Wait a second!
More handpicked essays just for you.
More handpicked essays just for you.
Basics of digital forensics
Basics of digital forensics
Digital evidence
Don’t take our word for it - see why 10 million students trust us with their essay needs.
Recommended: Basics of digital forensics
Welcome to this course on electronic evidence and digital forensics. During many years of practicing digital forensics with often seen how difficult it is for legal practitioners, who often have limited time, to get to grips with the complexities of electronic evidence. Not only do many lack a strong background in technology, but it is also a field that is changing at an extremely fast pace. It is not only legal practitioners that need to understand this, but often other individuals are confronted with the intricacies of electronic evidence when they get involved in court cases that has an element of the electronic evidence. To add to this, there are often limited time available to familiarize themselves with this type of evidence while preparing for a case. As digital forensics is a relatively new field there is also a shortage of people who can explain this. In addition, finding information on the Web that is reliable enough for court purposes can be a difficult and time-consuming process. …show more content…
We also did not assume any legal background. To start we will have a good look at the different sources of electronic evidence as many sources of good evidence is often overlooked. We will also look at how data is stored and why it can sometimes be difficult to get to the needed evidence. It will be explained how it is in many cases possible to recover data after it was deleted and why this sometimes cannot be
Forensics investigations that require the analyzation and processing of digital evidence can be influenced both positively and negatively by a number of outside sources. In this paper, we will explore how physical security plays a role in forensics investigations activities. We will start by examining how physical and environmental security might impact the forensics investigation process. Next, we will discuss the role that physical and logical security zones play in supporting effective forensics activities. We will illustrate how centralized and decentralized physical and environmental security affects the forensics professional’s approach toward the investigation. Lastly, we will evaluate some potential areas of risk related to the physical security of our case study organization, Widget Factory, identified in Attachment 1.
Digital forensics can be broken down into three phases; acquisition, analysis, and presentation. The acquisition phase is where the data is saved in a way that it can be analyzed latter. Because it is not known at the time what data is or is not valuable to the case, all data is saved. In the analysis phase, the data is examined and placed into three major categories; inculpatory, exculpatory, or signs of evidence tampering (Carrier, 2002). Tools are used in this phase that are able to analyze for the list directory contents, deleted files, and recover the deleted files. In the presentation phase, the data has been documented in a way that it can undergo a peer review. When deleted files are recovered, the analyst must show how they were found because they were ...
Therefore, the criminal justice system relies on other nonscientific means that are not accepted or clear. Many of forensic methods have implemented in research when looking for evidence, but the methods that are not scientific and have little or anything to do with science. The result of false evidence by other means leads to false testimony by a forensic analyst. Another issue with forensic errors is that it is a challenge to find a defense expert (Giannelli, 2011). Defense experts are required to help the defense attorneys defend and breakdown all of the doubts in the prosecutors scientific findings in criminal cases. Scientific information is integral in a criminal prosecution, and a defense attorney needs to have an expert to assist he/she in discrediting the prosecution (Giannelli,
In order to understand how to compile evidence for criminal cases, we must understand the most effective types of evidence. This topic is interesting because there are ample amounts of cases where defendants have gotten off because of the lack of forensic evidence. If we believe forensic evidence is so important and it affects our decisions, then maybe we need to be educated on the reality of forensic evidence. If we can be educated, then we may have a more successful justice system. If we have a more successful justice system than the public could gain more confidence that justice will be served. In order to do this, we must find what type of evidence is most effective, this can be done by examining different types of evidence.
“Advance in Forensics Provide Creative Tools for Solving Crimes.” www.ctcase.org. Np. n.d. Web. 17 March 2014.
The transitional growth in the forensic science sector has not been without challenges. Though the world has experienced increased capabilities and scientific knowledge, which has led to faster investigations and results, many forensic experts have argued that forensic laboratory testing, in the light of 21st century technological advancements, is yet to meet the expected rate in quick available testing and analysis (Mennell & Shaw, 2006). This is with respect to the growing rate of crime and the high demand of quick crime scene testing and analysis. In the science of crime scene, analysis and interpretation of evidence is majorly dependent on forensic science, highlighting the change in the role of forensic sciences (Tjin-A-Tsoi, 2013). In the business of forensic science, time is beginning to play important role in the evidence testing and analysis which is becoming crucial in reducing ...
Evidence collection is a crucial part of forensics. Its reliability can be compromised by input bias from law
New types of technology have made it easier to track down and catch criminals. Then also made it easier for prosecutors to gather and present more credible information. Some new technology that has made it easier to track down criminals or help provide more reliable and supportive evidence is things such as DNA testing, computer technology, fingerprinting, and GPS tracking devices. “The main strengths of technology in the criminal justice system lie in the provision of databases which allow better and more efficient records to be stored and retrieved” (Bean 370). Prosecutors now in sense have “…an infallible test of truth, a foolproof method, of determining the accuracy and reliability of evidence and hence of convictions” (Pallaras 72). These 4 technological advancement...
The collection, custody and preservation of forensic evidence is a vital aspect of evidence integrity, without proper adherence to these procedures, crucial evidence that could potentially have great impact on a court case could be rendered useless. In the case of criminal proceedings, a skilled defence lawyer will look to scrutinise every step taken by forensic practitioners’ involved within the case in regards to the continuity of the evidence, in doing this they attempt to undermine the practitioner’s ability to properly carry out strict evidence collection, protection and preservation procedures and also look to find fault in the techniques they used to carry out these procedures.
The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of computer crimes, law enforcement agencies use computer forensic to investigate these offenses. Actually, computer crimes are governed by specific laws and dealt with through conducting a computer forensic investigation (Easttom & Taylor, 2011, p.337). Notably, a computer forensic investigation is usually carried out through the use of computer forensic tools, which help in collection of evidence based on the specific offense.
In most crimes committed today criminals’ leave behind digital evidence that can be recovered by digital forensic experts and digital forensic tools.
Live acquisition: The future of data acquisitions is shifting toward live acquisitions because of the use of disk encryption with newer operating systems (OSs). In addition to encryption concerns, collecting any data that’s active in a suspect’s computer RAM is becoming more important to digital investigations. The processes and data integrity requirements for static and live acquisitions are the same. The only shortcoming with live acquisitions is not being able to perform repeatable processes, which are critical for collecting digital evidence.
Physical evidence is any physical object that contains reliable information that supports a hypothesis about the incident. Digital evidence is physical or electronic information (such as a written or electronic documentation, computer log files, data, reports, physical hardware, software, disk images, objects and so on) are collected during the investigation conducted computer. Evidence includes, but is not limited to, computer files (such as log files or generated reports) and human-generated files (such as spreadsheets, documents, or eail
The biggest challenge investigators face and who is involved with high tech crime is the fast-paced constant evolving nature of technology. When companies come out with new devices or new versions of old devices which is almost all the time, and those who gather digital evidence must remain current to be able to locate and preserve all potential evidence. As technology evolves the capacities of these devices will rapidly increase while their form factor grows continually smaller. Investigators must preserve digital evidence to make sure it is suitable for presentation in court as well. Investigators must first never change a crime scene or alter evidence. It is their goal to document and preserve the scene exactly as it was when the crime occurred. Extreme caution and care is needed because the mere act of documenting or cataloging a crime scene means that investigators are interacting with the scene. The second concern is the physical fragility of the evidence. Care must be taken to keep items from getting wet, stepped on etc, this can also be applied to digital evidence. Investigators have been able to examine hard disk drives that have been through fires because the drives are usually air and water tight and impervious to temperatures into the thousands of degrees. The third issue is that digital evidence can be lo...
The process of gathering evidence largely depends on the role of discretion by the police. Once police have decided to pursue a reported crime, they then begin the process of gathering evidence. To ensure that the process of gathering evidence is lawful, the police must follow the procedure outlined in the Evidence Act 1995 (NSW), which describes the manner in which evidence can be collected. This act imposes certain limits on the way police can gather evidence and the types of evidence that can be used. The Act is able to protect the rights of citizens by making it a requirement for the police to gain necessary legal documentation, such as search warrants, in order to obtain some types of evidence and thus, protects the rights of ordinary systems. In more recent times, the use of technology has come to play a major role in the gathering of evidence and with this comes complications in the law. New technologies in relation to the criminal investigation process are mainly in reference to DNA evidence, genetic material that can place a suspect at the scene of a crime. The introduction of DNA evidence into the criminal investigation process has been extremely effective in achieving justice, as it is able to secure convictions. Initially, there were some setbacks to the use of DNA evidence