Best Practices for Cyber Forensics Paper
Introduction
Forensics has now entered a new age of collecting and analyzing evidence. Cyber forensics is a relatively new field that continues to expand upon its current operations, tactics and procedures. The development of cyber forensics has initialized the computer incident response techniques, recovery and analyzation of IT systems to include password cracking, and imaging which assist in the prosecution of criminals. As information technology and the cyber forensics have developed best practices in several areas of the field and we will discuss the critical pieces of these practices. These practices support the legal investigations and the prosecution of successful civil or criminal prosecution.
…show more content…
Any evidence that can be collected appropriately and that is relevant to the case at hand can be beneficial for law enforcement. However, digital evidence has a process and should be collected in a specific way to be utilized in building a case against perpetuators of the law. Most criminals now knowingly or not leave a trail of evidence behind them for cyber forensic teams to collect on. Generally, when collecting evidence first the cyber forensics team will want to discuss the scene with investigators to determine the type of evidence that may or may not be collected. This will assist in determining the type of evidence, time spent on site, and location of the collection. Additionally, the type of evidence will also assist in determining what type of equipment to bring and review documentation regarding digital evidence collection if applicable. Due to the factor that cyber forensics may be relatively new teams are having to consult law experts to make sure specific evidence collection is within their right. Certain cases may require traditional forensics to be performed so cyber teams sent to investigate crime scenes should trained on how to do basic collection procedures such as DNA or fingerprinting collection. Evidence should not be removed unless necessary and required as well as some evidence may not be able to leave a crime …show more content…
As discussed previously mobile device isolation must be maintained because the digital data inside the phone may be exploited but not if it is changed. It is imperative that it is put in airplane mode so that this cannot happen. Lastly, standard forensic rules should be applied so that contaminants or fingerprints are not jeopardized. Clues or evidence could be exploited if handled correctly. These types of procedures should be universally adapted to improve cyber forensics process because it could be the decision between a guilty and not guilty verdict. (SWGDE Best Practices for Mobile Phone Forensics,
Digital Forensic is the process of uncovering and interpreting electronic data that can be used in a court of law. It requires a set of standards to show how the information that is gathered, preserve, and analyzed is strictly followed. The analysts need to understand the evolution of the current technology and how it will impact how they gather their information. The investigator is able to uncover evidence and analyze it to gain the understanding of the motives, crime, and the criminal’s identity to help solve the crime. As computers and technology continue to become a part of our everyday lives, the cyber realm contains a growing realm for evince in all types of criminal investigations (Cummings, 2008) Digital forensics is a way to connect information security and law enforcement. It ensures that the digital evidence is collected in a way that it can make it into the courts in an unhampered or uncontaminated way (Dlamini, M., Eloff, J. & Eloff, M., 2009).
Forensics investigations that require the analyzation and processing of digital evidence can be influenced both positively and negatively by a number of outside sources. In this paper, we will explore how physical security plays a role in forensics investigations activities. We will start by examining how physical and environmental security might impact the forensics investigation process. Next, we will discuss the role that physical and logical security zones play in supporting effective forensics activities. We will illustrate how centralized and decentralized physical and environmental security affects the forensics professional’s approach toward the investigation. Lastly, we will evaluate some potential areas of risk related to the physical security of our case study organization, Widget Factory, identified in Attachment 1.
Technologies are advancing in today's world where more information is being generated, stored and distributed through digital gadgets. This requires investigators and forensic expert to increase the use of digital evidence gathering as a tool to fight against cyber-crime (International competition network, n.d.).
Collection of evidence is usually a term designated to refer to the collection of physical evidence, government agencies such as police or environmental protection departments will have their own methods for the collection, storage and conservation of physical evidence and it is the responsibility of forensic personnel to adhere to these set guidelines. General principles which are shared amongst various agencies include, the creation of contemporaneous notes, recording the collection of evidence via photographing, videotaping and/or audiotapes, preserving the crime scene by sealing off the location and only allowing designated personnel to enter, avoiding contamination of the crime scene by investigators through the use of full body covering and also preventing cross-contamination with the scene and any suspects.
The amount of evidence can either help win or lose a case. Every crime scene has evidence available for officers to collect. It is important for them to know what the standard protocol is for collecting evidence and how to properly collect it without contamination.
The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of computer crimes, law enforcement agencies use computer forensic to investigate these offenses. Actually, computer crimes are governed by specific laws and dealt with through conducting a computer forensic investigation (Easttom & Taylor, 2011, p.337). Notably, a computer forensic investigation is usually carried out through the use of computer forensic tools, which help in collection of evidence based on the specific offense.
Live acquisition: The future of data acquisitions is shifting toward live acquisitions because of the use of disk encryption with newer operating systems (OSs). In addition to encryption concerns, collecting any data that’s active in a suspect’s computer RAM is becoming more important to digital investigations. The processes and data integrity requirements for static and live acquisitions are the same. The only shortcoming with live acquisitions is not being able to perform repeatable processes, which are critical for collecting digital evidence.
What did they do ? Before we talk about it any further, we have to know some definitions that we use in digital forensics and digital evidence, not only two of them but the others too. This chapter will explain about it . Before we talk about it any further, we have to know the definition of what we are talking about. In the introduction we already know what digital forensic and digital evidence shortly are. In this chapter, we will more explore what they are, and some state that we found when we search about digital forensic and digital evidence. Computer forensics is a broad field and applied to the handling of crimes related to information technology. The goal of computer forensic is to securing and analyzing digital
It is highly important that each piece of evidence found at a crime scene to be properly logged and secured for later data retrieval, when necessary. Forensic scientists may also find it important to take pictures of the evidence before it is removed from its original state at the scene. After the collection of the evidence, the scientist then proceeds to analyze the found materials.
Forensic science has paved the way to a new world of technological advancements in solving crime, through DNA analysis, new technology such as M-Vac, improving systems such as CODIS and other investigative methods. As forensic science technology advances, the chance of an individual being able to commit a crime and walk away free without leaving any trace of evidence will lessen. While forensic science has its limitations, it can be the only way to provide an accurate account of what actually occurred at some crime scenes.
Forensic science has now been recognized as an important part of the law enforcement team to help solve crimes and cold cases. The advances in technology are being used each day and we must continue to strive to develop better advances in this field. The recent discovery of using DNA in criminal cases has helped not only positively identify the suspect, but it has helped exonerate hundreds of innocent individuals. “With new advances in police technology and computer science, crime scene investigation and forensic science will only become more precise as we head into the future.” (Roufa, 2017) Forensic science and evidence helps law enforcement officials solve crimes through the collection, preservation and analysis of evidence. By having a mobile crime laboratory, the scene gets processed quicker and more efficiently. Forensic science will only grow in the future to be a benefit for the criminal justice
The process of gathering evidence largely depends on the role of discretion by the police. Once police have decided to pursue a reported crime, they then begin the process of gathering evidence. To ensure that the process of gathering evidence is lawful, the police must follow the procedure outlined in the Evidence Act 1995 (NSW), which describes the manner in which evidence can be collected. This act imposes certain limits on the way police can gather evidence and the types of evidence that can be used. The Act is able to protect the rights of citizens by making it a requirement for the police to gain necessary legal documentation, such as search warrants, in order to obtain some types of evidence and thus, protects the rights of ordinary systems. In more recent times, the use of technology has come to play a major role in the gathering of evidence and with this comes complications in the law. New technologies in relation to the criminal investigation process are mainly in reference to DNA evidence, genetic material that can place a suspect at the scene of a crime. The introduction of DNA evidence into the criminal investigation process has been extremely effective in achieving justice, as it is able to secure convictions. Initially, there were some setbacks to the use of DNA evidence
The biggest challenge investigators face and who is involved with high tech crime is the fast-paced constant evolving nature of technology. When companies come out with new devices or new versions of old devices which is almost all the time, and those who gather digital evidence must remain current to be able to locate and preserve all potential evidence. As technology evolves the capacities of these devices will rapidly increase while their form factor grows continually smaller. Investigators must preserve digital evidence to make sure it is suitable for presentation in court as well. Investigators must first never change a crime scene or alter evidence. It is their goal to document and preserve the scene exactly as it was when the crime occurred. Extreme caution and care is needed because the mere act of documenting or cataloging a crime scene means that investigators are interacting with the scene. The second concern is the physical fragility of the evidence. Care must be taken to keep items from getting wet, stepped on etc, this can also be applied to digital evidence. Investigators have been able to examine hard disk drives that have been through fires because the drives are usually air and water tight and impervious to temperatures into the thousands of degrees. The third issue is that digital evidence can be lo...
Digital Forensic is described as “ a forensic science encompassing the recovery and investigation of materials found in digital devices “ (“Introduction to Digital Forensics,” 2011). The objective of digital forensics is to implement a well-structured investigation while preserving a documented chain of custody and evidence custody form to know what really occurred on digital devices and who was accountable for it.
Computer crime or Cyber Crime is defined as any type of crime that involves or regards a computer or computer network. Cyber Crime mainly means that the computer may be used as a tool in the commission of the crime or the computer may be the main target of the criminal’s crime. The rapid growth of technology and gadgets as well as the further de...