Table of Contents
Computer forensics is also referred to as cyber forensics or digital forensics. It is the discovery and retrieval of information regarding a crime in a manner admissible in a court. It is applied in the fields, such as employee monitoring, incident response and child pornography. Computer forensics helps in presentation of evidence in the courts.
Major Issues in the Computer Forensics
Poor practice in computer forensics destroys important evidence, rendering it inadmissible to the court. Good practice can save the organization money. It also enhances survivability and integrity of the organization. There are many emerging issues in the digital forensics.
Today, many electronic mobile devices have emerged. These include personal digital assistants, cell phones, digital audio players, and smart phones, such as Blackberry and Apple iPhone. Some of them have storage capacities similar to laptops. They are more popular and offer better advanced computing and provide better connectivity. Criminals have taken advantage of this IT advancement in conducting their criminal activities. Mobile devices are being used in child pornography for storage of photos and images (McGuire, & Murff, 2006). Almost all forms of crime can incorporate mobile devices, which provide digital evidence. These devices contain electronic records information in the form of spreadsheets, GPS tracking information, electronic mail and word processing files. Law enforcers use such evidence in crime investigation.
There is also a requirement of the chain of custody and preservation of evidence. The admissibility of evidence by a court will be determined by adherence of the investigator to a lawful search. It should be observed in the collection, preservation, analysis, and reporting of the evidence, as clearly stipulated by the International Organization on Computer Evidence. Evidence preservation involves security and isolation of electronic mobile devices obtained at the site during crime investigation. Evaluation is to be done in the forensics laboratories. Photographs of all mobile devices should be recorded and documented in their undisturbed states. The devices should be powered off in a safe manner. All the accessories in thedevices should be seized.
Privacy preservation from forensics is important. Usually, there exists ambiguity on the investigator’s part when it comes to the privacy issues due to lack of knowledge in computer security. Information may leak to the wrong people. The data are particularly under threat of exploitation and manipulation by malicious people. Unfortunately, information protection is not fully possible.
Knowledge, training and ability are the major concern in the digital forensics. It takes a long time and is expensive to train forensic investigators. It is also difficult to conduct on-scene investigations for all crimes, especially at remote locations. It has prompted some states to develop a tiered approach for digital forensics. For instance, in the USA, an approach termed computer forensic field triage has succeeded. It entails offering of specialized training to forensic investigators. The examiners use hardware write blockers in safeguarding the content of suspects’ devices.
Investigators should know the standards and limits of their course. The law prohibits unreasonable seizures or searches of suspects, their houses and effects by police agents without a warrant. Evidence collection should be of high integrity, and avoid violation of stipulated requirements.
The above issues are very significant in digital forensics. They affect the findings, analysis and conclusions drawn from the evidence obtained, as demonstrated in Casey Anthony’s case. Casey is accused of murder charge against her daughter, Caylee. Anthony’s computer was used to obtain digital evidence. It entails recovery and analysis of the database history in the Mozilla Firefox. It turns out that there had been Google searches for the word ‘Chloroform’, which is the vital element for prosecution since the searches happened prior to disappearance of the child. The law provides for a death penalty for capital crimes, such as murder. Therefore, it is a serious trial that requires careful investigation. However, there arise some discrepancies in this case, which affect the outcome and its admissibility in the court. For instance, there is a discrepancy in the visit count. The prosecution evidence contradicts that of the NetAnalysis that shows one visit on the page. It works to the advantage of defence (Myers, & Rogers, 2005). It is because the second forensic tool had showed 84 visit counts. Some of other searches found to have been conducted by the computer user included neck breaking, producing of chloroform, making weapons from household products, head injuries, and internal bleeding among others. However, prosecution presentation significantly affected its potentiality and admissibility to the jury. Further, it appears that Sandra Osborne, the computer examiner from Orange County Sheriff’s Office, is incapable of extracting evidence involving the Google searches for the words ‘foolproof suffocation’. It therefore turns out, as the state attorney admits, that some evidence was overlooked.
The forensic investigators should understand the law and not violate the set standards. They ought to maintain high level of integrity, especially when conducting evidence collection. The government agent should conduct a search and seizure in a proper and reasonable manner. Investigators should prepare written reports clear showing the analysis of documentation.
In order to maintain privacy, the use of DIGITS LLC is important. It offers enhanced security for digital information ensuring assurance and confidentiality. DIGITS LLC is a private investigator’s body which is fully licensed, bonded and insured.
Key to your academic success
Do You Have Any Questions?
Investigators should be fully invested for the course. When handling the digital evidence, all forensic principles should be fully completely observed. A lot of care is taken to ensure that all the actions taken upon seizure of evidence do not alter the initial evidence.
How examination should have been conducted
The examination should be thorough, avoid making judgments on the defence and ignore the media. It should consider all the potential evidence, for instance computer activity and timelines, and critically examine evidence from the victims and witnesses. The findings should be presented properly and interpreted in the easy understandable way. The digital evidence should also be cross-checked to ensure accuracy. In Anthony’s case, Mason, a defence lawyer, accuses prosecutors of withholding some information regarding the searches, terming it outrageous.