics is a relatively young field of crime investigation, it has become a useful area of knowledge. Organizations and companies are finding it necessary to recruit computer and network forensics investigators. These experts can detect and report various computer crimes. The reports of their findings can be used to provide useful evidence in court. This paper discusses various aspects of computer forensics. It is based on a scenario involving a computer, which is suspected to contain evidence on child pornography.

Computers are common tools used by the culprits behind white-collar crimes. In order to find “culprits,” the forensic accountant will need to be able to dig deep into the company’s computer system. However, without the proper equipment, that process can prove to be very difficult. To facilitate the preservation, collection, analysis, and documentation of evidence, forensic accountants can use specialized software and computer hardware.

The policies are the connection to the daily operations. Policies reinforce the vision and endeavor to forward best practice within an organization. My experience with policies is they are vague and do not address specific incidents. The policies do provide boundaries or guidance and allow the nurse the leeway to provide care within the nursing scope of practice. They do provide a framework of the organizational expectations and standards.

The theory of both investigative processes is the same, study or examines crime scene, gather evidence, and analyze it to determine a possible suspect, motives and methods used in committing alleged crime ("Difference Between Investigation and Interrogation | Investigation vs Interrogation," 2015). One of the biggest differences between a corporate investigation and a law enforcement investigation is the individual conducting this effort. A sworn officer will oversee the law enforcement investigative process and must ensure all activities fall within the constraints of Constitutional laws. A corporate investigation is an internal process done by a company investigator at the behest of the organization. The investigator is acting as a private

In a world where technology is increasingly becoming the way of life, it was only a matter of time before crime was no longer just in the streets but happening online as well. Criminals now get a new approach to carry out their crimes with the use of computers. Since technology is more like a murder mystery than catching the bad guy in the act, a new discipline of forensics needed to be put into place. This is known as computer forensics. Forensic science is any science used for the purpose of law. In the case of computer forensics it is “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (U.S. Cert, 2008). Meaning if you do something illegal on the Internet it can be found.