Field Report
Investigators must ensure the integrity of all evidence collected, analyzed, processed and presented to a courtroom and jury. The reason that this is important is because the improper collection and analysis of evidence can lead to compromised data and potential damage to a prosecution. The seizure and analysis of digital evidence can be particularly challenging but is just as critical to a case as physical evidence. There are specific procedures that must be met to ensure the successful collection and analysis of digital media and guidelines or best practices for collection of all evidence, both physical and digital that must be followed. Conducting the proper steps in an investigation regarding the collection and processing of evidence and the proper chain of custody requirements can ensure a successful outcome in solving a case and a successful prosecution.
The first and most important step in the entire process for collecting evidence is to document the scene. It is extremely critical that an investigator capture as accurate a depiction of a crime scene as possible (Solomon, Rudolph, Tittel, Broom, & Barrett, 2011). This can be accomplished in a number of ways. These include taking a photograph of the scene to preserve the original image of the scene for a judge and jury. Investigators can also take images of a computer system. It is necessary to take hash images of volatile data first as volatile data relies on a constant flow of electricity to keep in system memory. Things that are considered volatile are registers, the system casche, routing tables, kernel statistics, memory, temporary file systems, disks and archived media (Soloman, Rudolph, Tittel, Broom, & Barrett, 2011). The first thing an investigator s...
... middle of paper ...
...atastrophe for the prosecution in the courtroom. Not only must they understand how to collect and analyze evidence, they must also know how to properly store, tag and account for all evidence in order to preserve the integrity of the evidence. Knowledge of how the defense will respond to presented evidence is also helpful in helping forensic experts explain their actions while conducting forensic testing.
References
Computer Learning Center, N. (2009). Comp tia security +. Rochester, NY: Element Corporation.
National Forensic Science Technology Center. (n.d.). A simplified guide to digital evidence. Retrieved from http://tychousa10.umuc.edu/CCJS321/1402/6383/class.nsf/Menu?OpenFrameSet&Login
Solomon, M. G., Rudolph, K., Tittel, E., Broom, N., & Barrett, D. (2011). Computer Forensics Jumpstart (2nd ed.). Indianapolis, IN: Wiley Publishing Inc..
If handled with care the evidence can be the best assistance to the crime investigator and can be used as a major proof in court. To improve the investigation any detective or expert has to admit the necessity of the non-movable items observation and processing apart from the regular movable evidence collection.
Forensics investigations that require the analyzation and processing of digital evidence can be influenced both positively and negatively by a number of outside sources. In this paper, we will explore how physical security plays a role in forensics investigations activities. We will start by examining how physical and environmental security might impact the forensics investigation process. Next, we will discuss the role that physical and logical security zones play in supporting effective forensics activities. We will illustrate how centralized and decentralized physical and environmental security affects the forensics professional’s approach toward the investigation. Lastly, we will evaluate some potential areas of risk related to the physical security of our case study organization, Widget Factory, identified in Attachment 1.
There is a wide range of Linux forensic software available. There are single tools like file carvers, or there are comprehensive collections of tools. In the following, some of the most popular Linux forensic tools are described. The focus is put on The Sleuth Kit because it is organized according to the different filesystem layers. This provides an interesting insight on how forensics is done on filesystems.
Crime scenes are known to have many clues left behind. The obvious would be a the body or bodies, clothing, and sometimes even the murder weapon. While these are great way to solve a case there's another kind of evidence; trace evidence. Trace evidence are small pieces of evidence that are laying around a crime scene. There are many types of trace evidence some of them include metal filings, plastic fragments, gunshot residue, glass fragments, feathers, food stains, building materials, lubricants, fingernail scrapings, pollens and spores, cosmetics, chemicals, paper fibers and sawdust, human and animal hairs, plant and vegetable fibers, blood and other body fluids, asphalt or tar, vegetable fats and oils, dusts and other airborne particles, insulation, textile fibers, soot, soils and mineral grains, and explosive residues. Although these are the most common found elements, they are not the only ones. The Trace Evidence Unit is known to examine the largest variety of evidence types and used the biggest range of analytical methods of any unit. materials are compared with standards or knowns samples to determine whether or not they share any common characteristics. In this paper I will discuss the different kinds of trace evidence and how crime scene investigaros use it to solve cases and convict criminal.
The transitional growth in the forensic science sector has not been without challenges. Though the world has experienced increased capabilities and scientific knowledge, which has led to faster investigations and results, many forensic experts have argued that forensic laboratory testing, in the light of 21st century technological advancements, is yet to meet the expected rate in quick available testing and analysis (Mennell & Shaw, 2006). This is with respect to the growing rate of crime and the high demand of quick crime scene testing and analysis. In the science of crime scene, analysis and interpretation of evidence is majorly dependent on forensic science, highlighting the change in the role of forensic sciences (Tjin-A-Tsoi, 2013). In the business of forensic science, time is beginning to play important role in the evidence testing and analysis which is becoming crucial in reducing ...
Carmichael, L. E. (2015). Forensic science: in pursuit of justice. Minneapolis, MN: Abdo Publishing, an imprint of Abdo Publishing.
Collecting evidence from a crime scene is a crucial aspect of solving crimes. Before evidence can be seized, there must first be a court order approving the search of the crime scene and the seizure of the evidence found at the scene. Standard protocol for officers is for them to always use latex gloves, avoid plastic bags, double wrap small objects, package each object separately, and to collect as much evidence as possible. It is better to have too much evidence than to not have enough. There are countless amounts of evidence that can be found at a crime scene.
Computer forensics is the application of analytical techniques on digital media after a computer security incident has occurred. Its goal is to identify exactly what happened on a digital system and who was responsible through investigative procedure. Computer forensics involves the preservation, identification, extractio...
Forensic science has now been recognized as an important part of the law enforcement team to help solve crimes and cold cases. The advances in technology are being used each day and we must continue to strive to develop better advances in this field. The recent discovery of using DNA in criminal cases has helped not only positively identify the suspect, but it has helped exonerate hundreds of innocent individuals. “With new advances in police technology and computer science, crime scene investigation and forensic science will only become more precise as we head into the future.” (Roufa, 2017) Forensic science and evidence helps law enforcement officials solve crimes through the collection, preservation and analysis of evidence. By having a mobile crime laboratory, the scene gets processed quicker and more efficiently. Forensic science will only grow in the future to be a benefit for the criminal justice
Digital Forensic is described as “ a forensic science encompassing the recovery and investigation of materials found in digital devices “ (“Introduction to Digital Forensics,” 2011). The objective of digital forensics is to implement a well-structured investigation while preserving a documented chain of custody and evidence custody form to know what really occurred on digital devices and who was accountable for it.
Live acquisition: The future of data acquisitions is shifting toward live acquisitions because of the use of disk encryption with newer operating systems (OSs). In addition to encryption concerns, collecting any data that’s active in a suspect’s computer RAM is becoming more important to digital investigations. The processes and data integrity requirements for static and live acquisitions are the same. The only shortcoming with live acquisitions is not being able to perform repeatable processes, which are critical for collecting digital evidence.
What did they do ? Before we talk about it any further, we have to know some definitions that we use in digital forensics and digital evidence, not only two of them but the others too. This chapter will explain about it . Before we talk about it any further, we have to know the definition of what we are talking about. In the introduction we already know what digital forensic and digital evidence shortly are. In this chapter, we will more explore what they are, and some state that we found when we search about digital forensic and digital evidence. Computer forensics is a broad field and applied to the handling of crimes related to information technology. The goal of computer forensic is to securing and analyzing digital
The biggest challenge investigators face and who is involved with high tech crime is the fast-paced constant evolving nature of technology. When companies come out with new devices or new versions of old devices which is almost all the time, and those who gather digital evidence must remain current to be able to locate and preserve all potential evidence. As technology evolves the capacities of these devices will rapidly increase while their form factor grows continually smaller. Investigators must preserve digital evidence to make sure it is suitable for presentation in court as well. Investigators must first never change a crime scene or alter evidence. It is their goal to document and preserve the scene exactly as it was when the crime occurred. Extreme caution and care is needed because the mere act of documenting or cataloging a crime scene means that investigators are interacting with the scene. The second concern is the physical fragility of the evidence. Care must be taken to keep items from getting wet, stepped on etc, this can also be applied to digital evidence. Investigators have been able to examine hard disk drives that have been through fires because the drives are usually air and water tight and impervious to temperatures into the thousands of degrees. The third issue is that digital evidence can be lo...
ISCUSSION PAPER ON THE REVIEW OF THE LAW OF EVIDENCE, DEALING WITH HEARSAY, RELEVANCY AND ADMISSIBILTY OF ELECTRONIC EVIDENCE IN CRIMINAL PROCEEDINGS