Forensic Analysis Name University Course Name and Code Instructor Date of Submission Forensic Analysis Context: This analysis is based on an imaginary company, ABC Corporation that designs and manufactures wireless routers and telecommunication equipment. However, the company lacks procedures, processes and policies for external forensic examination. The following discussion details a policy and process that may structure forensic examination requirements for a crime possibly committed using one of the company’s computers. Discussion: In digital forensic investigations, Standard Operating Procedure (SOP) should be designed within the limits of the tools available at the …show more content…
83). The forensic experts should first build a business case through a detailed risk analysis to demonstrate how the process will free the company from litigation. This would serve as a persuasive justification for supporting the lab in case employees’ rights were infringed during the crime (Nelson et al., 2016 p. 83). Important points to consider during acquisition of evidence should include but not limited to: acceptance criteria, point of contact (Adams, 2012), required documentation and software, vendor’s maintenance record (Nelson et al., 2016 p. 84) and physical evidence submission requirements (Adams, 2012). Fourth, it is imperative to evaluate whether the mission statement of the forensic team integrates its core functions and how these functions align with the wider picture of the crime scene. The functions of this team may range from forensic analysis to evidence collection and high-technology investigations. The mandate of the team will be limited to its core functions, the type of digital crime committed and whether it violates the company’s policies (Craiger, n.d). Fourth, the administrative aspects of the crime scene should be thoroughly evaluated. Before investigating the digital crime, it is imperative to ensure that the software used for forensic analysis (or used to commit the crime) is fully licensed by the agency assigned to the unit or the vendor respectively
A computer forensic investigation typically includes the collection, examination, analysis, and reporting of data. These steps could have been used to extract and preserve the data in the U.S. versus AOL case. Collection involves seizing digital evidence. Examination is where techniques are applied in order to identify and extract data. Analysis is using the data and resources to prove a case (Brecht, 2015). Reporting involves presenting the documentation gathered during the investigation. Investigators use these steps to examine evidence that could be needed in a trial. Following these steps is one way to ensure that the findings are sound and admissible in court. “The purpose of a computer forensic examination is to recover data from computers seized as evidence in criminal investigations (Brecht, 2015)”. Forensic tools are used by investigators to provide their collection, indexing and detailed analysis
Electronic evidence is very fragile because it can be destroyed or altered very easily, therefore it is imperative that investigators follow very careful all the procedural steps when collecting electronic evidence (Diversified Forensics). Before any electronic evidence is gathered investigators should determine whether there is probable cause that a crime has been committed, or if the crime was committed somewhere else the investigator should determine whether the electronic evidence will aid the investigation process to prove or disapprove the crime, if a warrant is needed it must be obtained prior to collecting the evidence (Diversified Forensics). Hard drives, computers, and other electronic devices must be turned off, unplug all cables,
Computers are common tools used by the culprits behind white-collar crimes. In order to find “culprits,” the forensic accountant will need to be able to dig deep into the company’s computer system. However, without the proper equipment, that process can prove to be very difficult. To facilitate the preservation, collection, analysis, and documentation of evidence, forensic accountants can use specialized software and computer hardware.
The client is known for taking these types of incidents to court for prosecution to the full extent of the law, so it is imperative that the investigation follows all procedures for documentation, digital evidence collection, and digital evidence storage required to ensure admissibility in court. Furthermore, XYZ, Inc. has been given four tasks that must be completed to ensure a clear and concise plan has been developed. This plan would then be implemented for utilization into the
In order to fix this fundamental issue, one needs to look at the broader systemic issue and the ways that it can be fixed. We need to establish a governing standards protocol that would look over all forensic laboratories and as well as the forensic experts. A solution to deal with the past case could be
As the lead forensic investigator for XYZ, Inc. my goal is to prepare before the investigation starts, this involves knowing the nature of the assignment and activities, prepare the tools and personnel needed to properly investigate the incident. Additionally, understanding the skill-sets required to extract digital evidence will help build the appropriate team, assign roles to staff and supervisor, and ensure the forensic investigators have appropriate background to perform the extractions needed.
For this reason, it is imperative that the information gathered is reliable and accurate to ensure the evidence collected can be utilized by the digital forensic investigator for the current case (Ingalls & Rodriguez, 2011). Additionally, cyber incidents require digital forensic investigators to interview various individuals regarding the information needed for the case. According to the National Institute of Justice (2004), interviewing the system administrator, users, and employees of an organization regarding a cyber incident would provide investigators with valuable information; for example, user accounts, email accounts, network configuration, logs, and passwords. Furthermore, for digital forensic investigators to conduct an effective interview, they must have the proper tools and training to employ the interview process. For instance, formal procedures or instructions should be developed and implemented to ensure that the investigator follows a standard during all investigations. Additionally, training should be provided to ensure that digital forensic investigators comprehend by what means to prepare, conduct, and evaluate an interview. Furthermore, resources should be made available for digital forensic investigators to accomplish their tasks; for example, recording devices and references. Also, definitions should be provided to the digital forensic investigators for
The crucial step of the investigation is the transport and storage of evidence recovered from the crime scene. Tightly controlled access during transport and storage will prevent any unauthorized contact and possible tampering or loss of evidence. The evidence that is recovered at the scene must reach a forensic laboratory as quickly as possible, appropriate conditions will prevent deterioration of evidence during transport and storage. Evidence might have to be stored for some years until a case goes to court or if the case is unsolved so labelling and storing evidence must be appropriately done to avoid contamination or disintegration etc.
Forensic readiness is a decade old concept that many organizations have taken steps to address and implement. It involves taking steps of preparation in anticipation of a particular type of incident. This includes ensuring adequate logging for monitoring, detection, post-mortem investigation, and event reconstruction. Forensic readiness ensures that adequate staff, training, tools, and external support are all in place in advance. Forensic readiness is becoming a crucial part of risk management, and good incident preparedness helps to increase efficiency, reduce the costs of incident response, and help organizations prioritize resources (Nikkel, 2014).
Integrity of Evidence The FBI Crime Lab has come a long way since it opened. All began in the 1920’s, when a person named J. Edgar Hoover recognized the importance of scientific analysis in criminal matters (Forensic Science Communications, 2007, para. 1). Ever since that moment the crime grew a lot. The use of technology to solve crimes increased tremendously overtime.
On his way back to his office, the veteran examiner was thoroughly impressed with his team’s conduct; they ensured all policies and procedures that the Group 4 Firm had put in place were followed step by step. The officer has worked hard for many years to get to this point in his career. In addition to his due diligence and efforts, he had hired the right company to help him start his business. The story above illustrates what can happen when a laboratory is built from the ground up with the Group 4 Firm’s guidance. As with the forensic investigator described, XYZ, Inc. is in the process of opening a new digital forensics laboratory and is hoping, with Group 4 Firm’s support, their personnel and new facility will achieve success. One may ask what it takes to put a digital forensics laboratory together. With its proven track record, the Group 4 Firm knows what it takes to get the job done. The Group 4 Firm will assist XYZ, Inc. by proposing a plan for a 100-person facility that will work efficiently. In ascertaining the scope of XYZ, Inc.’s investigative services, the Group 4 Firm’s proposal is comprised of numerous considerations, including the (1) physical and
The crime scene investigator has authority to determine the extent and nature of the services needed at the crime scene next to the power to arrest and carry a weapon “the investigator, in charge shall determine team composition” (Gardner, 2004). This includes what technical procedures are to follow and what specialized equipment is to be used (Gardner, 2004).
Before the reporting of the actual work done can start, it is important to include a section with the terms of reference. This explains the technical terms that is not generally known and any acronyms it might appear in the report. This is important for any readers that are not familiar with forensic terminology.Next a short background to the investigation must be given for the benefit other readers who are not familiar with the case the case.After the background is given, a section on the mandate must be included. This needs to explain who requested and authorized the investigation.It is also important define the scope of the investigation clearly, so that it is clear that the investigation did not venture outside of the legally authorized scope.The evidence must be clearly identified, inclusive of serial numbers and any other identification that can be used to confirm that it is the same as the evidence that was acquired. Where used, the hash codes for the evidence items should also be included to show
According to NIST SP 800-61 (2012), the forensic investigator must have the appropriate training, regular testing and verification of skills to access their organizationally-used software and equipment, awareness of laws and legislation, the skill set to handle unexpected situations and ensure that the acquisition equipment is comprehensive and functional prior to conducting an investigation. The forensic investigator must know his or her own limitations and recognized when it’s time to bring in specialize expertise (Nelson et al, 2010)
When building a computer forensics lab, especially when there is a budget to be adhered to, there are many aspects of design that must be considered. These include but are not limited to, hardware, software, number and type of machines, network type, physical security, network security (Denmark & Mount, 2010). Assessing what type of information processing will take place in the lab, will also help determine what type of equipment should be installed.