Introduction Technological advancements, the increased prevalence of personal computing, and the exponential rise in electronic crime over the past few decades, has predicated the emergence of the cyber forensics field as experts seek to increase the effectiveness of administrative and criminal investigations. Though still in its infancy, the field purposes to apply the fundamental concepts and systematic methodologies utilized in traditional forensic investigations to the cyber realm. This is accomplished through the identification, preservation, examination, interpretation, and documentation of electronic media and digital evidence, conducted in a systematic fashion adhering to legislative rules of evidence, in order to provide an expert testimony for use in legal and/or administrative proceedings (EC-Council, 2010, p. 1-1). While specific investigative actions/processes will vary depending on the investigating entity, these core concepts remain consistent throughout the field, and provide a basis for all computer forensic activities. At the commencement of an investigation, a designated first responder is responsible for identifying and protecting the crime scene, while identifying and collecting item of potential evidentiary value for subsequent examination (EC-Council, 2010, p. 4-2, 4-3). Preservation of evidence is imperative, and extensive measures are implemented to prevent a deliberate or unintentional compromise of the evidence item(s). This is best
It is imperative that an agency has an evidence collection unit that processes all crime scenes for many of reasons. Securing the scene, separating the witnesses, scanning the scene, seeing the scene, sketching the scene, searching for evidence, and securing and collecting evidence are the seven S’s of crime scene investigations in which an evidence collection unit is in charge of last three (ECU, 2017). The biggest advantage to having an evidence collection unit is that highly trained and certified personnel are the ones who are systematically and properly sketching the scene, searching for evidence, and securing and collecting evidence. Another advantage of having an evidence collection unit is that they have all the proper tools and supplies
Digital forensics is a branch that is over the recovery and investigation of materials found in digital devices, it gives a better understanding of the situation. Back before the computers, researchers used to investigate the situation through eyewitnesses, evidences, and trying to recreate what happened in that area. Digital devices are everywhere this day and age. “Computers and networks have become so ubiquitous in our society, such an integral part of our daily lives, that any investigation or legal dispute will likely involve some form of digital evidence.” Casey, 2009 Introduction. Through electronics, it can store the needed evidence to be used in the future.
It is critical that evidence is collected in the correct manor to ensure that evidence is not destroyed. The investigator who is collecting the evidence should be properly trained in collection of evidence (Cosic, 2011). One example of proper protocol would be if a computer or cell phone is turned on when found, then it should not be turned off to prevent possible destruction of evidence or prompting for a password for access. The collection process can sometimes prove to be the most difficult because it evidence can easily be compromised or even destroyed (Manes,
For this reason, it is imperative that the information gathered is reliable and accurate to ensure the evidence collected can be utilized by the digital forensic investigator for the current case (Ingalls & Rodriguez, 2011). Additionally, cyber incidents require digital forensic investigators to interview various individuals regarding the information needed for the case. According to the National Institute of Justice (2004), interviewing the system administrator, users, and employees of an organization regarding a cyber incident would provide investigators with valuable information; for example, user accounts, email accounts, network configuration, logs, and passwords. Furthermore, for digital forensic investigators to conduct an effective interview, they must have the proper tools and training to employ the interview process. For instance, formal procedures or instructions should be developed and implemented to ensure that the investigator follows a standard during all investigations. Additionally, training should be provided to ensure that digital forensic investigators comprehend by what means to prepare, conduct, and evaluate an interview. Furthermore, resources should be made available for digital forensic investigators to accomplish their tasks; for example, recording devices and references. Also, definitions should be provided to the digital forensic investigators for
A crime scene investigator is responsible for multipart crime scene investigations, evaluation of the crime scene, various types of equipment along with developing, securing, and packaging physical evidence for scientific evaluation and comparison (U.S. Department, 2007). Detailed reports on the observations and activities at the scene next to testimonies in court regarding the findings and processing methods used at the scene are also conducted by the investigator (U.S. Department, 2007). The greatest challenge of this position is to apply scientific expertise in crime scene evidence identification and processing with the ultimate
The aim of this report is to examine Computer Forensics and Anti Forensics in details, investigation and Analysis techniques, and standard set of procedures which Forensics investigators must follow
Data is crucial to the success of any company and they are now increasing their efforts in soliciting and retrieving customer data to learn more about their client's preferences, likes, and dislikes. This, among other factors has attributed to a growing field of data science where data scientists learn to collect crucial data. While there are many types of data, this paper will primarily focus on digital data and how digital scientists can retrieve these data to support provide information for the crown or for the defense. This area has received more attention because criminals such as terrorists have realized the effectiveness of using digital devices to aid in their criminal endeavors (Reith, Carr & Gunsch, 2002, p.2). To combat this, law enforcement agencies are now relying on digital scientists to preserve, collect, analysis and interpret "digital evidence derived from digital sources" (Vincze, 2016, p.184) to help prevent cybercrime and prosecute (or exonerate) suspects. The purpose of this paper is then to illustrate why digital forensic is crucial to addressing the new dangers presented in our society by analyzing the strengths and demonstrating why the weaknesses of the field
Although computer forensics is a relatively young field of crime investigation, it has become a useful area of knowledge. Organizations and companies are finding it necessary to recruit computer and network forensics investigators. These experts can detect and report various computer crimes. The reports of their findings can be used to provide useful evidence in court. This paper discusses various aspects of computer forensics. It is based on a scenario involving a computer, which is suspected to contain evidence on child pornography.
Supportive investigation procedures and protocols should be in place in order to show that the incriminating evidence was on the electronic media. Crime has changed since the dawning of the computer age and the need for digital forensics is growing rapidly. Digital forensics has various areas based on different standards and media types, each with experts. There have been major breakthroughs in digital forensics
Nothing is more crucial to any investigation than the actions of the first officers on the scene and the actions they take regarding the preservation of the crime scene, detention of witnesses and an arrest if possible. The immediate objective of the first officers on the scene must be the safety of all parties involved and all else follows
Dedicated system forensics specialists have trained intensively in investigating digital incidents to determine magnitude of the situation. Since digital crimes are committed on devices over multiple computing platforms, it is essential for forensic specialist to have a broad knowledge on which tools and techniques yield best results. The information collected from devices may serve as useful evidence in a legal matter; you never want the gathering of data to be an issue during the trial proceedings. Dedicated system forensic specialists understand the advantage in preparing a chain of custody report; it documents who oversaw data recovery or imaging, when & where collection took place and how & who stored data, which all add evidentiary value to findings. Individuals not skilled in the digital investigative process may inadvertently contaminate, overlook or destroy evidences, or simply forget to document the collection process. The smallest omission & fallacy in evidence collection or documentation can cause finds to
We live in the information age; the way people communicate and practice business has changed tremendously. Everyday new technologies such as: operating systems, applications and automated software make our lives easier. As computer technologies continue to grow, the necessity of securing private information has not been an easy task for computer networking administrators and information security teams. For digital forensic investigators, staying on top of rapidly evolving technologies had become an everyday challenge. Therefore, there are several factors that play an important role to be successful in digital forensics career. First, you must become familiar with the newly OS platforms. Secondly, continuous testing, evaluation and research could expand the capabilities of a forensic lab. Lastly, forensic investigators should maintain connections with a
The science of digital forensics involves an amalgamation of computer science theories, knowledge of legal processes, “civil and criminal law as applicable to the use of computers, and activities performed and transactions conducted over internet and other networks” (WebFinance, 2017). With these varied disciplines, it is important especially when a difference in understanding of words and their definitions can mean significant changes impacting a person’s life, well-being, and even his or her family’s well-being. Not surprisingly, “Those involved in computer forensics often do not understand one other. Groups have evolved separately with only little interaction” (Peisert, Bishop, & Marzullo).
The field of digital forensics has grown to become a science in itself; in the last decade, “digital forensics has helped to resolve an increasing number of cases
In a world where technology is increasingly becoming the way of life, it was only a matter of time before crime was no longer just in the streets but happening online as well. Criminals now get a new approach to carry out their crimes with the use of computers. Since technology is more like a murder mystery than catching the bad guy in the act, a new discipline of forensics needed to be put into place. This is known as computer forensics. Forensic science is any science used for the purpose of law. In the case of computer forensics it is “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (U.S. Cert, 2008). Meaning if you do something illegal on the Internet it can be found.