Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
· Home
· Content
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: riteshpatil732
New Today: 0
New Yesterday: 0
Overall: 29686

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 How Website Speed Affects Rankings
 A research survey on Forensic Methodologies
 I need to hire an expert
 Software to search an FTK Lite Mounted drive with keyword
 How much can be found?

Computer Forensics World Forums

Pages Served
We received
page views since August 2004

Security Sources

OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Security Policies

Recognizing Potential Evidence

An interesting snippet from the United States Secret Service on how to recognize digital evidence:

Computers and digital media are increasingly involved in unlawful activities. The computer may be contraband, fruits of the crime, a tool of the offense, or a storage container holding evidence of the offense. Investigation of any criminal activity may produce electronic evidence. Computers and related evidence range from the mainframe computer to the pocket-sized personal data assistant to the floppy diskette, CD or the smallest electronic chip device. Images, audio, text and other data on these media are easily altered or destroyed. It is imperative that law enforcement officers recognize, protect, seize and search such devices in accordance with applicable statutes, policies and best practices and guidelines.

Answers to the following questions will better determine the role of the computer in the crime:

  • Is the computer contraband of fruits of a crime?
    For example, was the computer software or hardware stolen?

  • Is the computer system a tool of the offense?
    For example, was the system actively used by the defendant to commit the offense? Were fake IDs or other counterfeit documents prepared using the computer, scanner, and color printer?

  • Is the computer system only incidental to the offense, i.e., being used to store evidence of the offense?
    For example, is a drug dealer maintaining his trafficking records in his computer?

  • Is the computer system both instrumental to the offense and a storage device for evidence?
    For example did the computer hacker use her computer to attack other systems and also use it to store stolen credit card information?

Once the computer's role is understood, the following essential questions should be answered:

  • Is there probable cause to seize hardware?

  • Is there probable cause to seize software?

  • Is there probable cause to seize data?

  • Where will this search be conducted?

    • For example, is it practical to search the computer system on site or must the examination be conducted at a field office or lab?

    • If law enforcement officers remove the system from the premises to conduct the search, must they return the computer system, or copies of the seized date, to its owner/user before trial?

    • Considering the incredible storage capacities of computers, how will experts search this data in an efficient, timely manner?

Source: US Secret Service

Copyright © by Computer Forensics World All Right Reserved.

Published on: 2004-08-27 (25630 reads)

[ Go Back ]
Content ©


TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted (c)2003, and is free under licence agreement. All Rights Are Reserved.