Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: sraposo
New Today: 0
New Yesterday: 0
Overall: 29151

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 ASF video file: replicated frames and probable tampering
 Digital Forensics Readiness
 Records Authenticity and Forensic Readiness
 The unallocated space on a windows 7 and Ubuntu dual boot
 Would FTK find hash values in the unallocated space?

Computer Forensics World Forums


Pages Served
We received
46781811
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Recognizing Potential Evidence




An interesting snippet from the United States Secret Service on how to recognize digital evidence:


Computers and digital media are increasingly involved in unlawful activities. The computer may be contraband, fruits of the crime, a tool of the offense, or a storage container holding evidence of the offense. Investigation of any criminal activity may produce electronic evidence. Computers and related evidence range from the mainframe computer to the pocket-sized personal data assistant to the floppy diskette, CD or the smallest electronic chip device. Images, audio, text and other data on these media are easily altered or destroyed. It is imperative that law enforcement officers recognize, protect, seize and search such devices in accordance with applicable statutes, policies and best practices and guidelines.

Answers to the following questions will better determine the role of the computer in the crime:

  • Is the computer contraband of fruits of a crime?
    For example, was the computer software or hardware stolen?

  • Is the computer system a tool of the offense?
    For example, was the system actively used by the defendant to commit the offense? Were fake IDs or other counterfeit documents prepared using the computer, scanner, and color printer?

  • Is the computer system only incidental to the offense, i.e., being used to store evidence of the offense?
    For example, is a drug dealer maintaining his trafficking records in his computer?

  • Is the computer system both instrumental to the offense and a storage device for evidence?
    For example did the computer hacker use her computer to attack other systems and also use it to store stolen credit card information?

Once the computer's role is understood, the following essential questions should be answered:

  • Is there probable cause to seize hardware?

  • Is there probable cause to seize software?

  • Is there probable cause to seize data?

  • Where will this search be conducted?

    • For example, is it practical to search the computer system on site or must the examination be conducted at a field office or lab?

    • If law enforcement officers remove the system from the premises to conduct the search, must they return the computer system, or copies of the seized date, to its owner/user before trial?

    • Considering the incredible storage capacities of computers, how will experts search this data in an efficient, timely manner?






Source: US Secret Service








Copyright © by Computer Forensics World All Right Reserved.

Published on: 2004-08-27 (23747 reads)

[ Go Back ]
Content ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.