Essay Example on Forensics Process and Steps Taken

The computer forensics process refers to the identification, preservation, documentation, and extraction process of the computer evidence essential to court use (Köhn et a., 2006). The process bestows forensics teams with the right tools as well as techniques necessary to solve complicated digital cases. It helps the team examine, inspect, identify, and preserve the digital evidence occupying on different kinds of electronic devices. This process involves different stages, such as identification, preservation, analysis, documentation, and presentation (Köhn et a., 2006). The examiners use these steps to computer crime and theft.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

The identification process is the first step of this computer forensics process. It involves things such as the type of evidence available in the present, its area of location, and the format in which it is stored (Köhn et a., 2006). At this stage, the examiner carries out a thorough inspection to get the right evidence available concerning theft and computer crime. Such evidence can be found in digital media such as servers, computers, networks, or mobile phones.

After obtaining the evidence, the stage preservation stage is approached. This is the second stage, and under its data isolation, security, and preservation takes place. The data is categorized into drive imaging, hash values, and chain of custody to ensure that it is legally permissible (Köhn et a., 2006). The evidence must be protected from people who can destroy or alter it. Therefore, the evidence collected is stamped and kept for presentation during the court action.

The third step in making computer forensics evidence acceptable by a court of law is evidence analysis. It includes the use of validated tools not trussed to trace the collected evidence (Köhn et a., 2006). The common activities that are carried during the analysis of the evidence include searching and recovering deleted files, searching files of the database for pertinent data, and checking the system changes.

Lastly, the evidence undergoes the last step, which is the presentation step. The presentation accompanies the analysis whereby all the computer forensics steps are documented in a way that portray the evidence relevant to the case (Köhn et a., 2006). The generated report has to be in a position to contrariwise legal challenges during the case in the court.

Recommended Examples of Authentication Acceptable

The evidence content comes in many different varieties (Moore, 2010). Therefore, the forensics process has to provide authentication, which will be acceptable by the court in relevance to the case of computer crime or identified theft. The most acceptable authentications are passive image and active image authentication (Moore, 2010). Passive authentication is the approach that allows the use of the image itself in the process of evaluating its integrity, with no use of peripheral information like the sender’s signature. It does better in the absence of such identifying features. This approach assumes that the forgeries of digital may interrupt the underlying image quality or property, even if there is no visual clue left behind (Moore, 2010). Active authentication, which is the other recommended authentication, is the method that allows the use of a known authentication code submerged in the image or is send with it in the process of evaluating its integrity with the use of peripheral information like the sender’s digital signature which freezes its ability to control uniquely equipped digital devices (Moore, 2010).

Recommended Examples of Chain of Custody Techniques of Digital Evidence

• The following are the most commonly practiced and globally accepted custody techniques used in the investigative process. The first one is ensuring that media storage is sterilized (Giova, 2011). It is critical to certify those storage devices used are forensically clean during evidence collection. This ensures original copies are not damaged. Suppose that the storage device is infected with malware; this can penetrate the machine being investigated and compromise with all evidence (Giova, 2011).
• The second example of a chain of custody technique is documenting any additional scope. During the examination process, it is significant to record all the data far from the scope of present legal authority and later ushered to the agent’s case attention (Giova, 2011). A comprehensive report has to incorporate reporting agency identity, date of receipt, case identifier, report date, case investigator, submitter identity, examiner identity and signature, a short description of steps taken, description of items submitted, and results.
• The third technique is ensuring personnel safety at the scene. It is essential to certify that the crime scene is entirely secure during, and even before the investigated commences (Giova, 2011). In most cases, the investigator may only undertake the following in the site. Identify the type and number of computers, determine the presence of the network, identify and record volume as well as media types, interview users and system administrators, record data from which the media was extracted, identification of remote computing location or offsite storage, determination of question operating system and identify propriety software (Giova, 2011).
• The fourth technique is never to use original evidence when developing procedures. The critical consideration that has to be taken wisely when examining digital evidence is that the forensic examiner has to produce a full copy of forensic investigations (Giova, 2011). This cannot be neglected, as when mistakes are made to comparisons, or working copies require to be done. Therefore, in this case, an original copy is required.

What Is Considered As Legal or Illegal Under the Guidelines of the First and Fourth Amendments About the Identity Theft Investigation?

According to the guidelines of the first and fourth amendment regarding the identity theft investigation, various issues are regarded as legal and others illegal. As per these guidelines, it is legal for law enforcement to formulate up to date laws to address digital evidence in an identity theft investigation (Hoar, 2001). The guidelines also allow the investigators to work with different partners such as prosecutors, and courts to establish legal requirements concerning admissibility and chain of custody. Identity theft investigation evidence is of little use to the criminal justice system when regarded to be improperly collected (Hoar, 2001). Investigators and law enforcement are supposed to have a harmonious set of deliveries and expectations for digital evidence that can be proved to be different from policies and processes for non-digital evidence.

When an individual commits a cybercrime, they are regarded as having committed an illegal action via a computer or network. This rages from downloading files of music to stealing lots of dollars from banks online (Hoar, 2001). As the countries become dependent on computer technology, many cyber-related crimes are more continuously charged by prosecutors. The fourth amendment safeguards individuals from seizure by parliament and unreasonable searches. It safeguards peoples’ privacy. Serenely, this safeguarding conflicts with various techniques used in law enforcement in fighting cyber-crimes (Hoar, 2001). Creative ways that law enforcement conducts surveillance and accesses emails, personal computers, and cell phones are not always legal. These techniques can violate people’s activity privacy and the sanctity of their property.

Conclusion

The forensic process helps the examiner of identity theft and computer crime to inspect, identify, and preserve the digital evidence occupying on different kinds of electronic devices. This process involves different stages, such as identification, preservation, analysis, documentation, and presentation. In carrying out this process, the evidence content comes in many different varieties. Therefore, the forensics process has to provide authentication, which will be acceptable by the court in relevance to the case of computer crime or identified theft. The most acceptable authentications are passive image and active image authentication. Lastly, according to the guidelines of the first and fourth amendment regarding the identity theft investigation, various issues are regarded as legal and others illegal. As per these guidelines, it is legal for law enforcement to formulate up to date laws to address digital evidence in an identity theft investigation.

References

Giova, G. (2011). Improving chain of custody in forensic investigation of electronic digital systems. International Journal of Computer Science and Network Security, 11(1), 1-9 https://hrcak.srce.hr/file/103886

Hoar, S. B. (2001). Identity theft: The crime of the new millennium. Or. L. Rev., 80, 1423. https://heinonline.org/hol-cgi-bin/get_pdf.cgi?handle=hein.journals/orglr80&section=34

Köhn, M., Olivier, M. S., & Eloff, J. H. (2006, July). Framework for a Digital Forensic Investigation. In ISSA (pp. 1-7). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.596.7011&rep=rep1&type=pdf

Moore, R. (2010). Cybercrime: Investigating high-technology computer crime. Routledge https://books.google.com/books?hl=en&lr=&id=PjQlwXN7CO8C&oi=fnd&pg=PP2&dq=Recommended+Examples+of+Authentication+Acceptable+on+computer+crime&ots=BKjEPck84p&sig=IjWwuQvuvJjwMrct4yg9wN5A-xM