Digital Forensic is the process of uncovering and interpreting electronic data that can be used in a court of law. It requires a set of standards to show how the information that is gathered, preserve, and analyzed is strictly followed. The analysts need to understand the evolution of the current technology and how it will impact how they gather their information. The investigator is able to uncover evidence and analyze it to gain the understanding of the motives, crime, and the criminal’s identity to help solve the crime. As computers and technology continue to become a part of our everyday lives, the cyber realm contains a growing realm for evince in all types of criminal investigations (Cummings, 2008) Digital forensics is a way to connect information security and law enforcement. It ensures that the digital evidence is collected in a way that it can make it into the courts in an unhampered or uncontaminated way (Dlamini, M., Eloff, J. & Eloff, M., 2009). Digital forensics can be broken down into three phases; acquisition, analysis, and presentation. The acquisition phase is where the data is saved in a way that it can be analyzed latter. Because it is not known at the time what data is or is not valuable to the case, all data is saved. In the analysis phase, the data is examined and placed into three major categories; inculpatory, exculpatory, or signs of evidence tampering (Carrier, 2002). Tools are used in this phase that are able to analyze for the list directory contents, deleted files, and recover the deleted files. In the presentation phase, the data has been documented in a way that it can undergo a peer review. When deleted files are recovered, the analyst must show how they were found because they were ... ... middle of paper ... ... include smart phones, cellphones, IPod, and MP3 devices. They get this distinction because they are small enough to be handheld (Bennett, 2011). The IPad does not fall into this category because it is considered more of a computer and less of a hand held device. These devices are very popular and many contain storage devices that are similar to a laptop. They are easily portable and can run many applications that a regular computer can run (Bennett, 2011). The reason these are so vital to digital forensics is that they typically contain large amounts of personal and organizational information. They are also used because they are essentially portable data carriers (Bennett, 2011). Because of their ease of use and types of data they contain, they have great potential for incriminating data and can be utilized as evidence in criminal cases (Bennett, 2011).
NIST has established a methodology for the testing of computer forensics tools in order to assist law enforcement and other investigators in choosing the proper forensics tools which will consistently produce legally admissible court evidence. Among the test criteria for forensic tools are; “general tool specifications, test procedures, test criteria, test sets, and test hardware” (NIST, n.d.). The program is endorsed by the NIST Law Enforcement Standards Office and the US Department of Homeland Security (DHS) (NIST, n.d.). The CFTT program allows investigators to choose forensics tools which have already been tested and verified to be sufficiently accurate to be legally appropriate, which saves investigators from the need to test their own tools from scratch in an effort to validate acceptable ones, a process that might jeopardize court cases when tools are found to be insufficient during an investigation.
Evidence essentially comes in two forms: verbal or physical. For instance, verbal evidence could be spoken evidence acquired from a wiretap. Physical evidence could include DNA, blood, or bodily samples. Another reliable origin evidence is digital documentation. “As technology has become more portable and powerful, greater amounts of information are created, stored, and accessed” (GEDJ). Over the past few decades, technology has advanced to extreme levels! The most common technology used to find digital evidence are cell phones, computers, tablets, external storage devices, GPS locators, and various other devices (GEDJ). Text messages, social media posts, pictures, etc. are becoming more common data in investigations of the modern era. “Digital evidence can come from both suspects and victims, as all involved parties may have their own personal devices that are relevant to the investigation” (GEDJ). If they are available, computers, phones, social media and much more are very useful sources of gathering data for a criminal case. For instance, both the suspect and the victim may have text messages on their cell phones that could add to the search. “In some criminal cases, digital evidence can be useful if the suspect had associated with it. In some cases it can lead in the wrong direction or to the wrong people. Or it could simply be useless if the suspect didn 't use anything digital”
Forensic science has now been recognized as an important part of the law enforcement team to help solve crimes and cold cases. The advances in technology are being used each day and we must continue to strive to develop better advances in this field. The recent discovery of using DNA in criminal cases has helped not only positively identify the suspect, but it has helped exonerate hundreds of innocent individuals. “With new advances in police technology and computer science, crime scene investigation and forensic science will only become more precise as we head into the future.” (Roufa, 2017) Forensic science and evidence helps law enforcement officials solve crimes through the collection, preservation and analysis of evidence. By having a mobile crime laboratory, the scene gets processed quicker and more efficiently. Forensic science will only grow in the future to be a benefit for the criminal justice
The information gathered in this report will show the methodology and tools used to forensically examine any files or images stored in relation to the investigation claim of Bobby Joe. While the examination is being conducted I will show how the chain of custody of evidence is kept, what evidence was discovered in the file image, and identify and examine the devices used. It will also show what steps Bobby Joe took to store information on the claim against him. The results of this investigation will then be used to determine if any offences he may have committed according to the State laws. The report will also provide a summary of the information for a jury to examine and understand. USB flash drive without any security function causes
One of the most important aspects of studying a history of a place is why that place came into existence in the first place. The FBI's Regional Computer Forensics Laboratories are perhaps not a terribly well-known entity within the general public, yet they play an essential part in both our justice system, and our everyday lives. So this begs the question, why would a laboratory centered strictly around computers, even more specifically the forensics around computers, come to be in an age where certainly all major government establishments have, and are familiar with, computers and the technology associated within them. These are a few of the questions that will be answered throughout this research paper, along with an analysis of where they are today, and where it appears the future of these labs will take them.
“Advance in Forensics Provide Creative Tools for Solving Crimes.” www.ctcase.org. Np. n.d. Web. 17 March 2014.
It is the computer forensics job to look through all of the computer files, even the deleted ones, to see if there are any incriminating files that would prove them guilty. Even reporting them to the jury is one of the jobs that a computer forensic person might have. Not only does this community work closely with eh police force, they can also work within the FBI or a company that uses computers in their business like Apple. Th...
Now-a-days the technology advancements is are now mainly used for crimes. To investigate this occurring crimes digital forensic investigator is required.
Hill, B., & O’Boyle, T. (2000, August). (2000, August). Cyber Detectives employ Intrusion Detection Systems and Forensics. Retrieved from http://www.mitre.org/news/the_edge/february_01/oboyle.html
Due to the volatile nature of the computer memory, information might be lost or overwritten over time. The chip in the random access memory helps the computer to run its programs more efficiently by pulling the data from the RAM. However, every time a machine is switched on, some data stored in the RAM is lost. Whereas the data stored on the hard drive is known as persistent data, the RAM is known as volatile memory. The RAM is constantly swapping the rarely used data that is the hard drive to create space for new information. Therefore, the longer the investigators wait, the more likely they will lose the incriminating data since the computer is not indefinitely persistent. It is fortunate that the investigators have found ways to preserve the evidence without necessarily switching on the computer. The contents are used in courts as the lawyers can use them as evidence for criminal activity.
...he defendant’s computer from the witnesses’ computers. Despite Ravi’s attempt to tamper with evidence, the expert used computer forensic tools and processes to collect and record evidence.
New types of technology have made it easier to track down and catch criminals. Then also made it easier for prosecutors to gather and present more credible information. Some new technology that has made it easier to track down criminals or help provide more reliable and supportive evidence is things such as DNA testing, computer technology, fingerprinting, and GPS tracking devices. “The main strengths of technology in the criminal justice system lie in the provision of databases which allow better and more efficient records to be stored and retrieved” (Bean 370). Prosecutors now in sense have “…an infallible test of truth, a foolproof method, of determining the accuracy and reliability of evidence and hence of convictions” (Pallaras 72). These 4 technological advancement...
Physical evidence is any physical object that contains reliable information that supports a hypothesis about the incident. Digital evidence is physical or electronic information (such as a written or electronic documentation, computer log files, data, reports, physical hardware, software, disk images, objects and so on) are collected during the investigation conducted computer. Evidence includes, but is not limited to, computer files (such as log files or generated reports) and human-generated files (such as spreadsheets, documents, or eail
Technology has opened new encounters and opportunities for the criminal justice system. There are so many new practices of criminal activity, such as computer crimes. There are different types of computer crimes that many people become victims of every day. Computer crime is any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target ("Computer Crime: Chapter 2: What Are the Crimes?", n.d.). Crimes such as data diddling, pump and dump, social engineering and spoofing are computer crimes. Even though these crimes are difficult by privacy issues, the new technology has made investigations and prosecutions well organized and effective. Though views are different on the pros and cons of specific technological changes in the criminal justice system, there is an agreement the system has changed affectedly ("Effects of Technology in Criminal Justice | eHow", n.d.).
Digital Forensic is described as “ a forensic science encompassing the recovery and investigation of materials found in digital devices “ (“Introduction to Digital Forensics,” 2011). The objective of digital forensics is to implement a well-structured investigation while preserving a documented chain of custody and evidence custody form to know what really occurred on digital devices and who was accountable for it.