How the Computer Forensics Type of Technology Applied to Detect Crime - Case Study Example

Impact of Technology in Criminal Justice Introduction With the advent of technology in almost every private and public sector, the areas of police agencies, courts and other correctional institutions, that define the crime and justice concepts, have also been affected by the technological revolution. Today, there are many sophisticated solutions like vests to stop bullets, electronic monitoring for surveillance, telemedicine for prisoners so that there is no need to move them, computerized crime maps to catch the crime incidence, and the like, that have greatly improved the criminal justice system. Among many technologies, some that have created great impacts upon the criminal justice system are: drug testing technology, DNA testing technology, concealed weapons detection technology, information technology, and computer forensics. This paper will discuss the computer forensics type of technology along with a discussion about how it is applied to detect crime that involves computers. Computer Forensics Computer forensics or cyber forensics is a very imperative topic in information criminal justice. Forensics is the structured procedure of gathering, examining and showing facts and evidences to the court of law, and thus, forensic computing is defined as “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT, 2008). This involves the seeking, locating and securing the electronic data so as to provide evidence. This electronic or magnetically encoded data may include text messages, databases, pictures, e-mail, websites, spyware, malware, and so on. The evidence collected is strong and indisputable as compared to any other branch of forensic science because a copy that is made of the collected data is identical to the actual data and there is no room left for dispute. The whole concept revolves around the idea that a structured investigation is carried out to find out what exactly happened to the computer, when it happened, how it happened, and who did it. This is just like solving a murder case and performing postmortem. The operator does not know that the evidence information is transparently being created and stored by the computer’s operating system which can only be extracted through computer forensics software tools and techniques. The crimes include misuse of computer systems, attack on computer systems, using a computer system to work against another system, failure of a computer system, and the list continues. Computer forensics security solutions focus not only on recovery but also on prevention of security threats in order to provide securer solutions that are quicker and cheaper than the conventional techniques. These solutions include intrusion detection system (IDS), internet security system, biometric security system, net privacy system, firewall set-ups, network disaster security system, identity theft prevention system, identity management security system, and so on (Vacca, 2005, p. 146). Computer Forensics Investigation Procedure Digital Data There are two types of digital data: persistent data which is stored in the computer’s memory or ROM (Read Only Memory) permanently and remains there even if the computer is powered off; and, volatile data which is stored in RAM (Random Access Memory) and gets deleted when the system is powered off. This volatile data can be of more importance and thus it should be made sure that the computers should be kept on if they were on at the scene of crime. Investigative Procedure It is important for computer forensic investigators to follow a structured approach to solve computer and internet based identity theft cases. Computer crime involving ID theft can be grouped as physical security breaches, personnel security breaches, communications and data security breaches, and operations security breaches (Icove et al., as cited in Angelopoulou, 2007). A detailed investigation of the case requires that every security breach is analyzed independently to get a more systematic approach towards case solving. The digital examination of ID theft cases requires great expertise at the investigator’s end. The evidence or data that is collected is the valuable asset and has to be dealt with sensitivity as it will help in deciding the specifications of the crime. Digital data is so delicate that it can be altered with one mistaken tap on the keyboard or one inadvertent press of a key. The forensic investigator will have to use some offline techniques in addition to online techniques. Although offline techniques are not the responsibility of a forensic investigator, but of course, he can use them to help himself toward finding the evidential data. He will have to look for any counterfeit documents, fake checks and bogus bank statement in black and white, in addition to looking for digital evidence residing inside the fraudster’s computer system. According to Angelopoulou (2007), what makes the process lengthy is that the investigator has to go through two investigative categories, that is, going through the victim’s system and through the criminal’s system. The digital data found in the victim’s computer will help in obtaining evidence and that found in the fraudster’s computer will prove it. The main theme of the investigation is that what information might have been stolen (for example, in a financial fraud ID theft, basic things to be investigated are stolen identity, credit record, transactions, billing, and claims for new bank accounts or loans) and what procedure might have been used to steal this information. It is important for the investigator to have a warrant issued first. Moreover, clauses of respective laws and legislations must be followed in order to legalize the whole process. Pladna (2008, p. 4) has listed three laws that forensic investigation should follow, namely, “Wiretap Act (18 U.S.C. 2510-22); Pen Registers and Trap and Trace Devices Statute (18 U.S.C. 3121-27); and the Stored Wired and Electronic Communication Act (18 U.S.C 2701-120)”. Both the victim’s and the fraudster’s computers must be kept in the same state in which they were before investigation (Wilson, 2008, p. 20). Ethical Issues in Computer Forensics Since computer forensics is a newly emerging field in criminal justice, not much has been written and said about ethical norms for the admissibility of evidence to the court. However, the security professionals should be familiar with laws and legislation (e.g. Computer Fraud and Abuse Act (CFAA), Electronic Communications Privacy Act (ECPA), Children’s Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA)) that have been passed in order to make sure that internet frauds like identity theft do not take place. They should be aware of privacy rights and ethical and moral clauses found in these laws so that they may be able to better solve the case. They must know what legal issues are involved in handling a standalone computer system. Only then, the evidence will be admissible in the court. Before starting the investigative procedure, an investigator must have a search warrant issued before handling the suspect’s computer system. The Fourth Amendment to the U.S. Constitution, Wegman (2006) states, defines that the magistrate is liable to issue the search warrant after the investigator submits and affidavit that should state the cause of investigation and the limits of the suspect’s privacy that is going to be violated. The time that the computer is to be analyzed is also pre-decided by the magistrate or the warrant. Conclusion The technological revolution has produced great impacts on the criminal justice system. The computer forensics procedure might be lengthy but time can be saved by following a well-structured approach. There are laws regarding e-consumers’ data protection that need to be followed. The forensic investigators have to be very specific in following rules and regulations in order to make their evidence admissible to the court. References Angelopoulou, O. (2007). The “solitary” of ID theft towards computer crime incidents. ID Theft: A Computer Forensics’ Investigation Framework. Retrieved December 19, 2010 from http://igneous.scis.ecu.edu.au/proceedings/2007/forensics/07_Angelopoulou%20-%20ID%20Theft%20A%20Computer%20Forensics%20Investigation%20Framework.pdf Pladna, B. (2008). Procedures for gathering evidence. Computer Forensics Procedures, Tools, and Digital Evidence Bags: What They Are and Who Should Use Them. Retrieved December 19, 2010 from http://www.infosecwriters.com/text_resources/pdf/BPladna_Computer_Forensic_Procedures.pdf US-CERT. (2008). What is computer forensics? Computer Forensics. Retrieved December 19, 2010 from http://www.us-cert.gov/reading_room/forensics.pdf Vacca, John R. (2005). Identity theft. Computer Forensics: Computer Crime Scene Investigation. USA: Cengage Learning. Wegman, J. (2006). Computer Forensics: Admissibility of Evidence in Criminal Cases. Retrieved December 19, 2010 from http://www.cbe.uidaho.edu/wegman/Computer%20Forensics%20AA%202004.htm Wilson, D. (2008). Scene of the crime vs. the crime scene. Forensic Procedures for Boundary and Title Investigation. USA: John Wiley and Sons. Read More