Child Pornography Case - Research Paper Example

 FORENSIC COURT REPORT The picture represents the work station of Mr. Isure Didit, a worker from Widget Corporation. He is suspected of being involved in child pornography; hence his work station is to be analyzed by a computer forensic professional. The computer forensic analyst aims to collect information so as to prove whether Mr. Didit is guilty of child pornography or not. The collection of evidence by the analyst is to be offered to a court or an inquiry formed with the aim of looking into the matter. Therefore, I as the forensic analyst, will inspect the suspect’s workstation, note and collect any evidence, and preserve the evidence in such a way that it can be used when needed in the court or inquiry. An acceptable procedure has to be followed so that the evidence is reserved for future use (Casey, 2004). This utilizes the chain of custody in relation to ranks available in and out of the scene of evidence. Through investigation of the computers, one can obtain information that can aid in densification of events that led to a crime hence preserve the evidence that can lead to a conviction. Several steps can be followed when solving the problem at hand. First, a preliminary assessment of the kind of case one is investigating is essential; in this case, Mr. Didit is being investigated for suspicion of involvement in child pornography. It is worth noting that child pornography, more often than not, does not involve consent gained from the child. Therefore, it is illegal for all the people participating in it whether indirectly or directly and legal action ought to be taken against such persons. Groundwork design on how to approach the case is vital. In this case, forensic computer analysts are to be used to look into the workstation of Mr. Didit. The analysts are to look into the workstation and create a detailed image of all the evidence that can be collected so as to convict Mr. Didit. Moreover, resources that will be need in the investigation will be acquired as a result of the detailed search that is to be conducted (Casey, 2004). Most companies have specific rules and regulations laid to prevent misuse of resources that could result to millions of losses incurred by the company. Misuse includes but is not limited to sending of personal emails, using the computers for personal reasons other than the intended use for company work and sending of unlimited personal e-mails. At the workplace, several pieces of evidence exist. These is written evidence in the form of notes, sticky notes placed around the work place and written discarded information that can be found in the dustbin. There could be evidence lying in the hard disk drive. Moreover, other removable media such as external hard drive and flash disks can also store more evidence that could incriminate Mr. Didit. In addition, there are CDs that are seeing lying all around the workstation. These could present other forms into which the suspect could have preserved information regarding the child pornography issues (Casey, 2004). In addition, tracing of telephone conversations, e-mails sent and received and listening to messages recorded on the message receiver could lead to unveiling of vital information. It is key to preserve all the evidence collected to present to the relevant authorities. The risks involved that could tamper with the evidence ought to be identified. These could be loses as a result of intentional deletion, physical tampering of the evidence during transportation, or dome evidence is intentionally hidden by one of the workers. Every piece of evidence is significant in its own way. Written evidence could prove that the suspect knew what he was doing hence convicted. Any evidence found stored in the computer could prove that the suspect was aware of what was going on. More often than not, the evidence could be in hidden folders or encrypted, necessitating the input of professional view point. This clearly shows that the suspect knew that the dealings he was involved in were illegal hence tried to protect himself. After consent from the suspect is awarded, the search for evidence commences. For one to be tagged as a suspect, information must be obtained to cause doubt in the person involved. In this case, Mr. Helpful provided information that linked Mr. Didit to child pornography. Being a crime worldwide, a search was conducted so as to prove whether Mr. Didit was guilty or innocent. The company, Widget Corporation, employed my position as the technical specialist with a background in forensic analysis to collect the evidence. The fragile parts of the computer, like the monitors, were packed in a vibrator absorbent box that would minimize or prevent damage as a result of transportation. Portable hard disks with the risk of being damaged as a result of dust were packed inn dust-proof material. Any evidence in the form of paper was placed in clear plastic papers to reduce incidences of touch by the analysts when transporting or referring to the evidence (Casey, 2004). Moreover, the paper evidence ought to be fingerprinted to highlight all the persons that came into contact with the paper hence increase the pool of suspects. The CDs seen in the workstation ought to be placed in hard casings to prevent intentional or unintentional occurrence of breakage. All the evidence ought to be placed together in a closed box and sealed with an evidence tape. If this type is tampered with without the appropriate and legal means, the evidence ought to be disregarded. Before being presented to a law enforcing agency, the evidence has to be stored and protected. This can be achieved through placing of proper regulations regarding the people who can be granted access to the evidence and the procedures that ought to be followed when being granted permission to access the evidence. The storage facilities should be in the range that supports the storage of all computer temperature and humidity ranges. Moreover, the evidence ought to be placed under lock and key with security guards watching it around the clock. This will result in the evidence to be maintained in its original form hence no tampering of the evidence to cause a shift in the judgment. The investigations ought to be conducted on a forensics lab that is specifically designated for data-recovery. In the forensics workstation, personally configured computers ought to be present. His will minimize the risk of personal data from spreading to the irrelevant areas hence preserve the information obtained. A forensic floppy disk is vital at this stage so that it can avoid the alteration of evidence. Moreover, the installation of forensic computer soft ware such as Drive Spy and Image will aid in making the work of the analyst easier. Data recovery methods can be useful in obtaining all evidence that might have been deleted. This increases the pool of evidence available. It is significant to note that special measures ought to be taken so as to ensure data that is evidence is not lost (Casey, 2004). A document that details all the evidence connected in number and quantity ought to be developed to ensure that evidence is not lost. These are the single-evidence form and multi-evidence form. A multi-evidence form contains a number of items undergoing investigation. The lead investigator is stated; the company conducting the investigation and the one being investigated are also mentioned. The case number is also identified in this document hence clearly highlighting the recovered time and date coupled with the location from which the evidence was obtained. On the contrary, a single evidence form only highlights a single item that was collected as evidence giving the location obtained, the type of evidence, investigator and case number as the previous document. A chain of custody of the evidence obtained is important to ensure that the evidence is in safe hands. For example, all written evidence has to be safely placed to avoid unnecessary inconveniences. Therefore, this has to undergo forensic fingerprinting to incriminate or rule out other suspected persons. Forensic imaging will be used to form a clone of the hard drives and CDs that were obtained in the scene. This is a form of counter measure that can be used to protect information that is vital to the investigation. Therefore, I as the lead technical investigator will call for forensic imaging to be conducted once the evidence has reached the forensic labs. When finished, the evidence ought to be stored in different locations so as to reduce the chances of them being compromised. The imaging standard that could be used in this case study is MD5 algorithm. This is because this form of imaging is current hence an excellent way of verifying that the information obtained is of the highest integrity (Casey, 2004). References Casey, E. (2004). Digital evidence and computer crime. Amsterdam: Elsevier/Academic Press. Read More