The General Flow Process Of The Digital Forensic Research Workshop

Digital forensics (sometimes Digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.[1][2] The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover all devices capable of storing digital data and is now used to describe the entire field.[1] The discipline evolved in a haphazard manner during the 1990s and it was not until the early 2000s that national policies were created.

Digital forensics has always been known across technologists and law enforcement as the art of hacking into a computer and retrieving important information. Information that holds the key to important crimes and issues surrounding criminal activity. More importantly, digital forensics has the ability to make the non-believer surrounding a criminal case into a swift prosecutor ready to use his or her fullest extent of the law; regarding the sensitive data that comes out of that powerful piece of machinery as we know today as technology. Digital forensic scientists have begun to venture into the world of cloud computing and its familiar components. Components such as remote servers, web browsers, and web based media devices that are connected to the cloud.

For this reason, it is imperative that the information gathered is reliable and accurate to ensure the evidence collected can be utilized by the digital forensic investigator for the current case (Ingalls & Rodriguez, 2011). Additionally, cyber incidents require digital forensic investigators to interview various individuals regarding the information needed for the case. According to the National Institute of Justice (2004), interviewing the system administrator, users, and employees of an organization regarding a cyber incident would provide investigators with valuable information; for example, user accounts, email accounts, network configuration, logs, and passwords. Furthermore, for digital forensic investigators to conduct an effective interview, they must have the proper tools and training to employ the interview process. For instance, formal procedures or instructions should be developed and implemented to ensure that the investigator follows a standard during all investigations. Additionally, training should be provided to ensure that digital forensic investigators comprehend by what means to prepare, conduct, and evaluate an interview. Furthermore, resources should be made available for digital forensic investigators to accomplish their tasks; for example, recording devices and references. Also, definitions should be provided to the digital forensic investigators for

Digital crime has been on the increase due to the increasing use of computer and internet. This has led the investigators with another method of fighting this crime. This is Computer Forensics, a process of going into computer hard drive and capturing basic information the user believed it has been erased.

From data acquisition, the investigator should move to the process of extracting data. He or she should use special computer forensics software tools to extract important data from various computer devices and networks. The process of extracting data requires the investigator to be knowledgeable about where to search data in the system and the kind of questions to ask (Rogers, 2003). After extracting data, the investigator proceeds to the process of data analysis. By this time, the investigator will probably be having thousands of files. He or she should use computer forensic tools and techniques to analyze the files in order to generate data which is more relevant and concise (Rogers, 2003). The last step of the process of computer forensics involves reporting the analyzed data. The investigators should ensure that the data, which is supposed to be reported, is complete, understandable, and defendable. This will ensure that the final data presented is credible (Rogers, 2003).

Digital forensics has been responsible for putting away thousands and thousands of criminals. Ranging from simple crime computer crimes to child pornography. To get quality evidence that can be admissible in court there are steps that are needed in preparing a computer investigation. There are also requirements for data recovery, as well as procedures for corporate investigations. “Digital forensics has become prevalent because law enforcement recognizes that modern day life includes a variety of digital devices that can be exploited for criminal activity, not just computer systems. While computer forensics tends to focus on specific methods for extracting evidence from a particular platform, digital forensics must be modeled such that it can encompass all types of digital devices, including future digital technologies” (Reith, Carr, and Gunsch, 2002).

Forensics is divided into fields of specialties covering a wide range of different sciences: Physiological/social sciences, forensic criminalistics, digital forensics and other related disciplines. The most noted fields, which people associate with forensics, are fingerprint analysis, ballistics, DNA profiling and toxicology however the everyday public is unaware the forensic field also includes fire investigation, forensic engineering, and even vehicular accident reconstruction. Within the last twenty years, due to the advances in technology and science, many new disciplines have come into fruition.

(3)http://www.aicpa.org/Research/Standards/Pages/default.aspx Golden, T. W., Skalak, S. L., Clayton, M. M., & Ebooks Corporation. (2006). A guide to forensic

Indescribably, technology has entered every aspect of our life and to no surprise has become almost futuristic as it helps define our crime solving abilities. Forensics actually is the fastest growing criminal justice field in America. Seemingly always in the background, forensics is a major part of our criminal justice systems as a whole. Forensic Science has contributed to our world a great deal in multiple ways, and very significant ways. By the close of the 20th century, forensic scientists had a wealth of high-tech tools at their disposal for analyzing evidence from polymerase chain reaction (PCR) for DNA analysis, to digital fingerprinting techniques with computer search capabilities (Stephanie). To start off, Criminal Investigation is the largest and most known form of Forensic Science. Some of the more known areas include Fingerprinting, Ballistics, DNA Identification, Fiber Samples, Computer Animation, and Documentation analysis.

Digital forensics is an emerging discipline that focuses on the acquisition, recovery, documentation, and analysis of information contained within and created with computer systems. These methods and methodologies are used typically to figure out what happened, when it happened, how it happened, and who was involved.

Processing a crime scene is no easy task. Individuals who are trained to process and analyze these crime scenes cannot just walk into area of interest and commence handling items and taking items of possible implications of the situation. This holds true for a digital forensics investigator as well. Digital forensics investigators are looking for any possible digital evidence within the crime scene, but it’s not as simple as just finding a computer and taking it to the lab. “Digital evidence is information stored or transmitted in binary form that may be relied on in court. It can be found on a computer hard drive, a mobile phone, a personal digital assistant (PDA), a CD, and a flash card in a digital camera, among other places” (Digital Evidence and Forensics, 2016). Identifying, preparing for the search, seizing the evidence, documentation, and chain of custody are all critical pieces of ensuring digital evidence is admissible in court.

This paper will help explain the basic understanding of computer forensics. I will also identify five areas in computers and computer application a forensic investigator can look for digital evidence. I will identify three types of criminal investigations that can utilize the services of computer forensic investigators. This paper will help with the understanding of computer forensics.

Digital forensics is an ever changing field and the number of examinations being performed by digital forensic laboratories is constantly growing. Because investigations often rely on the results of these examinations, particularly those cases built on the digital evidence, investigators need to be able to provide results as soon as it is possible. To meet the growing demand and customer needs, ongoing research and development is needed in the creation of tools that will increase efficiency of digital forensic examinations. To improve efficiency and effectiveness in forensic processes, investigators should concentrate on specific areas including preparation and preservation, extraction and storage, examination and reporting, sharing, correlating

The appropriate use of evidence plays a vital role in case’s hearings. Digital Forensic analyst accumulates all the evidences from the crime scene and then evaluates the evidences and analyze the result before presenting it in the case hearing. Digital Evidence Analysis can be done with the use of data that is extracted from any type of digital electronic device. In any of the cases, where a guilty person is involved in illegal activity, such evidences and devices are used can be used to find the actual guilty person.

In a world where technology is increasingly becoming the way of life, it was only a matter of time before crime was no longer just in the streets but happening online as well. Criminals now get a new approach to carry out their crimes with the use of computers. Since technology is more like a murder mystery than catching the bad guy in the act, a new discipline of forensics needed to be put into place. This is known as computer forensics. Forensic science is any science used for the purpose of law. In the case of computer forensics it is “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (U.S. Cert, 2008). Meaning if you do something illegal on the Internet it can be found.