StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Digital Forensics and Digital Investigation - Essay Example

Summary
The paper " Digital Forensics and Digital Investigation" tells that with the fast growth of technology, it is not easy for law enforcement and computer experts to be ahead of the technologically knowledgeable criminals. In order to efficiently fight cybercrime…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.1% of users find it useful
Digital Forensics and Digital Investigation
Read Text Preview

Extract of sample "Digital Forensics and Digital Investigation"

Forensic Analysis in My Organization If your organization uses digital forensics, either by an in-house team or by contractors, interview the forensics team leader and discuss your organization’s forensic process The progress in technological growth in communications and data exchange has caused an entirely new form of offense, cyber crime. This has urged the computer and law enforcement professions to build up advanced expertise and avenues for gathering and evaluating data’s. It has then further developed into a science called computer forensics. The procedure of obtaining, examining, and relating digital evidence is critical in the success of prosecuting a cyber criminal. Because of the fast growth of technology, it is not easy for law enforcement and computer experts to be ahead of technologically knowledgeable criminal. In order to efficiently fight cyber crime, bigger stress must be placed in the computer forensic field of learning. That must comprise not only financial support but also should comprise international guidelines and laws, and training of the expert concerned in the procedure. The FBI, describe computer forensic science as ‘the science of obtaining, protecting, retrieving, and presenting information that has been processed electronically and stored on computer.’ Essentially, computer forensics is a digital police officer work (Oseles, 2001). In our organization we maintain an in-house forensics team. The forensics team leader of our organizations explains the organization’s forensics process in detail. The first step The first step in the end-to-end digital investigation (EEDI) procedure is collection of forensic data. It is necessary to carry out forensic examination of computer media, gathering logs of intermediate devices and collecting the outputs of intrusion detection systems. The next process is to dispose of duplicate data and standardize the data into a regular vocabulary. Actually duplicate data’s are not destroyed but just set it aside in case it requires afterward or in court. What is actually intended out of this process? Usually, EEDI is a superset of the whole thing about digital forensics. It presumes that one can take care of the forensics of a computer’s hard drive and also can gather the logs from a firewall and manage all the evidence appropriately as per the standard practices, for instance the Association of Chief Police Officers (ACPO) ‘Good Practice Guide for Computer-based Evidence’. The Objective The EEDI procedure is planned to assist the build up of an event timeline. While displaying evidence in front of a jury it is necessary to be conscious that the attempt to converse a complex procedure to people who have little knowledge or totally ignorant of how computer networks operate. The use of an event timeline is a method to present the picture across in a style that is both simple to know and firm enough to be considered important. The process also helps the investigator organize his or her testimony logically and simply. Developing the event timelines has one important limitation that one can’t presume the misplaced links. The whole picture is needed whether the chain of evidence is with forensic data or the results of traditional investigation. Therefore, the relationship among the forensic investigator and the traditional investigator is so imperative. Both investigators, using different approaches, support each other with leads and corroboration. At present there are problems in back tracing an expert intruder who knows how to confuse source addresses. Moreover, the expert intruder will choose intermediate computers that are inadequately managed and have little to give the investigator in the way of logs. Sorting the Evidence Sorting evidence should be to theorize the timeline and path of events. There are cases those have some solid evidence either forensic or traditional. Place that evidence out and settle the timeline. The intruder may have a lot of aims. In fact it is helpful to know the reason of the attack. Certain types of denial of service attacks can be done blind. That means, the attacker need not see the victim. Normally those attacks are distributed denial of service attacks, attacks against an extensive range of arbitrarily chosen addresses and attacks against a block of addresses (Stephenson , 2002). Analysis and Preservation It is important to prove in the court that the analysis and preservation was performed properly. The courts have specified that if the value calculated for the source and image match, the image is a legitimate copy and regarded as original. When law enforcement has control of the computer evidence, cautions should be taken to make sure that it is not infected or damaged. On the other hand, computer evidence may be vanished by other means, for instance age, electromagnetic force, and dropping of storage media. There must be precise standards and requirements together with regular updates to the processes for analysis, preservation, and management of the evidence. The general method used to investigate the evidence presently relies on proprietary software or hardware which denies the experts to know precisely what is happening under the proverbial hood. This is a grave concern; the experts must be able to clarify what is happening at each level of the duplication and analysis process. The expert must be acquainted with the major file systems and hypothesis regarding file system structure. In addition, so as to decide that the data was correctly preserved and analyzed, the computer forensics examiner/expert must know the engineering technicalities about these devices. Furthermore, preservation standards must to be created regarding the storage of original and duplicated evidence to prevent contamination and damage (Meyers and Rogers, 2004). Significance of preservation of data Shutting down a computer system in such a way that it will not alter the integrity of existing files is important. At the same time it is a complex computer security process. In the event of an alleged computer episode, great care should be taken to preserve evidence in its original status. Simply viewing files on a system would not result in change of the original media. But, just opening a file changes it. Legally, it is no more the original evidence and may be not allowable in any subsequent legal or administrative proceedings. Opening a file as well changes the time and date it was last accessed. This may not appear to be an important concern; still, it could later on become very important in the determination of who committed the violation and when it happened. Isolation of the involved computer system is perfect, but this may not be possible because of operational requirements, no attempts should be made to retrieve or view files at the local level. The isolation of a computer system so that evidence is not lost is of the greatest importance. Importance should also be given to other preservative media, handwritten notes, and documents found in the vicinity of the computer involved. These stuffs can be of useful in an ensuing investigation. Computer disks, CD-ROMs, tape storage media, and additional hard drives found near the involved computer as well ought to be isolated and protected (media.wiley.com, 2003). The technological progressions in communications networks and data exchange, computer linked crimes have risen. It is expected that the hi-tech crimes such as computer hacking, spreading of viruses, internet deception, and e-mail misuse will continue to rise over the next decades. For most organizations the question is when we are going to be the victim of a computer crime. Because of this trend, it has become crucial in the prosecution process that law enforcement officials and computer forensic specialist to manage the evidence appropriately and present it carefully. Many agencies offer training in the proper acquisition, examination, and utilization of electronic evidence. Not being able to use the data’s gathered in court is worse than not having it at all. The field of computer forensics will grow further and will start to see agencies with trained digital detectives on staff, not only to combat external and internal threats but also to analyze and arrange defensive procedures and applications for the agency. There will be a continuing need for computer forensic experts until the safety of our systems improves (Oseles, 2001). Our organization is concerned about the above said factors and maintains an in house trained forensic team to manage the crisis in cases such eventualities. References media.wiley.com, (2003) Computer Forensics and Incident Response Essentials. Retrieved April 09, 2008, from: http://media.wiley.com/product_data/excerpt/67/07645263/0764526367.pdf Meyers, M. and Rogers, M. (2004) Computer Forensics: The Need for Standardization and Certification, International Journal of Digital Evidence Fall 2004, Volume 3, and Issue 2 Retrieved April 09, 2008, from: http://www.utica.edu/academic/institutes/ecii/publications/articles/A0B7F51C-D8F9-A0D0-7F387126198F12F6.pdf Oseles, L. (2001). Computer Forensics: The Key to Solving the Crime, INSS 690 Term 1 Retrieved April 09, 2008, from: http://faculty.ed.umuc.edu/~meinkej/inss690/oseles_2.pdf Stephenson , P.(2002). Data Analysis – First Steps, Computer Fraud & Security Newsletter from Elsevier Advanced Technology, October 2002 issue Read More

CHECK THESE SAMPLES OF Digital Forensics and Digital Investigation

Digital Forensic Investigation

This paper "Digital Forensic Investigation" discusses sources of data used during the investigation of digital forensics in an effective and legal way, and prioritize discussed data sources according to three different events of network intrusion, malware installation, and insider file detection.... efore assessing the topic, it is very essential to understand the definition of digital forensics that has been under the process of acquiring recognition due to dearth of research in the area and due to lack of awareness about importance of digital forensics in today's competitive world....
8 Pages (2000 words) Case Study

Digital forensic investigation

digital forensics is a branch of the forensics department which mainly focuses on the recovery of digital information, from various sources such as in the hard drive of a computer.... The main focus area of digital forensics is in the cyber crimes that are committed on frequents.... The investigation also looked at the fact of Clyde Barrow and Bonnie Parker had been communicating.... In the investigation we were able to establish that Clyde Barrow was involved in the fraud and that the two suspects had been communicating with each other....
20 Pages (5000 words) Essay

How the Computer Forensics Type of Technology Applied to Detect Crime

The whole concept revolves around the idea that a structured investigation is carrieddeterminefind exactly happened to the computer, when it happened, how it happened, and who did it.... The paper 'How the Computer forensics Type of Technology Applied to Detect Crime' presents the areas of police agencies, courts, and other correctional institutions, that define the crime and justice concepts, which have also been affected by the technological revolution.... Among many technologies, some have created great impacts upon the criminal justice system: drug testing technology, DNA testing technology, concealed weapons detection technology, information technology, and computer forensics....
5 Pages (1250 words) Case Study

Investigations and Digital Forensics

The paper 'Investigations and digital Forensics' focuses on local and national law enforcement agencies commencing their career in law enforcement.... With every passing day, local and national law enforcement agencies encounter new expectations, as well as responsibilities with regard to the development of an intelligence capacity as a core element of the cohesive national mission to protect Americans from terrorism and digital crime....
7 Pages (1750 words) Term Paper

Digital Forensics

"digital forensics" paper Investigates cyber-crimes like that of Mr.... During this process of retrieving information to be used as evidence in court, a structured investigation has to be carried out.... Before all the digital evidence retrieved was packaged for transportation, the investigators ensured that every piece of the computer system and its components were properly documented, labeled, marked, photographed, sketched, and recorded.... his method is used to examine legal evidence stored in digital media in order to gather, preserve and present facts and opinions about the information retrieved in a suitable manner during a trial in a court of law....
7 Pages (1750 words) Case Study

Digital Forensic Investigation

It is a graphical digital forensics platform hosting the Sleuth Kit as well as other digital forensics tools.... AINE (Computer Aided Investigative Environment) is an integrated digital forensics environment based on Ubuntu-based GNU/Linux live distribution offering a complete forensic environment with a user-friendly graphical interface and a semi-automated report generating feature.... Thie report "Digital Forensic investigation" details the examination of a USB Key drive image for evidence of Espionage....
6 Pages (1500 words) Report

Corporate Digital Forensic Investigations

"Corporate digital Forensic Investigations" paper explores the impact of cloud computing on digital forensic investigations by analyzing the problems associated with cloud technology.... When such crimes are committed, law enforcement agencies use digital forensic techniques to gather and collect evidence that is used to identify and prosecute the perpetrators of the crimes.... When crimes are committed on cloud computing platforms, law enforcement agencies cannot rely on traditional digital forensic techniques in conducting investigations (Plunkett et al....
6 Pages (1500 words) Essay

The Digital Forensic Process

The article intends to give a high-level overview of each phase of investigation considering and noting principles of forensic which are very important.... Besides, an excellent digital process overview provides a good starting point with a reasonable knowledge of the legal principles, procedures, guidelines, techniques, and tools to achieve the goal of an investigation.... The paper "The digital Forensic Process" discusses that a satisfactory digital forensic method relies upon subsequent phases, and each stage depends on standardized procedures which in return depends on tasks and sub-tasks for the identified crime scene....
8 Pages (2000 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us