As a digital forensic investigator, I was assigned to a case where my expertise where needed. My role in the investigation was to search the suspects digital evidence to help find more helpful information and advance the case. Overall my job as a digital forensic investigator was to recover and analyse the digital evidence so that it could be used in the criminal prosecution. Approach to Case My method of investigating a case was using a systematic approach as this is the accepted procedure to follow. The first item on the agenda was to determine what sort of case I was dealing with. The case involved a manufacturer of consumer healthcare products. The case started when the manufacturer received multiple complaints in regards to unsavory …show more content…
If important data is lost, then the entire case can be put into jeopardy and question my ability as the investigator. The use of anti-forensics tools which overwrite, destroy or modify files by the culprits could hinder the investigation, so the threat of this risk must be taken into account. The loss or damage of the physical evidence from which the data was recovered is also an important risk to consider. There is potential for a failure of the hardware involved - this may be the evidence, or even hardware in the computer forensics lab. Legal issues could arise if the opposition believe that my job was done unprofessionally or if I have been biased in favour of the prosecution[7]. Minimizing risks is essential after the identification of the potential risks. Minimizing The Risks It was important that I did everything I could to reduce the risks involved before I proceeded any further. Here are the ways I minimized the risks during this investigation: Preserved evidence securely Documented all findings Maintain chain of custody [5] Stayed with the structured checklist Followed the standardized approach Create backups for all evidence Work off copies of evidence Keep an unbiased view …show more content…
My objective at this stage is to find evidence that will help progress the investigation and potentially lead to further clarity on all aspects of the case. As a well trained professional it is my job to find all the answers to questions I am asking to myself and these questions would include: What type of data in particular am I looking for? Where would the potential data be stored? Is there any deleted documents sill stored on the disk? In the cell phones, fax machines and the telephone and voicemail systems yielded little new digital evidence that was relevant to the case. The involvement of the equipment itself however, meant that there was a sophisticated communication system used between the locations. The computers however had a different story. Overall, there were 30 computers that needed to be investigated that were found at the 5 crime scenes. Most of the computers, 25 to be precise yielded some evidence such as product logging details, client lists and sales reports, all of which were found on the computers without the need for forensic tools. The most important and interesting evidence came from 5 of the computers, 1 at each scene. These computers were separated from the others in an office - more than likely a designated office for the manager of
This ultimately results is a subsequent communication which requires the holder to disclose those passwords or taking on an additional task of tracking the passwords. In both the cases, the level of work is expanded and the police investigator has to take on additional tasks then he was initially required to. This while increasing the cost of investigation also increases the time taken in investigation. Therefore while identifying the property, or the hardware of the computer, an inclusion needs to be made in relation to the passwords that may be protecting that hardware. Similarly for the data demanded in the digital format the investigator, would have to highlight that mere data in digital format is not required, but also the passwords or the code's which restrict access to that data are also required.
4.7.5 Data Preservation and Isolation from the Network. The main purpose of a digital forensic report is to keep the data integrity, avoiding any type of data alteration, in order to present valid evidences, for instance in a court. The use of not valid software to check the stored information in a mobile phone can alter these information. The action of receive new data can alter the information stored, for instance an automatic firmware update, or remote device control with the risks involved. Therefore, it is extremelly important have the device completely isolated from the network.
Most of the evidence is usually found in the data files. If you do cloned
During the comprehensive forensic examination Assante’s personal laptop was subjected to an eighteen hour intrusive search using specialized equipment to open and read all files on the laptop, scanning the unallocated space on the hard drive for deleted files, then proceeding to
Ever since Sherlock Holmes, police and prosecutors have solved cases by confessions or eyewitness accounts, but recently they started solving cases from the forensic evidence found. In the passage, “Forensic Science: Evidence, Clues, and Investigation” by Andrea Campbell, forensic evidence is explained to be the most important evidence to present at trial. Forensic evidence are things like “fingerprints, body fluids, and bullets” (paragraph one). Forensic evidence is the evidence that’s found at the scene of a crime. In paragraph two, it says, “after police have secured the site, criminal investigators collect physical evidence.
Case Study 1: BTK In 2005, serial killer Dennis Rader, also known as BTK (bind, torture, and kill), was arrested and convicted of murdering 10 people in Kansas between the years of 1974 and 1991. Rader sent numerous notes to the police, but they couldn’t prove for sure that he was the one committing the murders. In 2004, he began sending things to the police once again. However, this time Rader sent a document created in Microsoft Word on a floppy disk.
1. Evaluate the issues which arise when first responders (police or paramedics) are called to a crime scene, which (prior to their arrival) is discovered to be a source of digital crime. What complexities are likely to arise that would compromise the investigation and prosecution of alleged perpetrators? Unit 3. Many criminal investigations will include computers at some point in a case.
However, it is possible to identify potential sources of digital evidence during the interview. If probable cause exists to believe the digital source is evidence of a crime, then further analysis should be halted while obtaining a
1. Viruses Can destroy all of the data and erase all of the file or misused by the attacker. Have the anti-virus downloaded in your computer and make sure your computer is completely updated. 2. Phishing Attacker will be able to get the private information of the person and will gain access on computer Be able to recognize the fake emails from the attacker and avoid opening them up.
With the introduction of new technology in recent years, the government can discreetly capture evidence from electronic files,
i. Manage The term manage is used to mean acquiring the necessary contractual vehicle and resources that include financial resources that are used in running forensic labs and programs. It can also be used to mean to coordinate and build internal and external consensus that can be used to develop and manage an organizational digital forensic program. Management also is to establish a digital forensic team, usually, the one that is composed of investigators, IT professionals and incidents handlers to perform digital and network forensics. Management provides adequate workspaces that at minimum take in to account
It will be like taking a test on the book but the information in the book has nothing to do with the test. All the evidence taken from the scene of the crime should be handled with care especially if it will be looked at later in the week or even several years from now. Before anyone physically gathers evidence, picture should be taken of
Student Name: Keshab Rawal Student ID: 77171807 Word Count: Title: The rise of anti-forensics: The rise of anti-forensics: Tables of contents: • Overview • Introduction • History • Categories/Tools of anti-forensics • Conclusion • Future Work Overview: Computer forensics is an active topic of research, with areas of study including wireless forensics, network security and cyber investigations. The goal of the computer forensics is to provide information about how the crime happened, why and who is involved in the crime in any legal proceeding by using the computer forensic tools.
Who Are They? A Forensic science technician is a person that aids criminal investigators by reviewing crime scenes. They collect evidence from a scene and process it to figure out what led up to cause it. With said evidence, they can reconstruct crime scenes to help push a case further and, hopefully, solve them.
2.0 LITERATURE REVIEW This chapter presents a review of literature that is related to computer and digital forensics. It begins by taking a look at the meaning of computer forensics and the different areas within this field. It also explores the forensic science process and the challenges facing practitioners. The chapter then discusses social networking and its relationship with cybercrime and the role of forensics in keeping user information private and secure. It concludes by reviewing the meaning and significance of metadata information in resolving digital or cybercrime activities.