Module Fifteen: Text Questions
Review Questions
1. What is hardware and software? Give an example of each.
Hardware refers to the physical components of a computer or other device. An example of hardware could be a printer. Software is the set of instructions that allows a particular program to complete at ask. An example of software could be operating systems, such as Windows, Linux, and Mac OS
2. What is RAM?
Random Access Memory is the non-permanent or volatile memory of a computer.
3. What is a swap file? How does the computer use this file? What information might be found there? a File or space on the hard drive where data from RAM is "swapped" in order to preserve space.
4. What is slack space? Why is slack space of importance to forensic scientists?
Slack space is the
…show more content…
Why is the area of computer forensics important?
It allows in a case For investigators to and hidden or deleted storage/information and help prevent or catch criminal acts.
2. What are the similarities and differences in an electronic crime scene as compared to a traditional crime scene?
A similarity of them is there is always some type of evidence. A difference is an electronic crime scene is some times was harder to sort through.
3. Imagine that you are investigating a crime of fraud, where the suspect is creating false documents. Where might you look for evidence on the suspect's computer?
You might look at the hard drive.
4. What are some of the considerations that forensic scientists need to take when examining computers for evidence? Why are these important?
When was the file created, when was it accessed, was it sent and or received and by what accounts. These aspects are important because otherwise the case that the forensic scientist is working can’t be solved.
5. Imagine that you are investigating a case where the suspect is believed to have deleted information from his or her computer that might be evidence. Where would you look for this evidence?
What potential sources of digital evidence do you find at a crime scene? First of all, what is digital evidence? Digital evidence is any information or data of value to an investigation that is stored on, received by, or transmitted by an electronic device. Also, Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. Text messages, emails, pictures and videos, and internet searches are some of the most common types of digital evidence. Most criminals now leave a digital trail;
In your report, describe how that evidence was discovered and retrieved by law officers or computer forensic experts
A big problem with digital evidence is, that the suspects can hide the evidence on any location on the Hard Drive. That means a judge, a police office or a forensic analyst can impossible predict where exactly the evidence is located on the Hard Drive. That implies, that the forensic analyst have to search through the entire Hard Drive to find the evidence
It is very important that the data is not altered. Once all the data is retrieved and examined from the computer, the next step is to analyze it. This step is crucial because the forensics investigator can find out when the inappropriate files were transferred or install into the computer and if they have been modified. The analysis is done with specialized tools to review all of the data, protected data, windows registry and email. After the analysis process is completed the forensics investigator will then create a report describing all the steps that he did to find the evidence. The report will be given to the main investigator of the
Just as other forms of evidence, digital evidence must be assured not to get wet, stepped on, driven over, and frozen and so on. Magnetic media of all sorts can be fragile and if not handled with care can be wiped out. this is why officers should take special care to handle the evidence and package it accordingly as not doing so would cost them a case. Third issue that can also affect digital data if not done properly is the turning off or powering down a device. Computers store information on the RAM system which can be erased if not closed properly. As well the computer may have applications, documents, images, or any other data may have been left opened by the user can be erased if the computer is turned off. It is best that the investigator not to commit any action when dealing with an computer such as clicking the mouse, clicking on any files, using the keyboard, or apply any software to the suspects computer
Inept or unqualified individuals are not as knowledgeable with retrieval methods that are accessible using specialized forensics techniques. Dedicated forensics specialists are capable of creating bit-by-bit copy of a drive, without jeopardizing the integrity of data. Competent forensic investigators follow specific forensic methodology that has standard operating procedures for efficiently gather potential evidence (Cumming, n.d.). The goal of an investigation is to understand what happened, who did it, when, how, and why to prevent similar incidents from reoccurring. Dedicated forensic specialists can unearth these answers in a timely and efficient matter. Having dedicated forensics specialists’ means qualified individuals who get it right the first time, because in digital investigation you might not get a second
This paper provides an overview of the field of digital evidence and forensics from the perspective of the use of these fields in finance or digital crimes. Specifically, this paper investigates digital evidence and techniques for digital forensics in terms of how they complicate or facilitate the investigative process: how can forensic investigators apply new methods, given the rapidly expanding scope of cybercrime? How can new digital techniques facilitate investigations of computer fraud and other crimes? This paper considers computer and digital evidence from a forensic standpoint, considering how they have changed or rendered obsolete the already novel protocols for investigating such crimes. Conducting an in-depth review of
Recently in the world of digital technology especially in the computer world there is tremendous increase in crime like unauthorized access, money laundering etc. So, investigation of such cases is much more important task for that kind of crime investigation that’s why we need to do digital forensic
Next, evidence is collected and analyzed, including tangible evidence such as hard drives and electronic devices, and the digital evidence they contain. Cybercrime investigations for instant messaging rely on instant messaging exchanges, or conversations between people, as digital evidence. The data includes the IM text and the “meta-data” includes other related evidence such as timestamps, length of time the user has been logged on, and more. Then you must seek expert advice if necessary since these crimes can get extremely technical. For crimes relating to
Computer forensics is the process that applies computer science and technology to collect and analyze evidence which is crucial and admissible to cyber investigations (Sindhu & Meshram, 2012). Adding the ability to practice sound computer forensics will help ensure the overall integrity and survivability of an organization’s network infrastructure (U.S. Cert, 2008). In this paper, we review a number of scenarios where computer forensics is necessary. We determine good sources of data for each scenario, and determine which would be optimal.
In simple terms, computer or digital forensic evidence analysis is the scientific collection of data that is either retrieved or held by a computer storage device that can be used against a criminal in a court of law. For the information to be used in court it should be collected before it is presentation; therefore, there are a number of recommendations proposed to make sure that information collected meets the intended integrity.
The need for an increase in trained personnel in the criminal justice field with a sufficient level of knowledge and skills to investigate, detect, and prosecute high technology crimes is needed with the ever-increasing problem of technology crimes occurring throughout the world. Skilled investigators are needed to not only investigate and prosecute technology crimes, skilled investigators are needed to protect evidence found on computers and other portable devices so that arrests can be made. The most common form of damage or deletion of evidence is attributed to employee errors and omissions. Any organization that uses computers constantly faced with a “variety of potential problems that can lead to the disruption or, worse, destruction of
One device that digital evidence can be found on is computer systems. Some evidence that a forensic examiner may look for on computer systems are browsing history, event history, image files, office documents, emails, chat logs, metadata, etc. A computer systems network configuration could also greatly benefit a forensic examiner. The configuration would potentially allow the examiner to identify connected nodes, routing schemes, router/modem equipment used, etc.
Since the introduction of computer and technology, they have become the new weapon in committing crime, and to the burgeoning science of digital evidence, law enforcement now use computers to fight crime. Nevertheless, digital evidence is information stored, transmitted, and received in binary form that can potentially be relied on as evidence in court. Notwithstanding, digital evidence is commonly associated with crimes that involve such devices, such as a computer hard drives, external storage devices, mobile phones, among others, and are often referred to as e-crimes. However, to fight e-crime, law enforcement must collect relevant digital evidence for such crimes, law enforcement agencies are incorporating the collection and analysis of digital evidence, also referred to as computer forensics, into many of their infrastructures.
There are areas in which a computer forensic investigator should know where to look for digital evidence for a criminal case.