When cybercrimes or other crimes involving digital misdoings occur, there are many questions which come to my mind, such as whether there is a crime scene? Further, I wonder if so, how can one visit as well as investigate the crime scene? I have researched the issue have found that digital crimes do exist as well as can be analyzed through digital forensics. Digital forensic analysis is a way to review data collected through digital communications as well as computer networks. There are four fundamental phases for forensic analysis as well as they are, collection, examination, analysis, as well as reporting. These fundamental phases are a part of the overall methodology of digital forensics analysis. As a member of society, I know that in the physical world, when a crime is committed in a community, members of that community as well as those directly related expect some form of justice. I have learned that the same concept rings true for cybercrimes as well. Now more than ever, the physical as well as cyber worlds are intertwined with the use of text messages, emails as well as even GPS locations being used to solve crime. I will examine the digital forensics analysis, methodology as well as tools needed to conclude an investigation of a crime involving digital evidence justly.
The purpose of digital forensics analysis when it comes to cybercrime is to apprehend whomever is responsible as well as potentially engaging in the process of convicting the individual (or group) of the wrongdoing. I am of the opinion that once cybercrime begins to be prosecuted more regularly, law enforcement will better learn how to address cybercrime as well as criminals will fear the consequences of prosecution. In order prosecutions to happen, evidence collected must be admissible in a court of law. In order to ensure admissibility, maintaining a proper chain of custody for gathered evidence throughout the investigation is imperative. This is where digital forensics analysis methodology plays a major role. A consistent methodology helps to keep investigators moving in the right direction, while also preserving digital evidence as well as analyses in a manner that ensures it has not been tampered with after collection. Due to the rise in cybercrime, the National Institute of Standards as well as Technology (NIST) has laid out four phases for forensic methodology. The aforementioned phases are: collection, examination, analysis, as well as reporting. While I will be focusing on these four phases, I must note that there are several different investigative models (e.g. DFRWS Investigative Model, Abstract Digital Forensic Model, etc.) acceptable for these investigations.
The collection as well as preservation of digital evidence often times does not involve a digital forensics investigator but a police officer on the scene. It is crucial that the officer secures the area as well as gets proper authority to seize digital devices suspected to be used in the alleged crime. It is with these actions that the chain of custody begins. Some of the more common devices gathered are smart phones, laptops, desktops, compact disk, memory sticks, GPS devices as well as other mobile devices. When these devices are collected in order to preserve the evidence how it was last used, they should be powered off, as most digital devices are time stamped when they were last modified (Computer Forensics. (n.d.). In some cases it is not possible to move the device in question to a forensic laboratory. In this situation a forensic examiner must image or copy the data from the device on scene with an acceptable digital forensic tool. Computer Forensics. (n.d.). The tools used during the collection phase are disk as well as capture tools. Special tools as well as software are used to create legally recognized exact copies of the media for analysis. These copies are not the same as a standard copy. They contain an exact, forensically sound copy of every BIT on the disk or device (The 4 Most Important Steps of Computer Forensics Investigation. (2010, March 03). Through a UMUC lab I had the opportunity to utilize the similarly to the process of a forensic examiner. Two of the most significant challenges for officers seizing mobile devices are: isolating the device from cellular as well as Wi-Fi networks; as well as obtaining security passwords for the device so the evidence can be examined forensically (Digital Evidence. (n.d.). Through this process the judicial chain-of-custody procedures must be followed as well as include:
Further, from personal knowledge of the criminal justice system, I know that often times before law enforcement can being to seize cybercrime evidence, they must obtain a search or seizure warrant. Sometimes, if this step is not taken, none of the evidence seized will be admissible in court. I would advocate for all law enforcement professionals to thoroughly learn the departmental rules as well as procedures along with the legal standards in their communities so that they will be in compliance with the above mentioned rules as well as laws. I know that even if the officers follow proper collection protocol as well as chain of custody recommendations, it will not matter if their evidence seizures are out of compliance with the relevant laws.
Once all evidence has been collected as well as properly preserved it is time to move to the examination phase. It is vital that examination never be done on the original devices this is why we forensically imaged devices in the prior phase. This phase is intended to facilitate the perceptibility of evidence, while explaining its origin as well as significance. It helps reveal hidden as well as obscured information as well as the pertinent documentation (Baryamureeba, V., & Tushabe, F. (2014, May 27). There are three types of data we are looking to examine: active, archival, as well as latent. Latent data is the type of information that typically requires specialized tools to access. A type of latent data would be information that has been deleted or partially overwritten (The Computer Forensics Process. (n.d.). Some of the techniques used during this phase include data filtering, metadata extraction, reduction as well as semantic web technology to work with heterogeneous data.
Because of the overwhelming amounts of information when probing data, hashing is a technique often used by examiners. A cryptographic hash function is a change that takes an input as well as returns a fixed-size value, this is called the hash value. For instance if the input was a jpeg file the resulting hash value would basically be a fingerprint for that file. In digital forensics hash value can give assurance that a file has not been tampered with. An analyst can also use hash values to find unusable files as well as alert files, such as known files that haven’t been altered. (Ashfield, D. (2014, January 30)). The use of hash values in this manner helps analyst save valued time as those files can be ignored. On the other hand known incident hash values can be flagged. Analysts check values against a database of known indecent hash values as such the forensic tool Taxonomy (Ashfield, D. (2014, January 30)).. I again point out the importance of law enforcement having defined procedures to ensure evidence is examined properly as well as should have safeguards in place, such as an evidence locker system, for example, to make sure that no original devices are inadvertently examined as well as evidence potentially destroyed or altered. In my opinion, due to the likelihood that there will be multiple devices to examine retrieved from a crime scene, organization is paramount as well as agencies who put plans in place to properly maintain the care as well as custody of items to be examined will be most successful.
After the examination phase is complete the analyst must be sure to secure all evidence in a manner that preserves the chain of custody. From personal knowledge if the chain of custody is ever broken before trial, the evidence can be deemed inadmissible. At this point, we would be ready for the analysis phase. During this phase the investigator must answer the questions: what, who, why, how, when as well as where. They must also find the relation between the items collected in order to reconstruct the event. To answer these questions, timestamp interpretation is key in order to place the “who when as well as where.” Also, the investigator must be able to analyze physical media, file systems, application layers, networks physical as well as wireless, as well as memory of media (Carrier, B. (2003). The picture below shows a list of scenarios as well as tools needed to perform these task (Rahurkar, S., & Nawaghare, N. (2014, May 17)
The final phase involves reporting the results of the analysis, which includes describing the actions performed. Reporting the results is a key part of a forensic investigation. I would argue that it is the most important part of the investigation which will likely have the most impact on any resulting prosecution of the underlying crime. If possible, it should be written in a way that reflects the usage of scientific methods as well as facts that can be proven. The investigator must be prepared for the report to be used as evidence for legal or administrative purposes (Rocha, L. (2014, August 6). Often times investigators may be ask to testify in court. Therefore, being prepared also means having their credentials up to date as well as in order. In my personal experience, I have a judge not allow an expert’s testimony because he could not qualify as an expert in the eyes of the law due to lack of appropriate education, training as well as understanding of the laws of the jurisdiction he was attempting to testify in.
There are many ways in which digital forensic analysis can be used. I discussed the use of it in the context of a criminal investigation. In this type of investigation, I spoke of the importance of properly extracting as well as preserving evidence to ensure the evidence would be admissible in a criminal proceeding. The use of investigation methodology is crucial in maintaining structure which in turn helps to preserve the chain of custody. Throughout the methodology we see that forensic tools (e.g., FTK Imager as well as EnCase) as well as techniques are imperative for the extraction as well as interpretation of data. If all processes are followed the end result of the criminal proceedings may still vary. However, the analysis report submitted by the forensics investigator should be useful in determining what occurred digitally as well as be admissible in said proceedings. I know personally as a private citizen that pays close attention to local as well as world events, that as our society becomes more technologically savvy, we become more at risk for increased cybercrimes. Crimes such as cyberbullying, possession as well as distribution of child pornography as well as fiscal fraud are a few examples of that I believe are very dangerous behaviors that should result in prosecutions with severe penalties. My hope is that law enforcement, cybersecurity professionals as well as legal professionals will continue to educate each other on how to best work together to successfully take all of the above mentioned steps which end in successful prosecutions as well as result in the overall decrease of cybercrime.
Ashfield, D. (2014, January 30). Why Are Cryptographic Hash Functions Important in Digital Forensics? Retrieved from https://www.cclgroupltd.com/cryptographic-hash-functions-important-digital-forensics/
Baryamureeba, V., & Tushabe, F. (2014, May 27). Retrieved from http://www.forensicfocus.com/enhanced-digital-investigation-model
Carrier, B. (2003). Defining Digital Forensic Examination as well as Analysis Tools Using Abstraction Layers. Retrieved from https://pdfs.semanticscholar.org/424d/aafd9ac88cf67efd046d02ed1eed4f65fd41.pdf
Computer Forensics. (n.d.). Retrieved March 18, 2017, from http://www.diversifiedforensics.com/computer-forensics/collection-of-evidence.html
Digital Evidence. (n.d.). Retrieved March 19, 2017, from http://www.iacpcybercenter.org/officers/digital-evidence/
The 4 Most Important Steps of Computer Forensics Investigation. (2010, March 03). Retrieved from http://www.netconclave.com/blog/the-4-most-important-steps-of-computer-forensics-investigation/
The Computer Forensics Process. (n.d.). Retrieved March 19, 2017, from http://newyorkcomputerforensics.com/computer-forensics-process/
The Computer Forensics Process. (n.d.). Retrieved March 19, 2017, from http://newyorkcomputerforensics.com/computer-forensics-process/
Rahurkar, S., & Nawaghare, N. (2014, May 17). Digital Forensics best practices with the use of open source tools as well as admissibility of digital evidence in courts. Retrieved from https://www.slideshare.net/SagarRahurkar/digital-forensics-best-practices-with-the-use-of-open-source-tools-as well as-admissibility-of-digital-evidence-in-courts
Rocha, L. (2014, August 6). COMPUTER FORENSICS AND INVESTIGATION METHODOLOGY – 8 STEPSCOMPUTER FORENSICS AND INVESTIGATION METHODOLOGY – 8 STEPS. Retrieved from https://countuponsecurity.com/2014/08/06/computer-forensics-as well as-investigation-methodology-8-steps/
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help
Proofreading and Editing$9.00Per Page
Consultation with Expert$35.00Per Hour
Live Session 1-on-1$40.00Per 30 min.
Doing your Assignment with our resources is simple, take Expert assistance to ensure HD Grades. Here you Go....
Min Wordcount should be 2000 Min deadline should be 3 days Min Order Cost will be USD 10 User Type is All Users Coupon can use Multiple