Investigating The Criminal Data Stored On Digital Devices

Review the information in the text sheet entitled “Overview of Evidence and Digital Forensic Analysis Techniques,” which describes different types of digital forensic analysis techniques, such as disk forensics and e-mail forensics.

A computer forensic investigation typically includes the collection, examination, analysis, and reporting of data. These steps could have been used to extract and preserve the data in the U.S. versus AOL case. Collection involves seizing digital evidence. Examination is where techniques are applied in order to identify and extract data. Analysis is using the data and resources to prove a case (Brecht, 2015). Reporting involves presenting the documentation gathered during the investigation. Investigators use these steps to examine evidence that could be needed in a trial. Following these steps is one way to ensure that the findings are sound and admissible in court. “The purpose of a computer forensic examination is to recover data from computers seized as evidence in criminal investigations (Brecht, 2015)”. Forensic tools are used by investigators to provide their collection, indexing and detailed analysis

A big problem with digital evidence is, that the suspects can hide the evidence on any location on the Hard Drive. That means a judge, a police office or a forensic analyst can impossible predict where exactly the evidence is located on the Hard Drive. That implies, that the forensic analyst have to search through the entire Hard Drive to find the evidence

This manual is to assist forensic technicians who may be responsible for preserving electronic crime scene and recognizing, collecting, preserving, and storing digital evidence. When dealing with digital evidence, these principles apply: The process of collecting, securing, and transporting digital evidence should not change the evidence in anyway. Only trained forensic technicians specifically for digital evidence should conduct the analysis. Everything done during the search, seizure, transportation and the storage of the digital evidence should be documented, preserved and ready for review.

Data is crucial to the success of any company and they are now increasing their efforts in soliciting and retrieving customer data to learn more about their client's preferences, likes, and dislikes. This, among other factors has attributed to a growing field of data science where data scientists learn to collect crucial data. While there are many types of data, this paper will primarily focus on digital data and how digital scientists can retrieve these data to support provide information for the crown or for the defense. This area has received more attention because criminals such as terrorists have realized the effectiveness of using digital devices to aid in their criminal endeavors (Reith, Carr & Gunsch, 2002, p.2). To combat this, law enforcement agencies are now relying on digital scientists to preserve, collect, analysis and interpret "digital evidence derived from digital sources" (Vincze, 2016, p.184) to help prevent cybercrime and prosecute (or exonerate) suspects. The purpose of this paper is then to illustrate why digital forensic is crucial to addressing the new dangers presented in our society by analyzing the strengths and demonstrating why the weaknesses of the field

Moving onto the weaknesses, the following test will examine the acquisition of information, discovery of information, education, procedure and significance of the evidence. One of the main concerns in this field is still acquiring the information in a way that does not jeopardize the integrity of the information despite having the appropriate tools. This is because digital forensic scientists created the tools for security and other computer related purposes and not for forensic purposes (Casey, 2004, p.29). This poses specific issues when the investigators are trying to collect information in a manner that is acceptable by law, and while it is true that it is possible to create tools specifically for forensic purposes

Having digital forensic capabilities is very important in this era we are in. At our company, we have an in house forensics team that consists of a senior forensic investigator, project manager, computer forensic examiner, legal counsel, IT specialist, and three lab assistants.

Evidence plays a vital role throughout criminal investigations. Typically, we think of evidence as things such as fingerprints, DNA, and fibers. However, evidence as evolved as the world of technology has expanded. Digital evidence also now plays just as much of an important role as traditional evidence. When beginning an investigation that involves digital evidence, it is important for the investigator to know what evidence to look for. Identification of evidence, collection including transportation of evidence and examination of evidence are the three main aspects of the process.

An extremely important computer forensic service is the preservation of evidence. In this step a forensic image is made of all pertinent data. This image is actually what is being analyzed and the original source where the data was extracted is put in a safe and confidential environment. The security and authenticity of this information is analyzed very carefully and handled only by a digital forensics expert.

In simple terms, computer or digital forensic evidence analysis is the scientific collection of data that is either retrieved or held by a computer storage device that can be used against a criminal in a court of law. For the information to be used in court it should be collected before it is presentation; therefore, there are a number of recommendations proposed to make sure that information collected meets the intended integrity.

Also many software developers have extensively contributed towards the enhancement of digital forensics tools. These developments have resulted in divergent views on digital forensic examinations. This dissertation presents the CDFPM - Comparative Digital Forensic Process Model. The model is presented after analysing digital forensic process models within the current academic and law enforcement literature. An adapted sequential logic notation is used to denote the forensic models. The terminology used in different forensic models is examined and standardized to suit the CDFPM. Finally, a prototype supports complete selection of the CDFPM processes, which will aid a digital forensic

In a world where technology is increasingly becoming the way of life, it was only a matter of time before crime was no longer just in the streets but happening online as well. Criminals now get a new approach to carry out their crimes with the use of computers. Since technology is more like a murder mystery than catching the bad guy in the act, a new discipline of forensics needed to be put into place. This is known as computer forensics. Forensic science is any science used for the purpose of law. In the case of computer forensics it is “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (U.S. Cert, 2008). Meaning if you do something illegal on the Internet it can be found.

Throughout the length of this paper, I am going to be discussing the topic of computer forensics. Computer forensics involves carefully collecting and examining electronic evidence that not only evaluates the damage to a computer as a result of an electronic assault, but also to recuperate lost information from a system to prosecute a criminal in a court of law. Since security is such an important factor in technology, it is crucial for any type of computer professionals to understand the aspects of computer forensics.

A computer forensics expert can recover information and computer evidence even if it has been hidden, encrypted, or deleted. In computer forensics, time is of the essence and an investigation must be performed in a timely manner to prevent information from disappearing forever. An important aspect of a computer forensic investigation is that the computer forensics expert must be capable of performing the analysis in a manner that will preserve, identify, extract, document and interpret computer data. The computer forensics analysis must be performed in a manner that conforms with legal requirements so that the results of the forensics investigation will be admissible in court. Simply powering up a computer can result in many files being changed. This may affect the admissibility and reliability of digital evidence. The analysis of electronic evidence includes not only the analysis of documents currently in a computer and those that were previously deleted, but also past versions and alterations of electronically stored documents.

Technological advancements, the increased prevalence of personal computing, and the exponential rise in electronic crime over the past few decades, has predicated the emergence of the cyber forensics field as experts seek to increase the effectiveness of administrative and criminal investigations. Though still in its infancy, the field purposes to apply the fundamental concepts and systematic methodologies utilized in traditional forensic investigations to the cyber realm. This is accomplished through the identification, preservation, examination, interpretation, and documentation of electronic media and digital evidence, conducted in a systematic fashion adhering to legislative rules of evidence, in order to provide an expert testimony for use in legal and/or administrative proceedings (EC-Council, 2010, p. 1-1). While specific investigative actions/processes will vary depending on the investigating entity, these core concepts remain consistent throughout the field, and provide a basis for all computer forensic activities.