Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Recommend Us
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: taneryldz
New Today: 0
New Yesterday: 1
Overall: 26153

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 duplicators which can image without removing hard drive
 SMART for Linux - copy mount point
 Stegnography
 Software for Educational Forensics Work
 Extracting hidden text from a bmp

Computer Forensics World Forums


Pages Served
We received
28625571
page views since August 2004

Security Sources

Firewalls
Cryptography
ISO 17799 ISO 27001
ISO 17799 Toolkit
ISO 27001 & 27000
Disk Analysis
Security Policies

Recognizing Potential Evidence




An interesting snippet from the United States Secret Service on how to recognize digital evidence:


Computers and digital media are increasingly involved in unlawful activities. The computer may be contraband, fruits of the crime, a tool of the offense, or a storage container holding evidence of the offense. Investigation of any criminal activity may produce electronic evidence. Computers and related evidence range from the mainframe computer to the pocket-sized personal data assistant to the floppy diskette, CD or the smallest electronic chip device. Images, audio, text and other data on these media are easily altered or destroyed. It is imperative that law enforcement officers recognize, protect, seize and search such devices in accordance with applicable statutes, policies and best practices and guidelines.

Answers to the following questions will better determine the role of the computer in the crime:

  • Is the computer contraband of fruits of a crime?
    For example, was the computer software or hardware stolen?

  • Is the computer system a tool of the offense?
    For example, was the system actively used by the defendant to commit the offense? Were fake IDs or other counterfeit documents prepared using the computer, scanner, and color printer?

  • Is the computer system only incidental to the offense, i.e., being used to store evidence of the offense?
    For example, is a drug dealer maintaining his trafficking records in his computer?

  • Is the computer system both instrumental to the offense and a storage device for evidence?
    For example did the computer hacker use her computer to attack other systems and also use it to store stolen credit card information?

Once the computer's role is understood, the following essential questions should be answered:

  • Is there probable cause to seize hardware?

  • Is there probable cause to seize software?

  • Is there probable cause to seize data?

  • Where will this search be conducted?

    • For example, is it practical to search the computer system on site or must the examination be conducted at a field office or lab?

    • If law enforcement officers remove the system from the premises to conduct the search, must they return the computer system, or copies of the seized date, to its owner/user before trial?

    • Considering the incredible storage capacities of computers, how will experts search this data in an efficient, timely manner?






Source: US Secret Service








Copyright © by Computer Forensics World All Right Reserved.

Published on: 2004-08-27 (19433 reads)

[ Go Back ]
Content ©

 

TMs property of their respective owner. Comments property of posters. © 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.