History Of Computer Science Forensics : An Investigation And Establishment Of Facts Or Evidence

Review the information in the text sheet entitled “Overview of Evidence and Digital Forensic Analysis Techniques,” which describes different types of digital forensic analysis techniques, such as disk forensics and e-mail forensics.

A computer forensic investigation typically includes the collection, examination, analysis, and reporting of data. These steps could have been used to extract and preserve the data in the U.S. versus AOL case. Collection involves seizing digital evidence. Examination is where techniques are applied in order to identify and extract data. Analysis is using the data and resources to prove a case (Brecht, 2015). Reporting involves presenting the documentation gathered during the investigation. Investigators use these steps to examine evidence that could be needed in a trial. Following these steps is one way to ensure that the findings are sound and admissible in court. “The purpose of a computer forensic examination is to recover data from computers seized as evidence in criminal investigations (Brecht, 2015)”. Forensic tools are used by investigators to provide their collection, indexing and detailed analysis

In the 21 century forensic science has developed immensely since the 1700’s-1800’s. The technology does a big part in forensic science and it makes the job that much easier on how to identify the subject of the

National institute of technology (NIST) provides a forensic timeline with different stages to conduct proper investigation. There first portion is collection stage, in their investigator able to gather evidence and information’s about the case. This include interviewing witness, when doing a computer forensic investigation it's not possible to place suspect just only behind the keyboard, as additional investigator must do a deep scanning about the evidence such a confession or perhaps video surveillance evidence, and it’s important to talk with suspects whether there were admit to the crime or at least admin owning the machine and they are the only that uses the evidence

This manual is to assist forensic technicians who may be responsible for preserving electronic crime scene and recognizing, collecting, preserving, and storing digital evidence. When dealing with digital evidence, these principles apply: The process of collecting, securing, and transporting digital evidence should not change the evidence in anyway. Only trained forensic technicians specifically for digital evidence should conduct the analysis. Everything done during the search, seizure, transportation and the storage of the digital evidence should be documented, preserved and ready for review.

Instructions: There are multiple parts to this assignment. Carefully read each section and type your answer in the space provided. Complete each part of this Homework Assignment to receive full credit.

is documentary evidence which is evidence contained in an original document that can proof some factor in a case.

Acquisition. Due to digital evidence’s fragile state, investigators should be aware that it is easily altered, damaged, or deleted by improper handling of the evidence. Examination best practices are conducted on a copy of the original evidence. The original evidence should be secured in a way that would protect a preserve the evidence in its original unaltered state.

Digital forensics has been responsible for putting away thousands and thousands of criminals. Ranging from simple crime computer crimes to child pornography. To get quality evidence that can be admissible in court there are steps that are needed in preparing a computer investigation. There are also requirements for data recovery, as well as procedures for corporate investigations. “Digital forensics has become prevalent because law enforcement recognizes that modern day life includes a variety of digital devices that can be exploited for criminal activity, not just computer systems. While computer forensics tends to focus on specific methods for extracting evidence from a particular platform, digital forensics must be modeled such that it can encompass all types of digital devices, including future digital technologies” (Reith, Carr, and Gunsch, 2002).

It is critical that evidence is collected in the correct manor to ensure that evidence is not destroyed. The investigator who is collecting the evidence should be properly trained in collection of evidence (Cosic, 2011). One example of proper protocol would be if a computer or cell phone is turned on when found, then it should not be turned off to prevent possible destruction of evidence or prompting for a password for access. The collection process can sometimes prove to be the most difficult because it evidence can easily be compromised or even destroyed (Manes,

Digital forensics (sometimes Digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.[1][2] The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover all devices capable of storing digital data and is now used to describe the entire field.[1] The discipline evolved in a haphazard manner during the 1990s and it was not until the early 2000s that national policies were created.

Some of the most important procedures used in collection of information to be used in a court of law include collecting live data from the RAMs images. Such live recovery of information can be collected from the F-Response which can collect data from the networks of a computer. Information can be collected when the computer is logged on or connected to the network or when the computer is executing (Carrier, 2006, p. 56). The other procedure that can be used in the collection of information for forensic purposes is the encryption of hard disks. Encryption of the hard disk creates logical images that can be collected using the F-Response (Eoghan & Gerasimos, 2008, p. 95). The other important procedure for collection of information is making sure that all data storage devices are kept away from magnets and any other devices that might destroy data stored in them. It is important that the handling individuals obtain the information collection manuals that help them collect information effectively (Eoghan & Gerasimos, 2008, p. 94).

In a world where technology is increasingly becoming the way of life, it was only a matter of time before crime was no longer just in the streets but happening online as well. Criminals now get a new approach to carry out their crimes with the use of computers. Since technology is more like a murder mystery than catching the bad guy in the act, a new discipline of forensics needed to be put into place. This is known as computer forensics. Forensic science is any science used for the purpose of law. In the case of computer forensics it is “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (U.S. Cert, 2008). Meaning if you do something illegal on the Internet it can be found.

A crucial part in reviewing and preparing the evidence for the case is having non-technical explanations for the more detailed parts of the investigation. While more is being done to prepare those in the court for the more technical terms, there is always a chance that some items need to be defined properly in the court for everyone’s understanding (Nelson et al.,

In this era of economic recession, the one area that is not affected is the identity theft which is supposed to be a criminal venture of gigantic proportion, earning millions for the offenders and causing a lot of grief and suffering for the victims. To tackle this menace, computer forensics specialists are approached to provide the necessary proof that will incriminate the offenders as well as identify the fraud that has occurred. The computer hackers leave a trail behind them just like us, while using the internet. The hackers make use of our IP addresses to track us and similarly they too can be identified by the information left on the system used by the thieves. This is made possible by the experts in computer forensics. The specialists in computer forensics are capable of creating data available in the form of unallocated bunches into a clear and precise order. The data though erased by the criminals can be retrieved from the system. The system is equipped to store even the deleted information about the details that were stored initially. The increase in the incidence of these identity thefts started with the advent of selling computers online in sites like EBay and also various other auction websites. This does not hold the websites conducting the auction responsible but implicates the persons who put their system gears for sale online. Installing a new operating system over the previous older system does not guarantee its complete removal and you need the