StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Digital Evidence - Research Paper Example

Cite this document
Summary
This paper 'Digital Evidence' tells us that the rate of information technology development has made the use of digital collection and analysis of digital evidence an uphill task. Evidence collected from volatile and static sources is one of the most vital facets in the dynamic field of computer technology…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.4% of users find it useful
Digital Evidence
Read Text Preview

Extract of sample "Digital Evidence"

?Is Digital Evidence collected from volatile source is as valid as that collected from a static source? Is Digital Evidence collected from volatile source is as valid as that collected from a static source? Abstract The rate of information technology development has made the use of digital collection and analysis of digital evidence an uphill task. The technological development is directly proportional to the challenges associated. Evidence collected from volatile and static sources is one of the most vital facets in the dynamic field of computer technology. Innovation has always been on the rise which to a whopping existent has necessitated best practices with a view of meeting industrial needs. Evidence sources in the recent times has shifted from static source as one of the initial steps in evidence collection to adoption of digital source which is quickly driven by the ever changing dynamic computing environment. Evidence from volatile source can be referred to as data that provides a linkage that is significant between the victim and the perpetrator (Wang 2007). It can be gathered from anything that is criminally related such as such as theft of trade secrets, destruction of intellectual property and fraud to the usage of computer. Static source can be referred to as data preserved when the computer is turned off conserved on a computer hard drive or another medium as opposed to volatile source whose storage is in memory and gets lost when the computer is turned off. Introduction There are various ways of collecting digital evidence from the scene of crime. The most prevalent techniques are collecting digital evidence form volatile sources and collecting from static source. Data from volatile source might have key evidence. It is therefore vital that at the scene of crime, the computer remains on. Tools for data collection range from various software such as data recovery, file examination, internet protocol tracking, decryption, authentication and most notably backup. Other notable tools are needed when obtaining data such as hardware imaging tool where bit by bit of data is copied using a method known as a bit stream copy. Data backups are always considered first with a principal objective of retaining the original evidence. Scope Casey (2000) lays out the physical characteristics of digital source where he asserts that it cannot be kept in its original state easily since the computer system records data in binary form that is 0 and 1 where the copied data has user modifications making it difficult to recollect volatile source in its original status. Volatile source can easily be produced hence prone for it being modified or copied raising doubts on its source and integrity. The negative impact posed is the difficulty to deduce directly the relationship between evidence obtained and the suspects as posed to the highly efficient methods such as deoxyribonucleic acid (DNA) or fingerprints that is used for evidence authentication. A computer uses random access memory (RAM) to store volatile data by way of writing current processes in the form of a virtual clipboard for process usage and immediate reference. The information that may be of interest to the investigator include running processes, console executed commands, clear text passwords, unencrypted data, instant messages and the internet protocol addresses. There can be a scenario where an examination of a running system is required involving a computer during investigation. These can be enhanced using home networking technology which allows an investigator to have a small network to facilitate any investigative situation involving a computer. Volatile source data preservation and forensic examination analysis will surely be the way forward for many years to come for digital evidence collection. Investigators ability to collect crucial evidence at the crime of scene ought to be critical most importantly when they are provided crime scene collection skills so as to deal with the challenges and workload brought about by home networking technology. Scenario An investigator is called upon to respond to a homicide occurred on a street corner. There are no witnesses on the crime scene though it identified that the victim was shot once in the chest. A search is then conducted at the victim’s residence in an effort to determine the suspect or motive. It is discovered that the computer is already powered on and is running windows XP operating system. Evidence is booked for forensic examination by following the traditional method of computer evidence collection by way of shutting down the system and collecting the computer. From the above scenario, the collection of volatile source does not necessarily entail the traditional method of computer evidence collection where the system is shut down but essentially collecting the random access memory (RAM) from the running computer which is something the investigator ought to have been trained about. RAM collection ensures instant message traffic between the victim and another individual detailing the kind of activity they were engaged in. The use of instant message traffic would quickly have led the investigator to the suspect. Findings The above scenario depicts collection of volatile source through instant message leading to the arrest of the suspect otherwise the investigator would have had little evidence to tie the suspect to the crime. The different volatile evidence collection training methods would enable investigators develop the necessary skills of evidence collection that may have traditionally been overlooked? Discussion Computer forensics is vital especially from an organizational point of view. A good percentage of technology budgets is located for computer network and security by managers. A methodology for volatile data collection according to computer forensics involves response preparation of incident, documentation of incident, verification of policy, collection strategy for volatile data, setup collection for volatile data and collection process for volatile data. The methodological steps are designed to investigate intrusion cases common to larger networks by the investigator. The date, time and command history for the security incident collection is one of the initial steps volatile data collection processes where an audit trail of date and time would be established as the way of executing the forensic tool or command. Forensic collection activities is then documented to begin command history that will later on show volatile system types and network information. A general guideline is formulated by the aforementioned steps of volatile data collection regarding what an investigator should collect. Precaution has to be taken by the investigators when collecting volatile evidence since computer systems that contain crucial evidence could be destroyed in case the traditional computer evidence collection methods are destroyed. A log of all actions conducted on a running machine ought to be maintained as one of the precautionary measures of preserving digital evidence. Operating system running on the suspect machine identification is vital together with the screenshot of the running system on the suspect machine showing the date and record of the current actual time. RAM from the system should always be dumped to a removable storage device. The precautionary steps allow the on-scene investigator to be to collect data which may have been left as not useful. The dumped RAM captures a large amount of available evidence however minor changes to the system will be made Incase a device is inserted into the running system such as a removable drive into the system instead USB port with a removable drive adds an entry to the Microsoft registry. The overall state of evidence would not be affected as far as forensic examination is concerned. This is attributed to the fact that operating system files change and not the data saved on the system. Evidence gathering must be issued with a warrant from relevant authorities who give authorization for commencement of computer forensics. Monitoring tools that involve security do have legal implications together with safeguarding data requirements that have laws to be followed. These measures ensure lawsuits or regulatory audits are prevented from being dismissed and keep intruders away. Possible evidence is always ensured to be error free from being destroyed, damaged or compromised in any way by the procedures put in place to investigate the computer by ensuring an established and well maintained custody is kept in place (Robbins, 2008). Conclusion Digital evidence bag is the recommended process of ensuring evidence from any source by ensuring maintenance throughout the life of an investigation (Turner,2007).Each forensic tool already executed would be saved by this software application that entails an index, tag and bag files also known evidence units which permits advanced data such intelligent imaging technologies(Turner, 2006).Anything that an organization needs to ensure in terms of efficient handling of incident response kept inside DEB. References Casey E 2012, Digital evidence and computer crime: Forensic science, computers and the internet. San Diego, CA: Academic Press. Icove D Seger K & Vonstorch 2010, Computer crime. O'Reilly & Associates. Kruse W G & Heiser J. G. 2011, Computer forensics: Incident response essentials . Addison Wesley. Masters G & Turner P 2010, Forensic data recovery and examination of magnetic swipe cloning devices. digital investigation, 4 (1), 16-22. Robbins J 2008 , An explanation of computer forensics. Retrieved April 9, 2008, from http://computerforensics.net/forensics.htm Stallings, W. 2011, Cryptography and network security 3/e. Prentice Hall. Turner P 2012, “Applying a Forensic Approach to Incident Response, Network Investigation and System Administration using Digital Evidence Bags”. Digital Investigation , 4 (1), 30-35. Turner P 2011, “Selective and Intelligent Imaging Using Digital Evidence Bags”. Digital Investigation, 3 (1), 59-64. Wang S J 2010, “Measures of Retaining Digital Evidence to Prosecute Computer-Based Cyber-Crimes”. Computer Standards & Interfaces, 29 (2), 8. Brown, Christopher L.T 2011, Computer Evidence Collection & Preservation Hingham, MA: Charles River Media. Carrier Brian 2012, File System Forensic Analysis Boston, MA: Addison-Wesley Professional. Carvey Harlan 2012, Windows Forensics and Incident Recovery Boston, MA: Addison-Wesley Professional. Jones K J and Curtis W Rose 2010, Real Digital Forensics: Computer Security and Incident Response Boston, MA: Addison WesleyProfessional Mandia Kevin, and Chris Prosise 2012, Incident Response:Investigating Computer Crime Berkeley, CA:Osborne/McGraw Hill Colin O’Sullivan 2010, First Responders Guide to ComputerForensics, CERT Training and Education Handbook,CMU/SEI-2005-HB-001 Pittsburgh, PA: Carnegie-Mellon Software Engineering Institute. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Is digital evidence collected from a volatile source as valid as that Research Paper”, n.d.)
Retrieved from https://studentshare.org/information-technology/1471915-is-digital-evidence-collected-from-a-volatile
(Is Digital Evidence Collected from a Volatile Source As Valid As That Research Paper)
https://studentshare.org/information-technology/1471915-is-digital-evidence-collected-from-a-volatile.
“Is Digital Evidence Collected from a Volatile Source As Valid As That Research Paper”, n.d. https://studentshare.org/information-technology/1471915-is-digital-evidence-collected-from-a-volatile.
  • Cited: 0 times

CHECK THESE SAMPLES OF Digital Evidence

Digital Evidence for Computer Forensics

This paper ''Digital Evidence for Computer Forensics'' shows a lot of evidences, such as content related crime, online stalking and abuse, identity theft and financial fraud, hacking and unlawful computer use, IRP theft and blackmail.... digital images of a real child or a fictitious child engaging the same conduct is also considered a crime Case study In 2007, there was a case in high court in United States concerning a university student who was distributing phonographic material within and outside the campus....
13 Pages (3250 words) Case Study

Digital Evidence & Legal Issues

Digital Evidence and Legal issues BCJ 3801 Date Professor Introduction The increasing cases of cyber crime have impacted changes in the legal structures that guide criminal procedure and the consumption of Digital Evidence by court.... Digital crime has popularized a new type of evidence, Digital Evidence, whose collection differs from the conventional approaches to criminal investigation.... The new techniques of gathering Digital Evidence, however, ought to be reformed and premised on standard laws, in order to achieve proper regulation of Digital Evidence gathering....
5 Pages (1250 words) Research Paper

Cybercrime and Digital Evidence

Date Computer Forensic Analysis: Cybercrime and Digital Evidence The computer forensic analysis is a computer science field that deals with investigation of computer related acts.... Notably, analysis of the digital evidences in line with legal admissibility requires proper investigation; therefore, there are need for proper legal procedures to be undertaken in recovering data and analyzing them against the preempted criminal actions....
3 Pages (750 words) Assignment

Challenges Faced by Cyber Forensic Experts in Search of Digital Evidence

This paper "Challenges Faced by Cyber Forensic Experts in Search of Digital Evidence" examines cyber forensics, by looking at the process and its applicability in contemporary society.... Cyber forensics is the use of scientifically verified techniques to collect, develop, deduce, and to apply digital proof to give a convincing depiction of cybercrime tricks (Saks & Koehler, 2005).... Cyber forensics also comprise the act of making digital information appropriate for addition to a scandalous investigation (Rowlingson, 2004)....
18 Pages (4500 words) Research Paper

Law of Digital Evidence

It would not be argued that all the information established from a personal computer belongs to the user since some may be uploaded via Questions on search warrants for computers Given the nature of Digital Evidence, officers who execute any search warrant for computer devices can turn the search into a “general warrant”.... Searching and Seizing Computers and Obtaining Electronic evidence in Criminal Investigations....
2 Pages (500 words) Essay

Law of digital evidence

Computer searches vary from Law of Digital Evidence General warrant Searching a suspect's private belonging is illegal under the Fourth Amendment.... ?Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet.... Plain view exceptionLaw enforcers should always seize evidence in plain view a feature that remains impossible in computer searches given the soft copy nature of such files.... Criminals can easily delete and manipulate any incriminating evidence in their computers thus making it difficult for the law enforcers to prove their guilt....
1 Pages (250 words) Essay

Digital Evidence: Understanding The Process and Challenges

This assignment describes Digital Evidence: Understanding the Process and Challenges.... This paper deals with the processes and challenges involved in identifying, recovering, securing, examining, analyzing and preparing Digital Evidence from a crime scene.... omputer Forensics is a comparatively new branch of the crime investigational system and involves collecting Digital Evidence from the crime scene by the analysis of the computers systems, networks, and servers in addition to numerous other digital devices (Sahu, 2008, p....
13 Pages (3250 words) Assignment

Cybercrime - Importance of the MAC Address and IP Address during a Digital Evidence Examination

The paper 'Cybercrime - Importance of the MAC Address and IP Address during a Digital Evidence Examination' is a worthy variant of the essay on information technology.... The paper 'Cybercrime - Importance of the MAC Address and IP Address during a Digital Evidence Examination' is a worthy variant of the essay on information technology.... The paper 'Cybercrime - Importance of the MAC Address and IP Address during a Digital Evidence Examination' is a worthy variant of the essay on information technology....
6 Pages (1500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us