Field Report
Investigators must ensure the integrity of all evidence collected, analyzed, processed and presented to a courtroom and jury. The reason that this is important is because the improper collection and analysis of evidence can lead to compromised data and potential damage to a prosecution. The seizure and analysis of digital evidence can be particularly challenging but is just as critical to a case as physical evidence. There are specific procedures that must be met to ensure the successful collection and analysis of digital media and guidelines or best practices for collection of all evidence, both physical and digital that must be followed. Conducting the proper steps in an investigation regarding the collection and processing of evidence and the proper chain of custody requirements can ensure a successful outcome in solving a case and a successful prosecution.
The first and most important step in the entire process for collecting evidence is to document the scene. It is extremely critical that an investigator capture as accurate a depiction of a crime scene as possible (Solomon, Rudolph, Tittel, Broom, & Barrett, 2011). This can be accomplished in a number of ways. These include taking a photograph of the scene to preserve the original image of the scene for a judge and jury. Investigators can also take images of a computer system. It is necessary to take hash images of volatile data first as volatile data relies on a constant flow of electricity to keep in system memory. Things that are considered volatile are registers, the system casche, routing tables, kernel statistics, memory, temporary file systems, disks and archived media (Soloman, Rudolph, Tittel, Broom, & Barrett, 2011). The first thing an investigator s...
... middle of paper ...
...atastrophe for the prosecution in the courtroom. Not only must they understand how to collect and analyze evidence, they must also know how to properly store, tag and account for all evidence in order to preserve the integrity of the evidence. Knowledge of how the defense will respond to presented evidence is also helpful in helping forensic experts explain their actions while conducting forensic testing.
References
Computer Learning Center, N. (2009). Comp tia security +. Rochester, NY: Element Corporation.
National Forensic Science Technology Center. (n.d.). A simplified guide to digital evidence. Retrieved from http://tychousa10.umuc.edu/CCJS321/1402/6383/class.nsf/Menu?OpenFrameSet&Login
Solomon, M. G., Rudolph, K., Tittel, E., Broom, N., & Barrett, D. (2011). Computer Forensics Jumpstart (2nd ed.). Indianapolis, IN: Wiley Publishing Inc..
Digital forensics can be broken down into three phases; acquisition, analysis, and presentation. The acquisition phase is where the data is saved in a way that it can be analyzed latter. Because it is not known at the time what data is or is not valuable to the case, all data is saved. In the analysis phase, the data is examined and placed into three major categories; inculpatory, exculpatory, or signs of evidence tampering (Carrier, 2002). Tools are used in this phase that are able to analyze for the list directory contents, deleted files, and recover the deleted files. In the presentation phase, the data has been documented in a way that it can undergo a peer review. When deleted files are recovered, the analyst must show how they were found because they were ...
If handled with care the evidence can be the best assistance to the crime investigator and can be used as a major proof in court. To improve the investigation any detective or expert has to admit the necessity of the non-movable items observation and processing apart from the regular movable evidence collection.
Forensics investigations that require the analyzation and processing of digital evidence can be influenced both positively and negatively by a number of outside sources. In this paper, we will explore how physical security plays a role in forensics investigations activities. We will start by examining how physical and environmental security might impact the forensics investigation process. Next, we will discuss the role that physical and logical security zones play in supporting effective forensics activities. We will illustrate how centralized and decentralized physical and environmental security affects the forensics professional’s approach toward the investigation. Lastly, we will evaluate some potential areas of risk related to the physical security of our case study organization, Widget Factory, identified in Attachment 1.
Crime scenes are known to have many clues left behind. The obvious would be a the body or bodies, clothing, and sometimes even the murder weapon. While these are great way to solve a case there's another kind of evidence; trace evidence. Trace evidence are small pieces of evidence that are laying around a crime scene. There are many types of trace evidence some of them include metal filings, plastic fragments, gunshot residue, glass fragments, feathers, food stains, building materials, lubricants, fingernail scrapings, pollens and spores, cosmetics, chemicals, paper fibers and sawdust, human and animal hairs, plant and vegetable fibers, blood and other body fluids, asphalt or tar, vegetable fats and oils, dusts and other airborne particles, insulation, textile fibers, soot, soils and mineral grains, and explosive residues. Although these are the most common found elements, they are not the only ones. The Trace Evidence Unit is known to examine the largest variety of evidence types and used the biggest range of analytical methods of any unit. materials are compared with standards or knowns samples to determine whether or not they share any common characteristics. In this paper I will discuss the different kinds of trace evidence and how crime scene investigaros use it to solve cases and convict criminal.
On Wednesday, November 16, 2011, Katherine Stang, Aresh Kabirnavaei, and Andrew Roller, all students in the Master’s of Forensic Science program gave thesis presentations to the Forensic Seminar Class. The following paragraphs will summarize each topic.
There is a wide range of Linux forensic software available. There are single tools like file carvers, or there are comprehensive collections of tools. In the following, some of the most popular Linux forensic tools are described. The focus is put on The Sleuth Kit because it is organized according to the different filesystem layers. This provides an interesting insight on how forensics is done on filesystems.
In order to understand how to compile evidence for criminal cases, we must understand the most effective types of evidence. This topic is interesting because there are ample amounts of cases where defendants have gotten off because of the lack of forensic evidence. If we believe forensic evidence is so important and it affects our decisions, then maybe we need to be educated on the reality of forensic evidence. If we can be educated, then we may have a more successful justice system. If we have a more successful justice system than the public could gain more confidence that justice will be served. In order to do this, we must find what type of evidence is most effective, this can be done by examining different types of evidence.
Collecting evidence from a crime scene is a crucial aspect of solving crimes. Before evidence can be seized, there must first be a court order approving the search of the crime scene and the seizure of the evidence found at the scene. Standard protocol for officers is for them to always use latex gloves, avoid plastic bags, double wrap small objects, package each object separately, and to collect as much evidence as possible. It is better to have too much evidence than to not have enough. There are countless amounts of evidence that can be found at a crime scene.
Mercer, L. D. (2004). Computer Forensics Characteristics and Preservation of Digital Evidence. FBI Law Enforcement Bulletin, 73(3), 28-32.
Live acquisition: The future of data acquisitions is shifting toward live acquisitions because of the use of disk encryption with newer operating systems (OSs). In addition to encryption concerns, collecting any data that’s active in a suspect’s computer RAM is becoming more important to digital investigations. The processes and data integrity requirements for static and live acquisitions are the same. The only shortcoming with live acquisitions is not being able to perform repeatable processes, which are critical for collecting digital evidence.
ISCUSSION PAPER ON THE REVIEW OF THE LAW OF EVIDENCE, DEALING WITH HEARSAY, RELEVANCY AND ADMISSIBILTY OF ELECTRONIC EVIDENCE IN CRIMINAL PROCEEDINGS
What did they do ? Before we talk about it any further, we have to know some definitions that we use in digital forensics and digital evidence, not only two of them but the others too. This chapter will explain about it . Before we talk about it any further, we have to know the definition of what we are talking about. In the introduction we already know what digital forensic and digital evidence shortly are. In this chapter, we will more explore what they are, and some state that we found when we search about digital forensic and digital evidence. Computer forensics is a broad field and applied to the handling of crimes related to information technology. The goal of computer forensic is to securing and analyzing digital
Forensic science has now been recognized as an important part of the law enforcement team to help solve crimes and cold cases. The advances in technology are being used each day and we must continue to strive to develop better advances in this field. The recent discovery of using DNA in criminal cases has helped not only positively identify the suspect, but it has helped exonerate hundreds of innocent individuals. “With new advances in police technology and computer science, crime scene investigation and forensic science will only become more precise as we head into the future.” (Roufa, 2017) Forensic science and evidence helps law enforcement officials solve crimes through the collection, preservation and analysis of evidence. By having a mobile crime laboratory, the scene gets processed quicker and more efficiently. Forensic science will only grow in the future to be a benefit for the criminal justice
Digital Forensic is described as “ a forensic science encompassing the recovery and investigation of materials found in digital devices “ (“Introduction to Digital Forensics,” 2011). The objective of digital forensics is to implement a well-structured investigation while preserving a documented chain of custody and evidence custody form to know what really occurred on digital devices and who was accountable for it.