StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Forensic Portfolio - Case Study Example

Cite this document
Summary
"Forensic Case Portfolio" paper outlines the process of collecting digital evidence from the crime scene. The paper outlines the digital forensic process applied to the photo. The photo represents the area where the police officers believe a suspect took part in the viewing of child pornography…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.4% of users find it useful
Forensic Case Portfolio
Read Text Preview

Extract of sample "Forensic Portfolio"

? Forensic Portfolio James Moravec Forensic Case Portfolio Introduction The era of information technology has made it possible for computer users to commit crime-using computers, but law enforcement officer also had tools that rely on computer to collect evidence about crime. The field of digital forensic is expanding and experts have achieved significant milestones in handling digital crime. Because some criminals use computers to commit crimes that contravene various laws, the role of digital computer analyst continues to grow. The field of digital forensic analysis has various techniques that are critical in the identification, preservation, extraction, and documentation of digital evidence. The process of digital forensic is useful in solving criminal activities that touch on the use of computers (Casey, 2011). As a computer forensic, handling criminal involving computers is process of applying various procedures and practices that constitute best practices in digital forensics. This paper outlines the process of collecting digital evidence from the crime scene after the police called the digital forensic investigators. The paper outlines the digital forensic process applied on the photo show appendix A. the photo represents the area where the police officers believe a suspect took part in viewing and distribution of child pornography. On 10 December 2012, our computer forensic department received a request for computer forensic analysis. The local district police had sent the request to the head of the department after they had a suspect in custody. The suspect was behind the bars after the police received two complains from the suspect neighborhood that the suspect, Lee Oswald Havey, took part in distribution of child pornography. The request from the police was usual since the police also rely on the work of digital forensic analyst to collect digital evidence that is admissible before the courts of law. While computer forensic is of great value to investigators dealing with digital crime, such as seen in appendix A, there are many legal issues that are critical in any crime scene. Before working on the request, the department had to verify that the police had filled the appropriate forms requesting for the service. In addition, the department requested the police to furnish a copy of the warrant allowing for the seizure of computer hardware and other evidence that could link the Havey to the crime. The role of the warrant was critical since the Fourth Amendments protect all American citizens’ seizure or search unless police officers have probable cause of committing crime. As per the request, the request was in order and the investigators proceeded to carry the investigation at the crime scene. The investigators arrived at the home of the suspect the police showed them the room they suspected Havey to have used in watching and distributing child pornography. The room was dark with lights that were dim, but the investigators could still see the room. The room had two tables on the right and both had computer and other material. The first table had two computers under the desk with one being a Dell Vostro and another generic computer. The system units of these two computers were under the desk, but the user had switched them off. On the left desk were two sony 17’’ TFT screen. Both screens were connecting to the computer, but switched off. The same table also had a keyboard and a mouse. Beside the mouse were a USB thumb drive, mouse, and a notebook with a pen beside the book. Just beside the Sony TFT screen was some pieces of paper with some writings. There was a digital disk on the table, which appeared to have been in use. In addition, one of the screens had a sticky note attached to it with the note having some writings. The other screen also had some cables placed besides the base of the screen. The cables were the ends a microphone that was hanging off the table (the picture does not show the microphone hanging from the table). The second table had several items, as well. The table had an IP telephone that had been off switched at the time the investigators arrived in the room. There was a 120 GB Maxtor hard drive on top of the table and next to the IP phone. Besides the Maxtor, hard drive was digital versatile disk with some writings on top. Apart from the two computers, there was a third system unit box that appeared to be old not in use. The system unit box was white in color and had cables attached to the system. While the room had other items, the investigators noted that they could not check for evidence elsewhere in the room since the warrant had specified that the investigators check on the two tables. Had the investigators considered other areas in the room, the resulting evidence could be been invalid. This is because of the law pertaining to admissibility of evidence. With the investigators having mapped the crime scene, it was ready for the investigators to collect evidence. Collection of digital evidence The process of collecting digital crime is of significant important in digital forensic. Because of the importance of digital forensic, investigators have essential role of using correct procedures in collecting evidence that are critical in building a case against criminals. The first evidence the investigators collected was the hard drive on the second table on the left. This evidence was of critical importance because it could contain information about the suspect and perhaps some information about the alleged crime. The fact that the hard drive was not attached a computer revealed that it could have been removed from one of the computers. The investigators handled the hard drive and noted the key information about the drive. One of the investigators recorded the serial number of the drive and the make of the hard drive as this was useful in describing the disk. The hard drive was a digital item that could provide the investigators with evidence on the crime. As a result, one of the investigators used a write blocker to make a copy of the exact hard drive. In computer forensics, write blockers form a fundamental tool that allows investigator to replicate the devices such as hard drives (Sheetz, 2007). The choice of using write blocker was to ensure that the information integrity in the original hard drive. The new copy of the hard drive was named and appropriate information recorded in the notebook. Apart from the hard drive, the investigators collected the two CD’s from the desk and inserted them into their own laptop. Just like hard drives, CD’s can hold important information that prosecutors could use as evidence against suspects. In the room, there were two CDs and the investigators were interested in determining, which of the disk had vital information relevant to the case. Because it was not possible for the investigators to alter the data in the CD’s one of the investigators went ahead to examine the desk in his laptop. Nonetheless, she was cautious not to scratch the CD’s as physical damage could affect the operations of the disks (Andrews, 2009). On examining the CD, the investigator found that there was a folder with pictures of minors posing while naked. The other disks contained a 15-minute clip of two minors engaging in sex. Satisfied that this was relevant evidence, the investigators recorded the details of the disk and its content on the record for further perusal. One of the investigators with a laptop made copies of the two CD’s for use in other analysis. The telephone on the table was of particular interest to the investigators. It was important for the investigators to check it there were any messages or numbers that could assist them build the case. The phone gave the investigators the opportunity to use cellphone analuysis tools to find critical information about the phone and determine if there was any evidence. The phone had a SIM card, which the investigator placed in the cell phone analysis tools. The SIM card had five message, but one of the message looked suspicious as I hinted that someone had request the owner of the phone top bring him “the stuff for children under 16 tomorrow”. The investigators wrote down the description of the SIM card along with the number of the card. This information would be helpful in determining other vital information about the owner of the phone. The two personal computers in the room were of great interest to the investigators as they could contain information liking Havey to child pornography. However, computer present challenges to investigators as there is need to preserve their configuration, but at the same time collect information about the computer. Maintaining this balance made the investigators use another tool to gather information about the computer. An EnCase forensic boot disk is an essential tool investigators use to gather information on computers, but redirect any changes another disks to avoid altering the computer (Bunting, 2012). Because the investigators had two EnCase boot disks, they booted both computers using the disk. The process lasted for more than 20 minutes, but the investigators gathered data about the computer. One of the PC’s was running Windows Xp while the other Windows 7 Professional edition. Both PC had a 1 terabyte hard drive. One of the computers had many folders with having names of women. On opening the files, the investigators found that, the file name were names of children who had taken part in sexual acts with adults. Satisfied that the computer had evidence, the investigators saw it was time to turn off the computers and collect other information about the computer. The investigators turned off the computers and removed their toolkit to check for other information about the computer. After turning the computer off, the investigators opened the computer case and removed the hard drives. The hard drives of these computers had important information that could help the prosecutor in building the case against Havey. To make the exact copy of the software, the investigators used a forensic write block to make copies of the hard drives. This toolkit was helpful in replicating the exact copy of the hard drive, which the investigators could use to make analysis after collecting the evidence from the crime. In addition, the investigators had to validate that two copies of hard drive. Sometimes, replicating hard drives could experience some errors that affect the integrity of the new hard drive. As a result, it was useful for the investigators in verifying the exactness of the hard drive. For this reason, the investigators used a harsh authentication tool to validate the copy of the hard drives. The validation process proved that the two copies were exact copies of the hard drives the investigators removed from the two computers. The investigators also checked the cable modem for any sign of activity. The cable modem indicated that Verizon had supplied it to the owner of the room. It was apparent that Havey used a proxy server in his computer. The proxy server had log files that detailed his network activity. The network information was consistent with the time stamps the investigators found in the cable modem. This information was necessary for investigators to develop theories on how Havey used the computer to access the internet. The last digital equipment the investigators collected was the USB thumb drive. The USB drive was on the table and contained a file with a list of names. The names on the list had the addresses and telephone numbers. The USB drive also had some websites the owner had saved in the drive for offline viewing. On opening one of the files saved in the browser, the investigators found that the website had files of minors taking part in sexual acts with other minors and adults, as well. The investigators were satisfied that that the USB drive had evidence that indicated the owner of the disk engaged on child pornography. The investigators were satisfied that they had taken all steps to collect the digital evidence. The investigators collected other evidence from that table for they believed to have information about the alleged crime. The investigators removed the post on the computer and the notes that was on the table. They also removed the printer because this evidence could help identify whether the suspect printed some files from this room. In addition, the investigators collected extra cord on the table and kept together with evidence as this could help the investigators develop theories on how suspect could have used the cable to further his crime. Transfer and handling of evidence Digital evidence is challenging to handle or transfer because the evidence because incorrect handling and transfer could be destroyed or altered the data. In the above crime scene, the investigators handled all evidence in the right manner. First, the investigators ensured that the hard drive on the desk was packaged in plastic bag and place in the search box. The search box had some cushion that could prevent the hard drive from crashing. The use of a cushion on the search box could allow the protection of the hard drive during the transfer of the evidence. The investigators also wrapped the two other hard drives, each in it plastic bags and placed them in the search box with cushions on either side. The three hard drives with evidence had labels to identify the serial number, size, location and that make. This investigator entered this information in the record book, as it was critical to maintain a chain of custody. When handling evidence, such documentations are critical in enabling investigators verify the content of search boxes and identify the chain of custody. In this case, tagging the hard drives and recording the information on the record remained a vital part of handling the data. During the collection of evidence, the investigators handled the evidence correctly by avoiding practices that could affect evidence. For instance, the investigators did not power on the computers as this could affect the information in the computer. Moreover, the handling of CD’s allowed the investigators to avoid breaking or scratching the disk as this could render them useless. Handling the CD’s correctly was thus a first step in ensuring that all evidences were intact. The removal of computer cases was an important process of handling the data from the computers without spoiling the hard drives. Being that a hard drive is an internal computer device; the investigators had to open the case to remove the hard drive safely. The investigators had to tag all the evidence they acquired from the crime scene. The evidence had tags with information about the evidence. For instance, the USB drive had the location of the drive and a description of the evidence it contained. The tagging of the evidence was a special requirement that helped investigators identify the information about the evidence and document them on their records. Apart from the tagging of data, the investigators also had some special bags for different evidence. Each of the evidences was in special plastic labels and then placed in the search bag. The investigators used special bags to prevent the mixing of evidence not to mention allowing for easy labeling and identification of the evidences. Before transferring the evidence from the scene, the investigators signed the appropriate paper work signaling they had transferred the evidence to another team. The signing of this paper work during the transfer became a useful reference point as it enabled the investigators complete the requirement of chain of custody during a computer forensic fieldwork. The transfer of the evidence from Havey’s house paved way for the next phase of investigation—analysis of the digital evidence. The receiving investigator signed the forms indicating that had received all the evidence in search boxes that were sealed and ready for opening in the presence of other officers. Differentiation of non-digital evidentiary items collected separately The crime had scene had an assortment of evidence that could help the prosecutor build the case against Havey, however, some of the evidence the investigators collected were non-digital. It was necessary for the investigators to separate some of the non-digital items, as they were different set of evidence outside the scope of the investigators, but necessary in the discourse of the case (Pyrek, 2007). The evidence separated as non-digital included the notebook that was on the suspect’s table. This notebook had several names, which appeared to be the customer list of Havey. In addition, the post that was on the screen had a number of a customer, which Havey was to deliver some CD’s with some unknown content. The investigators found the post to have the same number as the number someone had used to send the message through the phone. Other non-digital evidence the investigators separated from the scene were the screens, the keyboard, and mouse, printer, extra cords, and the unknown device by the keyboard/ Methodology of preservation During forensic investigation, investigators have a role of collecting forensic evidence and preserving them to ensure that the evidence reach the center for further analysis. During the forensic investigation, the investigators worked on several strategies to prevent the damage of evidence. First, the investigator made copies of the hard drives found at the crime scenes. The investigators then write protected the copies of the hard drive and kept them in the search boxes, which had cushion to prevent damaged during transport. Because most of the evidences were fragile, lack of proper transport could affect their integrity, as the devices were sensitive to shock resulting from falls. In addition, the investigators carried out analysis on the computer using the copies of the hard drives and not the original copies of the evidence. Similar, the investigators did use boot software to examine the computers before removing the hard drives from the computer cases. The use of the boot drive allowed the investigators to gather details of the computer without changing the state of the hard drives as this could have affected the integrity of the information. This strategy was effective in limiting the number of times the computers were on as this could compromise the current state of the hard drives. With the investigators ready to send the evidence been sent to the next team of investigators, the search box had a label indicating the original copies, as well as the duplicate copies of the records. The investigators also sent a letter to Verizon, Havey’s ISP letter to preserve any log files indicating the websites and files servers Havey had visited in the past. This step was necessary in ensuring that the investigators had enough evidence against Havey to present to the prosecutor who was working on the case. With ISPs having their own rules on the preservation of records and other files, it was necessary for the investigators to make a request for the preservation of the suspect’s files. Summary of analysis results for the intended audience From the forensic investigation, it was apparent that Lee Oswald Havey engaged in child pornography. This is because there was a majority of evidence at the crime scene that pointed as him as someone who watched child pornography and distributed copies of the same through CD. As per the initial request the police had made to the compute forensic department, the investigators were satisfied that the computers had enough evidence to prove that Havey had engaged in a criminal act. The acquisition of child pornography items from the scene of the crime was consistent with the evidence the police had received from the community member who recall seeing Havey leading some minors to his house. Most important, a thorough analysis of computer records reveal that Havey had an external file transfer protocol server where he saved his files and gave users some username and passwords for download. The non-digital data on Havey’s desk were also helpful in building the case. The notebook had a list of names and some outstanding balance indicating that Havey could be having some business and his merchandises were child pornography. Another piece of paper was a bank statement, which revealed that the suspects was receiving huge amount of money from an external source although he did not have any permanent job at the time of his arrest. The investigation team was satisfied that the prosecutor would have all evidence necessary to build the case and prove to the judge that Havey was a criminal. Conclusion When carrying out forensic investigation, investigators have a role of using various tools, procedures and techniques to identify, collect, preserve and examine data. In this report, the investigators collected data from a crime scene where a suspect had used his computer to engage in child pornography. The investigators made copies of digital copies and packaged them in a search box. The investigators also collected and stored non-digital evidence. An analysis of the evidence proved that the suspect was indeed a criminal taking part in child pornography. References Andrews, J. (2010). A+ guide to managing and maintaining your PC. Boston, Mass: Course Technology/Cengage Learning. Bunting, S. (2012). EnCase Computer Forensics: EnCase Certified Examiner Study Guide. Chichester: Wiley. Casey, E. (2010). Digital evidence and computer crime: Forensic science, computers and the Internet. London: Academic. Pyrek, K. (2007). Forensic science under siege: The challenges of forensic laboratories and the medico-legal death investigation system. Amsterdam: Elsevier Academic Press. Sheetz, M. (2007). Computer forensics: An essential guide for accountants, lawyers, and managers. New Jersey: John Wiley & Sons. Appendix A Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Forensic case portfolio Study Example | Topics and Well Written Essays - 2750 words”, n.d.)
Retrieved from https://studentshare.org/law/1403181-case-portfolio
(Forensic Case Portfolio Study Example | Topics and Well Written Essays - 2750 Words)
https://studentshare.org/law/1403181-case-portfolio.
“Forensic Case Portfolio Study Example | Topics and Well Written Essays - 2750 Words”, n.d. https://studentshare.org/law/1403181-case-portfolio.
  • Cited: 0 times

CHECK THESE SAMPLES OF Forensic Case Portfolio

The Impact of Technology on Criminal Justice

From the paper "The Impact of Technology on Criminal Justice" it is clear that the implementation of technology has formed a benchmark from where various models have been employed to fight crime, whilst minimizing the common challenges faced in the field.... ... ... ... TWG members are routinely testing and evaluating resulting solutions and also determine whether a technology is available at the marketplace or from the scientific community so as to leverage investments, avoid duplicating efforts and offer devotion to areas that highest potential payoffs for criminal justice....
6 Pages (1500 words) Essay

Digital Forensics in the Criminal Justice System

Based on this understanding, the essay intends to create a case portfolio regarding the collection of digital evidence along with handling or transferring of digital evidence, methods of preservation of digital evidence, analysis of digital evidence as well as preparation of testimonial for the outcome of such analysis.... ollection of Digital EvidenceAny case of trail process regarding criminal activity starts with the collection of evidences.... In this case, the collection of digital evidence starts with obtaining search warrants (Cartel Working Group, 2010)....
12 Pages (3000 words) Case Study

Success in Investment

The essay presents a project on Investment portfolio.... The portfolio will be in existence between the 2nd April, and 11th of May 2007.... According to Sharpe and Alexander, 1990, Investment portfolio statements provide the foundation for all future investment decisions the investor makes.... There are four basic purposes for the Investment portfolio statement; Setting objectives – this involves establishing clear and definable expectations, risk and return objectives....
8 Pages (2000 words) Essay

Case Portfolio Analysis

The essay "case portfolio Analysis" focuses on the critical analysis of the major issues on the case portfolio.... Compact Disk: This disk similar to the first evidence could have been used to store data that might have appertained to the pending case.... As the primary storage source, this evidence could reveal most of the data required in determining this case.... he telephone: Didit might have used this phone for his communications and as such this item would be major evidence in the case....
6 Pages (1500 words) Essay

Significance of the Digital Evidences Collected

This case study "Significance of the Digital Evidences Collected" presents digital evidence that is regarded as different types of electronic information and is considered as vital proof for evaluating a crime.... The case is based on a criminal incident against child pornography.... The USB flash drive can also store information regarding any works and therefore regarded as valuable evidence for this criminal case (Mukasey et al.... CPU is a case that contains electronic elements such as memory, processor, and hard drive among others....
10 Pages (2500 words) Case Study

Digital Forensics

In the much-publicized case of Sharon Lopatka, computer forensics technology was employed to trace the victim's killer through her emails.... "Digital Forensics" paper Investigates cyber-crimes like that of Mr.... IsureDidit, who is suspected of child pornography, can prove to be a tricky affair for an investigating officer due to the technical expertise required and the intricate nature of the internet....
7 Pages (1750 words) Case Study

Environment, Psychology, and Social Context in the Mind of the Criminal

The same case is for female offenders and violent offenders.... These units provide knowledge on procedures to handle each case.... Most of the vacancies are advertised for those forensic psychologists that have the following; British psychological society accredited degree in psychology leading to the graduate basis for chartered membership and a health professions council approved program of training leading to registration as a forensic psychologist....
9 Pages (2250 words) Essay

The Course of BPS Division of Forensic Psychology

The paper " The Course of BPS Division of forensic Psychology" describes that forensic psychology is about the application of psychology to the field of criminal investigation.... With my interrogative nature and the passion that I have for this course, I think I will be a successful forensic psychologist who will assist in numerous criminal investigations.... For any forensic Psychologist, it is of utmost importance to understand the human IQ....
9 Pages (2250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us